Re: wanna-build access to schedule binNMUs for Go packages

To: Michael Stapelberg <stapelberg@debian.org>, Moritz Muehlenhoff <jmm@inutil.org>, debian-wb-team@lists.debian.org, pkg-go <pkg-go-maintainers@lists.alioth.debian.org>, debian-release@lists.debian.org, team@security.debian.org
Subject: Re: wanna-build access to schedule binNMUs for Go packages
From: Philipp Kern <pkern@debian.org>
Date: Thu, 1 Feb 2018 09:56:19 +0100
Message-id: <[🔎] 6ed9409f-8dac-f3b7-ebaa-dbc973307a6a@philkern.de>
In-reply-to: <[🔎] 20180201054511.yw46bngxqd3ract7@lorien.valinor.li>
References: <CANnVG6=MZ5-DD1cndhMZ6K-r6EJvskxehHkfa9ss0L4QWk7FTw@mail.gmail.com> <e94b986a-6b26-c87d-79f8-11b61d9393be@philkern.de> <CANnVG6nc5cT6xcOhAUy+72daeMCvX559KZtDP25QwMXh03_2Ow@mail.gmail.com> <4aaabece-2fa5-89b7-cb0c-d03507832620@philkern.de> <CANnVG6mHUhxWtkTt2diTSFoYBuWd_d1_g2cmY4hV1o6pVWn-_A@mail.gmail.com> <20180131143826.hu3rejvmn5b3pdzj@shell.thinkmo.de> <CANnVG6=rJat_cS4_5=Gm5o8N5AOzgfHnkYpGJsOoqMgu02Nztw@mail.gmail.com> <20180131160322.GA16854@inutil.org> <CANnVG6mspY6S0ah88860fsGvdbsOpyDmpLv0m2p4=3KS22XKNQ@mail.gmail.com> <[🔎] 20180201054511.yw46bngxqd3ract7@lorien.valinor.li>

On 01.02.2018 06:45, Salvatore Bonaccorso wrote:
> On Wed, Jan 31, 2018 at 09:04:09PM +0100, Michael Stapelberg wrote:
>> binNMUs for unstable.
> 
> Why, if that is for unstable, permissions for embargoed
> queues/security would be needed? Is that due to implementtation on
> accessing wanna-build?
> 
> Access to information about embargoed information would not be ok.

This is nothing new. It has always been that way. As soon as you have
write access to wanna-build, you can inspect all suites. Yes, that's
somewhat sad, but at the same time it shouldn't give you access to the
actual source packages.

The granularity that is still implemented but only used for ports are
per-arch access. wb_security implies access to all arches (wb_all) and
generally everyone who should be able to schedule binNMUs across
architectures needs to be in wb_all.

Precedent here was set by nomeata (at least), who schedules binNMUs for
OCaml and Haskell in unstable and hence required access across all
architectures. As long as we add persons relatively sparingly (the
request is for nother single person), I think we should be fine?

Kind regards and thanks
Philipp Kern

Reply to:

Follow-Ups:
- Re: wanna-build access to schedule binNMUs for Go packages
  - From: Ansgar Burchardt <ansgar@debian.org>

References:
- Re: wanna-build access to schedule binNMUs for Go packages
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Re: wanna-build access to schedule binNMUs for Go packages
Next by Date: Re: Bug#840104: Encrypted uploads to the security archive
Previous by thread: Re: wanna-build access to schedule binNMUs for Go packages
Next by thread: Re: wanna-build access to schedule binNMUs for Go packages
Index(es):
- Date
- Thread