| 2010-06-28 11:53:42 |
Robert Collins |
description |
official package branch permissions are the union of the owner and the distro permissions; however per-user upload rights are not modelled via the owner, so this leads to an unobvious security issue when we start doing official distro-builds-from-branches.
We should either:
- make the owner the 'per user upload right' modelling,
- remove the owners permissons while a branch is official
- do something else to make it crystal clear to Ubuntu developers who will be able to upload to the archive. |
official package branch permissions are the union of the owner and the distro permissions; however per-user upload rights are not modelled via the owner, so this leads to an unobvious security issue when we start doing official distro-builds-from-branches.
We should either:
- make the owner the 'per user upload right' modelling. That is, have a synthetic team 'package-X uploaders' which lists all the people that can upload, and becomes the branch owner.
- remove the owners permissons while a branch is official (so they can write IFF they have upload rights)
- do something else to make it crystal clear to Ubuntu developers who will be able to upload to the archive.
|
|
