@karsten added modularity-wg group to have commit access in cloud-init module and apparently it worked. However, what I see in FAS (https://admin.fedoraproject.org/accounts/group/view/modularity-wg), Prerequisite: cla_done...
modularity-wg
Prerequisite: cla_done
Does that mean that non-packagers can push code to that repository?
In PkgDB era I remember having restriction on groups which end with -sig..
-sig
Groups shouldn't be created in pagure, they are synced from FAS
Looking into this
Ok so I read this too quickly, the group is coming from FAS but the group in FAS doesn't enforce the packager membership which does raise questions.
However, currently only packagers can push via ssh (cf #6361) so it's not an issue atm but will become one.
Metadata Update from @pingou: - Issue tagged with: src.fp.o
Hmm. Wouldn't we want packager to be an implicit prerequisite for pushing to dist-git instead? Or have a way to specify "member of packager AND modularity_wg"? I don't know that we want to restrict modularity_wg membership to packagers.
The issue is more that this group shouldn't have been used in pagure over dist-git :)
Heh, not sure I agree. I can think of valid use cases for opening a component to arbitrary FAS group members (as long as the restriction on packager can somehow be made).
Metadata Update from @kevin: - Issue priority set to: Next Meeting
Restriction (at the group) only doable in FAS, so we should only give commit access in pagure to FAS groups that have that requirement (in FAS).
So, since we are the ones adding new groups here and can disallow any that don't require packager, we can just close this for now?
Metadata Update from @kevin: - Issue priority set to: Waiting on Assignee (was: Next Meeting)
I'd want to make sure of the first part, once we are, I think we can close this indeed :)
Any news here? As far as I can tell non admins cannot add groups... so I think we can just close this.
I am pretty sure this is fixed since we had to add the orphan user to packager to allow people to give it packages. Closing now... re-open if there's anything further to do here.
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.