New package cvs requests. opt out of cvsextras commit rather than in?

Wed Dec 5 16:28:49 UTC 2007

On 05.12.2007 16:51, Jesse Keating wrote:
> On Wed, 5 Dec 2007 10:41:20 -0500
> Jesse Keating <jkeating at redhat.com> wrote:
> 
>> Having just looked a bit closer and talked with Jeremy, here is what I
>> think we can do.

In general: looks good. But it's actually quite similar that was
purposed in a older discussion not that many months ago but not further
realized because then I was told that having a second group in FAS is
not that easy to realize for this task.

>> "cvsextras" as a FAS group becomes something like just 'cvspkgs'.
>> Warren is already planning on doing this.  Membership in this group
>> gives you a couple things.  
>>
>> 1) file level ACLs on the cvs server to
>> write to the file system.  Everybody has to have this in order for cvs
>> to write out files on your behalf.
>>
>> 2) A grouping of all Fedora package maintainers.  All maintainers
>> would have to be in cvspkgs.
>>
>> We would then create a new group, cvsexperienced or some other name
>> such as this.  This group is the group that gets CVS ACLs to all
>> modules that haven't opted out of this openness.  This takes the place
>> of what we have in pkgdb currently as cvsextras commit.  Entry to this
>> group should be relatively low barrier, but there is still a barrier
>> between the fresh contributors and everybody elses packages.

With this words it sounds to me like a bit to low barrier, but that
depends on the exact definition.

>> Finally we have the cvsadmin group who just has blanket access no
>> matter what, and this doesn't have to change.
>>
>> With some relatively small changes this could be accomplished.  The
>> interesting discussion points are A) what is the criteria to get added
>> to cvsexperienced?  Obviously sponsors are automatically added, but
>> there should be other ways to get in. 

IMHO is the barrier should be something like "invested quite some work
into Fedora (something like: maintained 8 packages or did a lot of other
work in Fedora-land and is around for more then 3 or 6 months)" and
"showed that be knows the packaging guidelines"; IOW: can be trusted.

But something like that is not easily written down. I think FESCo (or
some other group; the sponsors maybe?) should just approve people if
they trust them. And people should have a reasons to get that access; we
should not simply hand it out accoring to some static rules.)

>> B) who from the current members
>> of cvsextras would we grandfather into cvsexperienced? 

I'd say only sponsors, people around for a long time (two years maybe?)
or with a lot of packages (more then 12 maybe?) and are active.

>> C) what is a
>> better name for "cvsexperienced". 

cvstrusted ?

>> D) when to make this happen.

E) how to maintain that group, as people become inactive or leave over
time again.

> I forgot to mention.  Membership in cvspkgs does not give you wide
> access.  In fact, the members of cvspkgs are not "considered" when
> creating CVS ACLs.  The owners/co-maintainers of packages are, and
> members of cvsexperienced are (provided the package in question allows
> for cvsexperienced commit access).
> 
> This effectively keeps new packagers to only A) the packages they own,
> and B) the packages the co-maintain with other people.

CU
knurd