Re: Salsa migration from foo-guest to foo [was: Bits from the DPL (May 2019)]
On Fri, 07 Jun 2019, Thomas Goirand wrote: > On 6/5/19 4:08 PM, Norbert Preining wrote: > > This should be > > completely independent from what one can do on salsa. > > So I propose that whatever one's level within Debian is, it should not > > change the status on salsa. > > I also find it surprising that the "feature" from Alioth that one has to > completely recreate everything from an account foo-guest to just foo. > Can't this be addressed in another way? It's *very* annoying on both > directions (ie: non-dd -> dd or dd -> non-dd). We will probably start doing that when we have a proper usermanagement tool for guests in place. Alex
Re: Salsa migration from foo-guest to foo [was: Bits from the DPL (May 2019)]
On 6/5/19 4:08 PM, Norbert Preining wrote: > This should be > completely independent from what one can do on salsa. > So I propose that whatever one's level within Debian is, it should not > change the status on salsa. I also find it surprising that the "feature" from Alioth that one has to completely recreate everything from an account foo-guest to just foo. Can't this be addressed in another way? It's *very* annoying on both directions (ie: non-dd -> dd or dd -> non-dd). Cheers, Thomas Goirand (zigo)
Re: Bits from the DPL (May 2019)
On Thu, 06 Jun 2019, Sam Hartman wrote: > > "Bastian" == Bastian Blank writes: > > Bastian> Hi Sam > Bastian> On Thu, Jun 06, 2019 at 11:57:41AM -0400, Sam Hartman wrote: > >> However, it's a lot easier to get a foo-guest account on salsa > >> than it is to get a foo guest account in Debian LDAP. > > Bastian> A guest account in Debian LDAP does not get a Salsa > Bastian> account, at least not an usable one. Currently only users > Bastian> in the Debian group are allowed. > > No, but my understanding is that basically anyone on the internet can go > sign up for foo-guest at salsa. > > >> There are transitions like someone retiring from the project > >> where we actually would be delighted if they continued to use > >> salsa in some capacity. > > Bastian> The largest technical problem with that is providing the > Bastian> user with a valid e-mail address. Apart from that we need > Bastian> DSA to properly define states in LDAP. > > OK, that's useful input. > I do feel we're talking past each other here though. > > Norbert and some other folks said they wanted salsa to behave > differently. > > Alex jumped in and said "salsa doesn't work that way." > Sure, we all know that. > And yet, salsa and really all of Debian can change if we want them to > and the right we are willing to do the work. No, I said why salsa works the way it works. If you want a special state for "not so really disabled accounts" salsa isn't the right place to implement that. Btw. nobody ever came to us and said "Hey, that account is disabled, are there any options to behave differently". So the steps are: define how those "not so really disabled" account should behave, implement them in udldap and then we can adjust the syncer. Alex signature.asc Description: PGP signature
Re: Bits from the DPL (May 2019)
> A guest account in Debian LDAP does not get a Salsa account, at least > not an usable one. Currently only users in the Debian group are > allowed.Hmm - so salsa is useless at all - i don't think so. Change your pov and see it otherwise: A guest can open a project - all members of the Debian group have no saying and no rights. Some would call it nice and the best outcome ever. Joke aside: If i want to have any rights as a DM in some repositories i contribute to i had to ask for polite - no problem for me, as the very most people in Debian are very kind. Same is for Debian Developers when they want to provide to a project that was started by a DM - just fair, isn't it? >> There are transitions like someone retiring from the project where we >> actually would be delighted if they continued to use salsa in some >> capacity.The rights to use salsa should not be coupled with the status as DD, DM or whatever - imho different things. The outcome is: People bitten by this will put their repos on github, gitlab or whatever. Do we really want this as a project? Imho no, if these issues could be solved i would go so far that i would expect that packages in debian are managed within debian infrastructure - SCM included. > The largest technical problem with that is providing the user with a > valid e-mail address. Apart from that we need DSA to properly define > states in LDAP.If it is only a technical problem - solve it.> >> Making the transition from foo to foo-guest is currently incredibly >> expensive for the person involved. > > Yes, it is. > >> This is one of the issues we will discuss later this month. I hope the >> salsa admins will join that discussion. > > Well, you could just ask. > > Bastian > Cheers Alf
Re: Bits from the DPL (May 2019)
> "Bastian" == Bastian Blank writes: Bastian> Hi Sam Bastian> On Thu, Jun 06, 2019 at 11:57:41AM -0400, Sam Hartman wrote: >> However, it's a lot easier to get a foo-guest account on salsa >> than it is to get a foo guest account in Debian LDAP. Bastian> A guest account in Debian LDAP does not get a Salsa Bastian> account, at least not an usable one. Currently only users Bastian> in the Debian group are allowed. No, but my understanding is that basically anyone on the internet can go sign up for foo-guest at salsa. >> There are transitions like someone retiring from the project >> where we actually would be delighted if they continued to use >> salsa in some capacity. Bastian> The largest technical problem with that is providing the Bastian> user with a valid e-mail address. Apart from that we need Bastian> DSA to properly define states in LDAP. OK, that's useful input. I do feel we're talking past each other here though. Norbert and some other folks said they wanted salsa to behave differently. Alex jumped in and said "salsa doesn't work that way." Sure, we all know that. And yet, salsa and really all of Debian can change if we want them to and the right we are willing to do the work. I tried to explain why some people might want a change and said I'd bring that up as one of the points to consider. Now you're talking about why the change would be hard. I do think understanding the cost of a change is important, but sometimes I also think it's helpful not to jump right to the technical details. Sometimes I think it might help to spend a bit of time asking in the abstract what we want before getting micro-focused on how we'd get it if we did. Obviously you can't entirely separate these things. Things cost people's time, money, and various other things (like risk of security compromise). But I think sometimes it harms a discussion if you jump right to the implementation challenges. --Sam
Re: Bits from the DPL (May 2019)
Hi Sam On Thu, Jun 06, 2019 at 11:57:41AM -0400, Sam Hartman wrote: > However, it's a lot easier to get a foo-guest account on salsa than it > is to get a foo guest account in Debian LDAP. A guest account in Debian LDAP does not get a Salsa account, at least not an usable one. Currently only users in the Debian group are allowed. > There are transitions like someone retiring from the project where we > actually would be delighted if they continued to use salsa in some > capacity. The largest technical problem with that is providing the user with a valid e-mail address. Apart from that we need DSA to properly define states in LDAP. > Making the transition from foo to foo-guest is currently incredibly > expensive for the person involved. Yes, it is. > This is one of the issues we will discuss later this month. I hope the > salsa admins will join that discussion. Well, you could just ask. Bastian -- Beam me up, Scotty, there's no intelligent life down here!
Re: Bits from the DPL (May 2019)
> "Alexander" == Alexander Wirt writes: Alexander> On Wed, 05 Jun 2019, Adrian Bunk wrote: I understand that is how it is today. Disabling an account is something we clearly want to be able to do. However, it's a lot easier to get a foo-guest account on salsa than it is to get a foo guest account in Debian LDAP. There are transitions like someone retiring from the project where we actually would be delighted if they continued to use salsa in some capacity. Making the transition from foo to foo-guest is currently incredibly expensive for the person involved. It's reasonable for us to discuss as a community whether this is something we want to change as part of recommending salsa more strongly. This is one of the issues we will discuss later this month. I hope the salsa admins will join that discussion. I think it would be better to focus on what you want the state to be in the future and the cost/requirements for any changes than to focus on where things stand today. --Sam
Re: Bits from the DPL (May 2019)
On Wed, 05 Jun 2019, Adrian Bunk wrote: > On Wed, Jun 05, 2019 at 10:14:50AM -0400, Sam Hartman wrote: > > > "Norbert" == Norbert Preining writes: > > > > Norbert> I would propose something else: Debian rights are defined > > Norbert> by presence/absence of a GPG key in certain key rings. This > > Norbert> should be completely independent from what one can do on > > Norbert> salsa. So I propose that whatever one's level within > > Norbert> Debian is, it should not change the status on salsa. > > > > Well, developers are also granted rights in the debian group on salsa, > > and that is tied to whether you are currently a developer. > > But personal rights (including own repositories) do not. If a @debian.org account is disabled in udldap it gets of course disabled in salsa. Alex
Re: Bits from the DPL (May 2019)
On Thu, 06 Jun 2019, Andreas Tille wrote: > On Wed, Jun 05, 2019 at 10:14:50AM -0400, Sam Hartman wrote: > > > "Norbert" == Norbert Preining writes: > > > > Norbert> I would propose something else: Debian rights are defined > > Norbert> by presence/absence of a GPG key in certain key rings. This > > Norbert> should be completely independent from what one can do on > > Norbert> salsa. So I propose that whatever one's level within > > Norbert> Debian is, it should not change the status on salsa. > > > > Well, developers are also granted rights in the debian group on salsa, > > and that is tied to whether you are currently a developer. > > I fully agree with Norbert. You might argue that a developer who was > removed from the keyring could write a script and do some harm on all > git repositories in the debian group to take some "revenge" for becoming > expelled. I see no practival relevance for such a scenario. As far as > I understood Norberts case it was not intended to block him from > contributing - but removing his permissions on salsa made it very hard > for him to contribute. > > I do not have any idea whether there is an easy technical implementation > for Norberts suggestion but I'm in favour of it. The whole group is basically ldap controlled. And in fact salsa didn't removed any permission. The account was disabled in LDAP and therefore disabled on salsa (which makes perfectly sense in my eyes). So unless you create a new account state in ldap I don't see any good solution for changing the current behaviour. Of course we want to also disable @debian.org accounts when they are disabled in (ud)ldap. Alex
Re: Bits from the DPL (May 2019)
On Wed, Jun 05, 2019 at 10:14:50AM -0400, Sam Hartman wrote: > > "Norbert" == Norbert Preining writes: > > Norbert> I would propose something else: Debian rights are defined > Norbert> by presence/absence of a GPG key in certain key rings. This > Norbert> should be completely independent from what one can do on > Norbert> salsa. So I propose that whatever one's level within > Norbert> Debian is, it should not change the status on salsa. > > Well, developers are also granted rights in the debian group on salsa, > and that is tied to whether you are currently a developer. I fully agree with Norbert. You might argue that a developer who was removed from the keyring could write a script and do some harm on all git repositories in the debian group to take some "revenge" for becoming expelled. I see no practival relevance for such a scenario. As far as I understood Norberts case it was not intended to block him from contributing - but removing his permissions on salsa made it very hard for him to contribute. I do not have any idea whether there is an easy technical implementation for Norberts suggestion but I'm in favour of it. Kind regards Andreas. -- http://fam-tille.de
Re: Bits from the DPL (May 2019)
On Wed, Jun 05, 2019 at 10:14:50AM -0400, Sam Hartman wrote: > > "Norbert" == Norbert Preining writes: > > Norbert> I would propose something else: Debian rights are defined > Norbert> by presence/absence of a GPG key in certain key rings. This > Norbert> should be completely independent from what one can do on > Norbert> salsa. So I propose that whatever one's level within > Norbert> Debian is, it should not change the status on salsa. > > Well, developers are also granted rights in the debian group on salsa, > and that is tied to whether you are currently a developer. But personal rights (including own repositories) do not. cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: Bits from the DPL (May 2019)
> "Norbert" == Norbert Preining writes: Norbert> I would propose something else: Debian rights are defined Norbert> by presence/absence of a GPG key in certain key rings. This Norbert> should be completely independent from what one can do on Norbert> salsa. So I propose that whatever one's level within Norbert> Debian is, it should not change the status on salsa. Well, developers are also granted rights in the debian group on salsa, and that is tied to whether you are currently a developer.
Re: Bits from the DPL (May 2019)
Hi, > https://lists.debian.org/msgid-search/tsl5zpyigx4@suchdamage.org Thanks, sounds reasonable. > I'll take this as input that we should have better transition strategies > for salsa when a project owner's status changes. I would propose something else: Debian rights are defined by presence/absence of a GPG key in certain key rings. This should be completely independent from what one can do on salsa. So I propose that whatever one's level within Debian is, it should not change the status on salsa. > I appreciate that is unlikely to be sufficient to change your personal > opinion, but it is something the community should discuss. There you are 100% correct. Best Norbert -- PREINING Norbert http://www.preining.info Accelia Inc. +JAIST +TeX Live +Debian Developer GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
Re: Bits from the DPL (May 2019)
> "Norbert" == Norbert Preining writes: Norbert> Hi, (please Cc, not reading d-d) Norbert> On Sun, 02 Jun 2019, Sam Hartman wrote: Norbert> And would you be so helpful in providing a link to that Norbert> understanding of consensus? Only posting a link to the Norbert> start of a long thread is not really helpful. This was an intentional choice on my part. The summary of consensus is a tool for those who participated in the discussion while the comment period is open. I'll definitely post a link when we're done. Several key factors contribute to a consensus forming discussion: * All the participants are informed or are working to be informed * the people are working together to try and find common ground and address issues It's really impossible to have that without actually participating in the discussion and reading some significant chunk of it. That said, https://lists.debian.org/msgid-search/tsl5zpyigx4@suchdamage.org >> Git on Salsa >> >> The next discussion I will drive is a discussion of whether we >> want to strongly recommend Debian packaging be done using Git on >> salsa.debian.org. Norbert> Well, recent event have shown that *I* will not return to Norbert> salsa. It did cost me an incredible amount of time to Norbert> re-create all archives on github so that I can continue Norbert> developing again. I'll take this as input that we should have better transition strategies for salsa when a project owner's status changes. I appreciate that is unlikely to be sufficient to change your personal opinion, but it is something the community should discuss. --Sam
Re: Bits from the DPL (May 2019)
Hi, (please Cc, not reading d-d) On Sun, 02 Jun 2019, Sam Hartman wrote: > Dh as a Preferred Packaging Style > = > > As promised, I started a discussion [3] on whether we wanted to prefer > (and in some cases require) the dh sequencer from Debhelper as a package > building tool. > > We had a great discussion. I published my understanding of our project > consensus. We are seeking final comments until June 16. At this point, And would you be so helpful in providing a link to that understanding of consensus? Only posting a link to the start of a long thread is not really helpful. > Git on Salsa > > > The next discussion I will drive is a discussion of whether we want to > strongly recommend Debian packaging be done using Git on > salsa.debian.org. Well, recent event have shown that *I* will not return to salsa. It did cost me an incredible amount of time to re-create all archives on github so that I can continue developing again. Feel free to recommend it, but I won't follow this recommendation in any case. Best Norbert -- PREINING Norbert http://www.preining.info Accelia Inc. +JAIST +TeX Live +Debian Developer GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
