-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

currently I am a maintainer for two packages -- and as a non-gentoo-dev
being proxied by guys who are.

Now a disadvantage of this position are the restricted rights in
bugzilla. In case a bug is filed for one of my maintained packages I
have to ask one of my proxies for each step ("could you mark this as a
dupe?", "could you mark this as fixed?", etc.). This is quite cumbersome
and puts just some load on the devs (which should have been avoided by
the proxy-solution in the first place).

So I am asking whether there would be a solution to allow people like me
to have full bugzilla rights on packages they are in charge for.

Two possibilities come to my mind:

1) Have an implicit restriction, i.e. give them full rights (where
"full" just means: everything they need for handling their bugs), but
make a policy, that they are only allowed to use this for their
packages. In other words: Enforce the correct usage by "legal" ways
instead of teachnically.

This approach is probably easier in terms of bureaucracy but might be
seen as dangerous.

2) Enforce the restriction technically. I do not know how this could be
done in bugzilla - perhaps by having "proxy-herds", i.e. one herd for
each proxied package and only give the user the full rights, if a bug is
assigned to a herd he is a member of.

The disadvantage is here, that there is quite some overhead of managing
a bunch of "proxy-herds".

Some sort of "bugzilla quiz" which needs to be taken by the maintainer
might be useful in both cases.

I'd be glad to hear some other opinions.

- - René
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkuxH9sACgkQ4UOg/zhYFuAvogCfflrqjFg6iMq6OGEfp7Z4NHXS
ERUAnAonFFHRlGRYuKVSL12Vb2WinSAr
=1DOx
-----END PGP SIGNATURE-----

On Mon, Mar 29, 2010 at 11:47:07PM +0200, René 'Necoro' Neumann wrote:
> 1) Have an implicit restriction, i.e. give them full rights (where
> "full" just means: everything they need for handling their bugs), but
> make a policy, that they are only allowed to use this for their
> packages. In other words: Enforce the correct usage by "legal" ways
> instead of teachnically.
We've got this available already.
The bug to track permissions is here:
http://bugs.gentoo.org/show_bug.cgi?id=236218
Ask the developer who is proxying for you to please file a bug to
devrel, and they will update that tracking page when they grant you
editbugs privileges.

> 2) Enforce the restriction technically. I do not know how this could be
> done in bugzilla - perhaps by having "proxy-herds", i.e. one herd for
> each proxied package and only give the user the full rights, if a bug is
> assigned to a herd he is a member of.
I've wondered before about giving privileges based on the summary line,
but I haven't given it much thought beyond that. I think that would
probably be more useful than proxy herds, because 'herds' are just
actually mail aliases with user accounts in Bugzilla.

> Some sort of "bugzilla quiz" which needs to be taken by the maintainer
> might be useful in both cases.
+1 on that idea too.

--
Robin Hugh Johnson
Gentoo Linux: Developer, Trustee & Infrastructure Lead
E-Mail : robbat2@gentoo.org
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85

On 03/29/2010 11:47 PM, René 'Necoro' Neumann wrote:
> So I am asking whether there would be a solution to allow people like me
> to have full bugzilla rights on packages they are in charge for.
>
Just gave you editbugs privileges, further instructions will follow per
mail/irc.

--
Regards,
Christian Ruppert
Gentoo Linux Developer and Bugzilla Admin
Fingerprint: 9B50 01DF E873 A0E4 126D 6C16 8B17 B68E 7FAE 7D38