#5298 non-provenpackager can build any package?
Closed: Invalid None Opened 11 years ago by pnemade.

Hi,
I am owner of caribou package. Its koji link is http://koji.fedoraproject.org/koji/packageinfo?packageID=9933 and pkgdb link is https://admin.fedoraproject.org/pkgdb/acls/name/caribou

I want to know how come "anishpatil" user able to build caribou package for rawhide -> http://koji.fedoraproject.org/koji/buildinfo?buildID=348595

This build looks to be not a scratch-build.


I think the short answer is : yes

the longer answer is that provenpackagers have commit access, which average-joe contributors do not.

This is really surprising to me. When was this implemented? That user is neither have provenpackager status nor co-maintainer for caribou package. I am the only one maintainer for caribou. I really see then new provenpackager requests of no use.

that's how it has always been, as far as I know.

So, to recap what happened, you had some version of this package some git branch, but apparently hadn't built it for that branch (yet)?

Note, this user in question, did not modify your package in anyway, just queue'd a build, which is indeed different that what provenpackager status grants.

Now, if you do not want that build in rawhide, you're welcome to untag it. Looking closer, I see now that the build failed, so that seems to not a concern in this case.

Ok. So basically it mean, any packager can just rebuild any other packager's package. But, he cannot modify other packager's package.

I want this to be documented at https://fedoraproject.org/wiki/Package_maintainer_policy#Who_is_allowed_to_modify_which_packages that packager people can also rebuild other packager's package.

Well, any packager cannot bump the release. So a provenpackager/maintainer of the package needs to have an unbuild version checked in.

cool. I tried to rebuild other's package which I do not own and it worked :)

the controls are all in the git acls, if you commit something to git, anyone with a valid ssl cert can build it if you don't. At this point in time we do not have plans to add extra acls to koji.

Metadata Update from @pnemade:
- Issue set to the milestone: Fedora 18 Alpha

7 years ago

Login to comment on this ticket.

Metadata