new features in package CVS
Thorsten Leemhuis
fedora at leemhuis.info
Wed Jan 31 10:26:14 UTC 2007
On 31.01.2007 10:41, Christian Iseli wrote:
> On Wed, 31 Jan 2007 09:47:05 +0100, Patrice Dumas wrote:
>> Why not have a default of open access? It would allow to follow the
>> guidelines:
>>
>> http://fedoraproject.org/wiki/Extras/Policy/WhoIsAllowedToModifyWhichPackages#afterinclude
>>
>> (As a side note, I don't see a reason to restrict acces to the cvs in general
>> case: when roles are clearly defined people don't mess with others
>> packages, even though they have access).
> +1
Yes and no IMHO.
As I said somewhere else some weeks ago: I'd prefer some kind of
wiki-like-style approach for my packages and the repo in general. But
well, a real wiki scheme simply is not possible, as everyone could
modify stuff in CVS, put a Trojan into some package, build it. Then it
gets pushed and a lot of systems will get infected quickly :-/
> I semi understand that a few very specific packages are really
> sensitive stuff (kernel, gcc, basic system security stuff), but the
> rest is just ... well ... like what we already have in Extras.
Just wondering: are those really that more "sensitive" then the rest?
Yes, those are probably on most systems out there, so placing something
bad in one of those (and getting it out to the users) might be more
attractive than in other packages -- but we don't want bad stuff in
lesser used packages, too.
My 2 cent on the whole issue:
- give everyone (and especially new contributors that just got
sponsored) write access everywhere is to dangerous (remember: The "hit
CTRL+C at the right moment and no commit mails will be send"-problem is
afaik still unfixed!)
- have restrictive ACLs that only allows owners to modify stuff is to
restrictive and makes stuff to complicated
Proposed middle ground (that was discussed here in the past days
already): create a *big* group (Sponsors, FESCo Members, Packaging
Committee members and some long term Red Hat employees and packages) and
give them write access everywhere while new contributors get only write
access where they need it.
CU
thl
More information about the Fedora-maintainers
mailing list