Access Control with Fedora Packages

New packages imported into the Fedora source repository are set up such that, by default, they can only be committed to by the package maintainer and comaintainers. This is the safe default as it ensures that new security-critical packages don't have a window between being set up as a package and having the access control set up in which a contributor could change things without being noticed.

For most packages, this is probably overkill as allowing other contributors to fix minor things is a good thing and saves you, the package owner, from having to be the middle man. If you'd like to set your package up so that any Fedora package maintainer can contribute to it, just remove the file pkg.acl from the top directory of your package checkout.

If you'd instead just like to add people to be able to commit, you can edit the pkg.acl file and add users (by FAS userid) to it, one user per line, and those users will be allowed access. You can also set things up so that access is allowed on a per-branch basis by creating a pkg.acl file in the branch directory, eg, devel/pkg.acl if you only want someone to be able to commit to the devel branch.

Note: changes to ACLs are currently applied only every half hour as opposed to immediately