My understanding is that the new commit access policy requires some changes to the Hg permissions bits. Here's my proposed migration plan that I sent to Aravind (comments welcome):
- Rename hg_mozilla to scm_level_1
- Create a new Hg permissions bit, scm_level_2
- Rename hg_mozsrc to scm_level_3
- Rename hg_l10n to scm_l10n
(This is because the current names are not really clear, and that
problem is exacerbated by the new level 2, which otherwise has no good
- Give scm_level_2 to everyone who currently has scm_level_1 but
- Give scm_level_2 to everyone who currently has scm_level_3. (This
catches people like Axel and other l10n drivers.)
- Remove scm_level_2 from the short list of people that Gerv holds
who were given level_1 access only during the interim period
(The result of this is that l10n committers are left at level 1 + l10n, and
everyone else gets level 2.)
- Change all trees except user trees, try server trees, incubator
trees, l10n trees and scm_level_3 trees to require scm_level_2
- Change the xforms tree from scm_level_3 to scm_level_2
- Make sure the specific trees listed in the policy require scm_level_3
(This sets up the trees to be in the right place for the permissions
structure just established.)
Can someone make this bug public? I forgot to uncheck the checkbox.
(One disadvantage of using the "itrequest" form...)
Bug is public.
This also needs to be added to the page documentation so that the individuals operating on the requests will know which bits to ask for.
Marcia: sure. Let's wait for Aravind to approve it and implement it first :-)
Hi Aravind: do you have an ETA for this? We are already using the new policy, so it would be very good if the technical implementation was well matched to the policy. At the moment, I'm having to keep a manual list of people whose permissions we'll need to fix up...
I will have to cut off access to the repos while I fix permissions and muck with ldap perms for users etc. I can work on this tomorrow (during the maintenance window 7:00 to 10:00 PM PDT). I think this will mean shutting down build trees etc. Copying build folks to see if its okay.
Filed bug 561147 to update the auth logic on the l10n stage server for the new group name.
Okay, I am all done with my changes. Gerv send me that list of users that I should yank level_2 from?
Aravind: awesome! The list is:
firstname.lastname@example.org (or is it email@example.com?) - bug 548595
firstname.lastname@example.org (or is it email@example.com?) - bug 548096
Removed level_2 access from their accounts.