www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Gruno <humbed...@apache.org>
Subject Re: Brooklyn not in http://people.apache.org/committers-by-project.html
Date Wed, 21 Jan 2015 09:54:35 GMT

On 2015-01-21 09:47, jan i wrote:
>
>> Can we all agree that we need to put this into LDAP?
>
> I agree with you  that LDAP is the right place for such information, and I
> do not see so many podlings fail that it should be a major concern. However
> I think a discussion on general@i.a.o is needed.
>
> If PPMC/committers maintenance of a podling is moved to LDAP, the mentors
> and/or PPMC will no longer be able to maintain it them self. The script to
> update LDAP is only available to officers (chairs) and infra, meaning we
> move a task and the incubator chair needs to agree to that.
>
> If incubator agrees on this approach then I assume David (v.p. infra) will
> be relatively easy to convince.
>
> rgds
> jan i
Podlings are experiments, not actual projects, in as much as a podling 
is no more than a sub project much like mod_ftp or the Nth commons 
sub-project. Are you suggesting we add LDAP groups for all sub projects? 
We have LDAP (UNIX) groups for committers for the sake of maintaining a 
working authorization/authenication scheme, which is a moot point for 
incubator where we exercise universal commit bit.

As I understand it, the sentiment seems to be "let's put it in LDAP 
instead of tracking it in a file".

Let's list some pros and cons for this LDAP idea as opposed to using the 
auth file for tracking:

Pros:
  - it's in LDAP instead of a text file.
  - it may (or may not) be easier to get a list of project members

Cons:
- Our current setup would be invalidated
- We'd have to change our account and podling request processes
- We'd have to change the graduation process significantly
- The Incubator chair would have to manage all this or we would have to 
rework how LDAP works
- We'd have to create a new OU for this, which would mean yet more work 
on all auth schemes
- There would/could be disputes over what is canonical at graduation if 
a resolution conflicts with LDAP
- We would have to import all the previously established podlings into 
LDAP (this would be no small task)
- We would likely create precedence for all sub-projects to have their 
own LDAP group (yet another OU?)
- Unless someone from the Infra PMC steps up to do this voluntarily, it 
would have an added cost of $N to do.
- The auth file would have to have all its current podling auth entries 
changed to LDAP.

If the only reason for moving to LDAP is "I won't have to change a text 
file", then I really fail to see the reason to do this.

What is the actual gain here? It certainly won't make anything easier 
for infra.
How does it in any way compare to the cost of doing such a move?

With regards,
Daniel.
>> I’m happy to scrape this information together and, if given the privs,
>> complete the work.
>>
>>
>> Regards,
>> Alan
>>
>>


Mime
View raw message