ACL removal day?!
Christopher Aillon
caillon at redhat.com
Tue Jun 19 17:37:24 UTC 2007
Rahul Sundaram wrote:
> The need for ACL's by default that restrict the package to only the
> package maintainers is not clear and package maintainers are not aware
> that ACL are added by default to their packages. If it is explicitly
> documented that ACL's are added by default that solves the latter
> problem.
So let's document it.
> I would prefer that ACL are only added if explicitly requested
> since having a common pool allows some of the work (mass rebuilds,
> rebuilds for soname bumps, resolving conflicting files in between
> packages, E-V-R issues, security problems etc) to be shared by other
> package maintainers interested in maintaining the quality of the
> repository on the whole.
Do you mean if explicitly requested or if explicitly requested and they
manage to convince $acl_giving_body. I imagine that this is going to
turn into a government-like regulatory thing where people are going to
make maintainers feel bad for even thinking about adding an ACL. We'd
need this to be no-questions-asked IFF we do this.
But a better question is: why are we trying to be different from the way
every open source project works? You typically get commit access to
what you need. I have access at freedesktop.org to a few select modules
that I work on, but not to the whole of fd.o. Likewise, even at
mozilla.org, I have access to a big chunk of stuff because I've proven
myself to be good there, but I don't have access to some stuff such as
the JavaScript engine or NSS for example. I'm not sure where "fills out
a form" is the same as "competent enough to have open access to every
package in the repo". They may overlap in some cases, but please keep
in mind that this is not about freedom. This is about trust, security,
and integrity of the project.
More information about the Fedora-maintainers
mailing list