www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: Brooklyn not in http://people.apache.org/committers-by-project.html
Date Thu, 22 Jan 2015 18:05:40 GMT
On 22 January 2015 at 17:54, Alan D. Cabrera <adc@toolazydogs.com> wrote:
>
>> On Jan 22, 2015, at 9:36 AM, jan i <jani@apache.org> wrote:
>>
>> On 22 January 2015 at 18:04, Alan D. Cabrera <adc@toolazydogs.com <mailto:adc@toolazydogs.com>>
wrote:
>>
>>>
>>>> On Jan 22, 2015, at 8:14 AM, sebb <sebbaz@gmail.com> wrote:
>>>>
>>>> On 22 January 2015 at 15:52, Alan D. Cabrera <adc@toolazydogs.com>
>>> wrote:
>>>>>
>>>>>> On Jan 22, 2015, at 7:34 AM, sebb <sebbaz@gmail.com> wrote:
>>>>>>
>>>>>> AIUI PPMCs have no legal status within the ASF.
>>>>>>
>>>>>> If LDAP committee entries are created for them, then the tooling
needs
>>>>>> to be adjusted to cater for this.
>>>>>> There is other data that really needs to go into LDAP as well.
>>>>>> AIUI changing LDAP structure is not trivial so ideally all the changes
>>>>>> need to be done at once.
>>>>>
>>>>> I am espousing for the creation of a new OU, i.e. Podlings.
>>>>
>>>> It would still require changes to LDAP and Infra processes.
>>>
>>> Changes in LDAP, of course, but these are new orthogonal changes.  Changes
>>> to Infra processes, yes, but we are cleaning technical debt here and so
>>> that’s to be expected.  The change is not burdensome.
>>>
>>>>>> However if my suggestion of adding -ppmc entries to asf-auth is
>>>>>> acceptable to Infra, then this can be implemented very quickly.
>>>>>
>>>>> What is this asf-auth file? Is it the subversion authorization file?
>>>>
>>>> Yes.
>>>>
>>>> As noted else-thread that is how Corinthia committers are documented.
>>>
>>> Pointing to a prior use of a bad practice is not itself a justification of
>>> the bad practice.
>>>
>>
>> Why not make a step by step approach, looking at the mail is is obvious
>> that a LDAP change right now misses:
>> - backing from infra
>> - backing from the IPMC chair (who would need at least for a while to do
>> the job)
>> - a discussion if a REST API is so secure that Infra will allow it (to be
>> honest I would not)
>> - the tools that use the REST API.
>>
>> It is a lot more than just collecting the data.
>>
>> as Sebb suggested we can expand the svn-auth file, it is not perfect but it
>> collects the information PPMC and committer in one place. Once that is done
>> we could have a longer discussion on
>> - which information should in general be appended to LDAP (and do we want
>> LDAP to be our central repository for committer data)
>> - if yes, can we allow a REST API that updates LDAP, and how to make it
>> secure
>
>
> If you want to put PPMC and committer information in a Subversion authorization file,
I can’t stop you.  What worries me, other than it is a bad practice, is that we’re simply
adding more technical debt that needs to be undone; you guys are already using it as an excuse
to not move to LDAP.

It is not *adding* to the technical debt.

The asf-auth file is the correct place for defining SVN groups that
are not in LDAP.
The podlings that do use SVN *already* have the committer groups here.

It so happens that the ppmc groups won't have any SVN folders that need auth.
Likewise the podlings that use Git don't *need* committer entries.

> But please, I am totally baffled by the pushback on putting this information in LDAP.
 This is not rocket science and there’s not a lot of refactoring that needs to be done to
get us in a good place.

I'm equally baffled why you seem unwilling to try this simple improvement.

>
> Regards,
> Alan
>
>

Mime
View raw message