According to https://docs.pagure.org/releng/sop_adding_new_release_engineer.html#adding-a-new-release-engineer it was cvsadmin in deed, it seems to be releng-team now. Not sure if this change is intended, so I keep this open for now.

Acccording to @ausil it is meant to be a tracking group, however I also noticed that it seems to grant administrative permissions in Bodhi according to ansible:

$ ag releng-team
roles/fas_client/files/aliases.template
343:releng-team: ausil,mohanboddu,parasense

roles/bodhi2/base/templates/production.ini.j2
438:important_groups = proventesters provenpackager releng-team security_respons packager bodhiadmin virtmaint-sig kde-sig eclipse-sig infra-sig gnome-sig python-sig robotics-sig qa-tools-sig nodejs-sig lxqt-sig astro-sig
441:admin_packager_groups = provenpackager releng-team security_respons

roles/bodhi2/base/templates/staging.ini.j2
400:important_groups = proventesters provenpackager releng-team security_respons packager bodhiadmin virtmaint-sig kde-sig eclipse-sig infra-sig gnome-sig python-sig robotics-sig
403:admin_packager_groups = provenpackager releng-team security_respons

https://infrastructure.fedoraproject.org/cgit/ansible.git/tree/roles/distgit/pagure/templates/pagure.cfg#n31

According to ansible/pagure.cfg, sysadmin-main is the admin group for distgit pagure, shouldn't this be cvsadmin as well?

Here is another evidence that the admin group for distgit used to be cvsadmin:
https://infrastructure.fedoraproject.org/cgit/ansible.git/tree/roles/distgit/templates/genacls.pkgdb#n24

Where is the admin group for pagure-distgit defined on the git level?

/srv/git/.gitolite/conf/gitolite.conf contains in the beginning @admins = acarter ausil katec kellin kevin limb maxamillion mohanboddu parasense pbrobinson puiterwijk ralph rlaliber which seems to be the list of releng-team members. How is this line created? I do not find this in ansible.

@ralph @pingou could you maybe explain the situation? What needs to be done to sort this out?

shouldn't this be cvsadmin as well?

This would require a FBR, want to propose it?

Where is the admin group for pagure-distgit defined on the git level?

There is a fedmsg consumer that generates the list of groups and their members into a file, file that is then incorporated into the gitolite.conf file when pagure updates it.

shouldn't this be cvsadmin as well?

This would require a FBR, want to propose it?

Yes, I would like to. Will this also fix https://pagure.io/releng/issue/7061 ?

Where is the admin group for pagure-distgit defined on the git level?

There is a fedmsg consumer that generates the list of groups and their members into a file, file that is then incorporated into the gitolite.conf file when pagure updates it.

Where is the FAS group configured that is used to populate the gitolite @admin group? From the list of members it seems to be releng-team but I do not find releng-team in ansible in any configuration related to dist-git-pagure.

The fedmsg consumer is: https://github.com/fedora-infra/fedmsg-genacls/ you can see the admin groups in the code, it's defined as the releng-team indeed.

The configuration for the pagure admin is now changed: https://infrastructure.fedoraproject.org/cgit/ansible.git/commit/?id=2b18be91ed3854fef4b3a47ec9a49eb095dfedd8

fedmsg-genacls still needs to be adjusted, therefore I keep this open.

Should we still keep this open?

I think this is now the case, so I'm going to close this ticket as Fixed.

Feel free to re-open this one or open a new one if you disagree or find problems with it.