FESCo ticket https://fedorahosted.org/fesco/ticket/981 moved to rel-eng queue. Rel-eng ticket https://fedorahosted.org/rel-eng/ticket/5418 moved to Infrastructure queue.
= Phenomenon =
SCM adminstrators proceed SCM request from non-authorized applicants.
= Background Analysis =
spot added SCM change request for 4 packages he does not own nor co-maintain and SCM administrator has processed the requests. The requests were to create new branches owned by master owners.
Example [https://bugzilla.redhat.com/show_bug.cgi?id=835544#c7]:
{{{ From: Tom "spot" Callaway 2012-12-11 21:50:00 GMT
Package Name: perl-Pod-Markdown New Branches: f16 f17 Owners: jplesnik mmaslano ppisar psabata InitialCC: perl-sig
From: Jon Ciesla 2012-12-12 13:14:20 GMT
Git done (by process-git-requests). }}}
This undermines regular maintainers' rights and obligations because they cannot even be sure which branches their packages exist and which they are responsible for. This conflicts with current policy for creating additional branches on behalf third persons (the third person, owner of new branch, asks current owner and current owner submits SCM request.)
= Implementation recommendation =
Fedora Infrastructure will accept SCM changes only from requesters who own or co-maintaint the package. This requires mapping between Bugzilla and FAS accounts. E-mail address can be used as the binding attribute.
I already expressed a negative opinion of this change here https://fedorahosted.org/rel-eng/ticket/5418#comment:5
I think that the releng ticket was seen by most of the relevant people already:
Members of cvsadmin: ausil huzaifas jwboyer @kevin limb lmacken mikeb @mmcgrath @notting pbabinca petersen spot @tibbs till toshio
limb and spot were explicitly CC'd. ausil, jwboyer, kevin, till, and toshio were aware of it since they replied to the tickets. lmacken and notting are on the rel-eng list.
As for where this ticket should belong, there's considerable overlap between cvsadmin and both infrastructure and rel-eng. So it's probably okay for either one or the other trac instances to be used. To make sure it is seen by all the cvsadmins, add cvsadmin-members to the CC list.
Have you seen the proposed new process? http://blog.pingoured.fr/index.php?post/2015/01/22/New-branch-request-process
Do you think this would work for you?
Note: you can only request a branch for yourself, not for someone else.
The new process is entirely in pkgdb and thus only allows authorized users.
Login to comment on this ticket.