Autoapprove watch* acls in the pkgdb
Bastien Nocera
bnocera at redhat.com
Fri Oct 26 17:26:11 UTC 2007
Hey Toshio,
On Fri, 2007-10-26 at 09:51 -0700, Toshio Kuratomi wrote:
> References: <200710261045.l9QAj8nt022071 at bastion.fedora.phx.redhat.com> <1193395741.25047.3.camel at cookie.hadess.net>
> In-Reply-To: <1193395741.25047.3.camel at cookie.hadess.net>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> Content-Transfer-Encoding: 7bit
>
> Bastien Nocera wrote:
> > Heya,
> >
> > On Fri, 2007-10-26 at 03:45 -0700, Fedora PackageDB wrote:
> >> Bastien Nocera (hadess) has requested the watchbugzilla acl on bluez-libs (Fedora devel)
> >>
> >> To make changes to this package see:
> >> https://admin.fedoraproject.org/pkgdb/packages/name/bluez-libs
> >
> > I'm sure this has been asked before. But why do I need to ask permission
> > to watch a component in bugzilla?
> >
> It hasn't been asked before on the list but that's a piece of
> code/policy that I have on my list to fix[1]_. No time like the present
> to get some feedback :-)
>
> Proposal:
>
> I'd like to have watchbugzilla and watchcommits (and any other watch*
> acls in the future) auto-approve. By example:
>
> 1) Bastien goes to the bluez-libs webpage.
> 2) Clicks the checkbox for watchbugzilla.
> 3) Request is sent to the packagedb which immediately sets the acl.
> 4) Bastien will immediately start being CC'd on all future bluez-libs bugs.
>
> Does anyone have problems with this piece?
The only problem I could see, is if the bugs filed are security
bugs/sensitive bugs, people adding themselves on the CC: would basically
get access to all those. Probably more a problem on the bugzilla-end
though.
You'd have the same problem if you wanted to enable commits watch
without approval.
> I'm also thinking that we don't need to be as complete about sending
> mail when someone signs up for a watch* acl. Currently mail goes out to:
>
> * fedora-extras-commits at r.c
> * Package owner
> * Package maintainers with approveacls set
>
> I don't see a reason to send a message to the commits list in this
> scenario. Sending to package owner and maintainers I'm hesitant about
> -- on the one hand, they no longer need to approve the acls so why
> bother. On the other, maybe maintainers want to know who has shown
> interest in their package.
I think we'd still need to keep the approvals for the reasons above.
Cheers
More information about the fedora-devel-list
mailing list