Package database, SCM, ACLs, co-maintainership, and all that stuff

[Christian Iseli]

On Fri, 04 Aug 2006 22:28:05 -0500, Jeffrey C. Ollie wrote:
> * Before a build is initiated, the initiator would have to "approve"
> somehow all of the changes made by non-maintainers.  Not quite sure how
> this would work, esp. given the need to track reversions of unapproved
> changes.

Thinking some more on the issue of "controlling" what gets
built/published, I came up with this idea:

basically, what needs to be "approved" at some point is a particular
set of file revision numbers in a SCM repository.  In CVS we have
tags.  The problem with tags is that they can be forcibly moved using
-F, but if we admit for a second that we have a mean to forbid any tag
movement, then I think we have a pretty easy solution to control things.

The approved maintainers of a particular package for a particular
release (and even a particular arch) are allowed to define which is the
current valid tag for said package within the package database.

Once we have that mechanism in place, anyone can hack the sources and
request builds: it doesn't really matter as long as we only
build/publish package SRPMs assembled from a valid tag.

I'm not sure I'm explaining this very clearly (I need to get some sleep
real quick) so please ask if things are not clear...

Cheers,
					Christian