On Thu, Jun 14, 2012 at 12:37:46PM +0100, Iain Lane wrote: > On Thu, Jun 14, 2012 at 12:24:07PM +0100, Colin Watson wrote: > > My fix to https://bugs.launchpad.net/launchpad/+bug/914779 (second time > > lucky) will hopefully be rolled out tomorrow, or failing that on Monday.
(I may have lied; the .au Launchpad cabal are in a hurry for something else so I might get to ride along with that today.) > > Once that's in place, I would like to add the following upload > > permissions as suggested by Iain Lane: > > > > -backports: ~ubuntu-backporters > > -security: ~ubuntu-security > > > > Iain also suggested -proposed/-updates: ~ubuntu-sru, but I don't think > > that makes so much sense; ~ubuntu-sru has more of a queue admin kind of > > role, so I'd prefer that to wait until I get round to a bit of follow-up > > work to allow per-pocket queue admins. > > Thanks for the work — this is a nice improvement. :-) You're welcome. > On this point, I can't be entirely sure (it was some time ago), but I > suppose I was thinking that it would be good to ensure that SRU team > members can use sru-release themselves, which requires upload privileges > due to the use of copyPackage via the API if I'm not mistaken (only > -updates would be needed here, not -proposed. -proposed is probably not > so useful, except if we want to ensure that they can sponsor all SRUs > too). Also for copying kernel PPA uploads and the like into -proposed; although the kernel people can do that themselves nowadays (modulo approval), so yeah, I do think that one's a bit tenuous. > If there's also another UNAPPROVED step there then just being able to > upload doesn't gain much: queue admin would also be required. I think I would prefer to fix things for ~ubuntu-sru by way of two other changes. Firstly, I'd like to widen the permissions on Archive.copyPackage to permit queue admin, which I would like to do anyway in order to facilitate turning the semi-automatic Debian sync process into a fully-automatic one: https://bugs.launchpad.net/launchpad/+bug/1006917 Secondly, I'd like to cause copies to bypass approval if the copying user is a queue admin: https://bugs.launchpad.net/launchpad/+bug/1006871 In combination with https://bugs.launchpad.net/launchpad/+bug/648611 (which I actually think is phrased overly strictly; I don't know that there's any particular need to restrict such permissions to the unapproved status, and it would be a lot quicker to implement if that constraint weren't there), this would allow us to grant ~ubuntu-sru queue admin permission on -updates and then they could just run sru-release without the need for an extra approval step. There are several separate issues here, but I believe they're all now quite shallow. 648611 and 1006917 at least are definitely just a few lines of code plus tests. So if anyone objects to any of the policy changes here, please do speak now because there is some danger that I might actually have time to implement these relatively soon. :-) -- Colin Watson [[email protected]] -- technical-board mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/technical-board
