Closed Bug 1266864 Opened 8 years ago Closed 8 years ago

Create a new Firefox repository to receive autolanded commits

Categories

(Developer Services :: Mercurial: hg.mozilla.org, defect)

Product:
Developer Services
Component:
Mercurial: hg.mozilla.org
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: gps, Assigned: gps)

References

Details

Let's call it "autoland." I think the path should be integration/autoland. It should be non-publishing. Write access should be limited to the autoland user.

We should also make it generaldelta and bundle2 only because it isn't bound by legacy access requirements.
Well, write access also needs to be granted by sheriffs + a very limited set of people. We can create a new scm access group to hold the small set of people.
fubar: should we add an LDAP or local system group for this? We want to be sure people don't get added to this group. It doesn't really matter to me where it is defined as long is access is significantly restricted and people don't get access accidentally (including through social engineering via whoever has write permissions to the list).
Flags: needinfo?(klibby)
https://hg.mozilla.org/integration/autoland now exists.

It can only be written to by me. I used experimental/mozilla-central-gd as the base repo. I set format.maxchainlen=10000 going forward so the manifest delta chains aren't so long. This will improve performance a bit.

The repo requires bundle2, so you'll need Mercurial 3.4+ to clone/pull from it. Of course, everyone should be running Mercurial 3.7.3+ because of security fixes, so this shouldn't be a problem :)
(In reply to Gregory Szorc [:gps] from comment #2)
> fubar: should we add an LDAP or local system group for this? We want to be
> sure people don't get added to this group. It doesn't really matter to me
> where it is defined as long is access is significantly restricted and people
> don't get access accidentally (including through social engineering via
> whoever has write permissions to the list).

ldap, else we'll run into problems when we finally (hah) get to bug 1204555. we should also communicate out to the folks involved in the commit access policy chain (eg MOC, ldap admins, marcia knous, etc) so that they are aware and can update their own docs.
Flags: needinfo?(klibby)
Depends on: 1267415
Depends on: 1267712
LDAP group created and repo permissions on the server updated.

Calling this bug done.
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.