Am 16.03.19 um 18:40 schrieb Zppix:
So your basically telling me, I can’t decide who gets the power to +2 on for example a toolforge tool I actively am the primary maintainer of? Instead it has to be requested.
The relevant part of the policy reads:
| If there is a consensus of trusted developers on the Phabricator task, any of | the Gerrit administrators can resolve the request. The task must remain open | for at least a week, to allow interested developers to comment. Additional | time should be allowed if the request is open during travel or holiday | periods.
So, if you are the one trusted developer on the project, and nobody else cares, +2 will generally be given after a week.
The rationale for requiring a request instead of allowing the owners of git repos to gran permissions themselves is two-fold:
1) limiting the impact of compromised volunteer accounts. A compromised account that can give +2 rights is more problematic than a compromised account that has +2 rights. It's much easier for WMF to ensure the security of staff accounts.
2) allowing the developer community to raise objections against individuals they have had bad experiences with in the past. The person asking you for +2 rights may seem nice enough to you, but giving others an opportunity to chime in seems prudent.
Both are potential issues for granting maintainer rights on a toolforge project as well. And perhaps the policy for that should also be revised - perhaps there should be a distinction between "high impact" and "regular" tools. But that is beyond the scope of this policy, and this discussion.
I do not disagree with a lot of the changes to technical policies, but with this change it seems to restrict ability to scale projects.
That would be the case if the above requests were not handled in a timely manner. If this should be the case, please complain loudly so we can fix it.
Or do you think one week is an unreasonably long time?
I also do believe that this change should of be taken under RfC or some sort of consensus-gaining measure. I respect the intentions, but I absolutely think the change needs reverted then voted on by the technical community.
It did go though the RFC process, including an IRC discussion and a last call period. Do you have a suggestion for how and where we could have publicized this more, to gather more feedback?