Per-pocket upload permissions

Micah Gersten micahg at ubuntu.com
Thu Aug 23 23:59:34 UTC 2012 

Dropping tech board as this is a release related comment.

On 08/23/2012 05:17 AM, Colin Watson wrote:
> On Thu, Jun 14, 2012 at 10:09:30AM -0400, Scott Kitterman wrote:
>> On Thursday, June 14, 2012 12:37:46 PM Iain Lane wrote:
>>> On this point, I can't be entirely sure (it was some time ago), but I
>>> suppose I was thinking that it would be good to ensure that SRU team
>>> members can use sru-release themselves, which requires upload privileges
>>> due to the use of copyPackage via the API if I'm not mistaken (only
>>> -updates would be needed here, not -proposed.  -proposed is probably not
>>> so useful, except if we want to ensure that they can sponsor all SRUs
>>> too).
>>>
>>> If there's also another UNAPPROVED step there then just being able to
>>> upload doesn't gain much: queue admin would also be required.
>> Not that I get a vote, but I'm glad to see this landing.
>>
>> I do think the ~ubuntu-sru ought to be able to accept to -proposed and copy to 
>> -updates for current/supported releases.  This would remove the need to make 
>> ~ubuntu-sru members part of ~ubuntu-archive solely for the purpose of 
>> performing SRU processing.  I'm 100% agnostic on implementation.
>>
>> Similarly (and I swear we've discussed this before and it's an an LP bug, but 
>> I can't find it) I think ~ubuntu-release ought to be able to accept to -release 
>> and -proposed, but only for the development release.  Similarly, that would 
>> remove the need for ~ubuntu-release members to be added to ~ubuntu-archive to 
>> process the queue during freezes.  My agnosticism about implementation applies 
>> to this as well.
> This is now done.
>
>   $ for series in hardy lucid natty oneiric precise; do for pocket in proposed updates; do edit-acl -p ubuntu-sru -S $series --pocket $pocket -t admin add; done; done
>   Added:
>   Queue Administration Rights for ubuntu-sru: archive 'primary', pocket 'Proposed' in hardy
>   Added:
>   Queue Administration Rights for ubuntu-sru: archive 'primary', pocket 'Updates' in hardy
>   Added:
>   Queue Administration Rights for ubuntu-sru: archive 'primary', pocket 'Proposed' in lucid
>   Added:
>   Queue Administration Rights for ubuntu-sru: archive 'primary', pocket 'Updates' in lucid
>   Added:
>   Queue Administration Rights for ubuntu-sru: archive 'primary', pocket 'Proposed' in natty
>   Added:
>   Queue Administration Rights for ubuntu-sru: archive 'primary', pocket 'Updates' in natty
>   Added:
>   Queue Administration Rights for ubuntu-sru: archive 'primary', pocket 'Proposed' in oneiric
>   Added:
>   Queue Administration Rights for ubuntu-sru: archive 'primary', pocket 'Updates' in oneiric
>   Added:
>   Queue Administration Rights for ubuntu-sru: archive 'primary', pocket 'Proposed' in precise
>   Added:
>   Queue Administration Rights for ubuntu-sru: archive 'primary', pocket 'Updates' in precise
>   $ for pocket in release proposed; do edit-acl -p ubuntu-release -S quantal --pocket $pocket -t admin add; done
>   Added:
>   Queue Administration Rights for ubuntu-release: archive 'primary', pocket 'Release' in quantal
>   Added:
>   Queue Administration Rights for ubuntu-release: archive 'primary', pocket 'Proposed' in quantal
>
I just wanted to point out that if an SRU needs to be copied to
-security, assuming the SRU team member has upload rights for the
package, it should appear in UNAPPROVED and then an Ubuntu Security
member or an Archive Admin can be pinged to accept (or someone watching
queuebot can take care of it).  AIUI, this is a fairly rare occurrence,
so probably isn't too problematic.

Micah

More information about the Ubuntu-release mailing list