OpenAFS RT changes (was Re: [OpenAFS-devel] Re: Moving Forwards)

Derrick Brashear shadow@gmail.com
Tue, 11 Sep 2012 10:39:10 -0400 

On Mon, Sep 10, 2012 at 3:33 PM, Simon Wilkinson
<simonxwilkinson@gmail.com> wrote:
>
> On 10 Sep 2012, at 16:30, Andrew Deason wrote:
>
>> Aside from the spam/abuse angle, which people have covered ("it's a
>> problem, but tractable")... many extant RT accounts are pretty
>> restricted. IIRC, I can't 'steal' ownership of anything, or comment on
>> any ticket I'm not explicitly included on, which makes it pretty darn
>> difficult to use.
>>
>> I think that means I can't 'resolve' things owned by other people unless
>> I get them to explicitly reassign ownership. I also cannot 'delete' spam
>> tickets and such.
>>
>> Opening _that_ much up I believe is simpler.
>
> Okaty, so as a first step, let's fix this. I believe that this is just a case of changing the permission set, and possibly the list of users with a given permissions.
>
> I believe a while back, the offer was made to do this, providing that we had some agreement on what those permission sets should be.
>
> So, I'm proposing the following sets:
>
> guest:
>         As present, can view the openafs-bugs queue, but can't update them
>
> commenter:
>         Can do anything to a bug, but can't delete it, or merge it with another bug, (these are potentially irreversible steps in RT)
>
> developer:
>         Can do anything to a bug
>
> And then the existing set of permissions for the security queue. All active accounts would be by default in the 'commentor' state. Anyone who meets my earlier criteria for +2 access to gerrit would also be in the developer set.
>
> And then we solve the issue of how to do automatic signup as a separate step.

nominally these already existed.

everyone

openafs-bugs-view

openafs-bugs-workers

the question is one of tweaking the actual permissions. i nominally
have this power though it
has been years since i have configured an RT instance (probably 6-8
years). I changed some things,
so it may work better. It still means we have to manually put people
in -view and -workers as before

and we still need a way to get real accounts for people who do not
already have them.

> Any comments?
>
> Cheers,
>
> Simon.
>
>
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel
>



-- 
Derrick