Raphael Hertzog: > Hi, > > On Mon, 01 Apr 2019, Louis-Philippe Véronneau wrote: >>> So if i had to decide how to implement this technique, i think the >>> simplest thing would be to move every >>> https://salsa.debian.org/foo-team/libfoo to >>> https://salsa.debian.org/debian/libfoo and let the debian/ grouping >>> handle the permissions. >>> >>> That still leaves all the rest of salsa for user-specific projects, >>> upstream projects, etc., which might have different permissions. >>> >>> Is there some reason that wouldn't address the concern you're raising? >> >> It does sound like a good solution to me :D > > Unfortunately, it also means that it's much harder grant access > to all repositories of a team to a non-DD since you have to add > the non-DD to all individual repositories instead of adding him to > the group. > > Because obviously we don't want to add non-DD to the Debian group. > > And while team-wide membership might be reviewed from time to time, I > doubt that package-specific membership will ever be reviewed by anyone. Gitlab subgroups would solve this problem: Move every Debian package into the 'debian' group, but allow subgroups in there: https://salsa.debian.org/debian/foo-team/libfoo Cheers jonas
Attachment:
signature.asc
Description: OpenPGP digital signature