ACL removal day?!
Rahul Sundaram
sundaram at fedoraproject.org
Tue Jun 19 18:00:40 UTC 2007
Christopher Aillon wrote:
> Do you mean if explicitly requested or if explicitly requested and they
> manage to convince $acl_giving_body. I imagine that this is going to
> turn into a government-like regulatory thing where people are going to
> make maintainers feel bad for even thinking about adding an ACL. We'd
> need this to be no-questions-asked IFF we do this.
I don't think ACL requests by package maintainers need to be regulated
as long as some groups which really need them get access as outlined in
my other mail. I would really like to have maintainer's explicitly
document the need for ACL's on their packages. There is a balance
between security, critical nature of a package vs benefits of shared
work via more open access. On some packages such as the kernel or glibc
I think it is clear that ACL's are justified but it might be more
appropriate to special case such packages instead of restricting ACL's
by default.
> But a better question is: why are we trying to be different from the way
> every open source project works?
I don't think we are all that different. Comparing individual projects
to a distribution which needs to integrate thousands of packages
together doesn't seem to work well but if you do compare other
distributions there are is some similarities in the sense that there is
a group of people who share the work across the repository or a smaller
subset. Debian has FTP masters and NMU's. Gentoo has herds and so on.
Also note that what is being discussed is not a entirely new change and
Fedora Extras had always had open access to package maintainers and we
haven't had any security or integrity issues with that.
Rahul
More information about the Fedora-maintainers
mailing list