From Fedora Project Wiki

New Maintainer Containment



Problem Space

Currently there is no buffer between becoming a Fedora maintainer and gaining commit access to a very large number of packages (anything that allows cvsextras commit). Many people feel that this is a problem and that we should have a method to contain new contributors for a period to a much smaller set of packages.

Solution Overview

I propose that a change be made to how our ACLs are generated and used. Instead of all contributors automatically getting access to the FAS group that allows for wide commit access, a new group would be created instead, that would give the elevated commit rights. All maintainers would still be part of /some/ group, which is used to apply file level ACLs on the cvs file system, but would not be used for site wide CVS ACLs. In effect, a new contributor would only have commit access to the packages said contributor owns, co-maintains, or has otherwise been explicitly granted commit access to. In the end though, the group that allows wider access should have as many people as possible, just with the exception of new contributors.


This proposal would touch mostly on the CVS server, particularly the scripts used to assign file level and CVS level ACLs to packages. It would also have impact upon pkgdb, and various wiki pages. In addition, new policy would need to be created to determine how / when / why maintainers would be elevated from containment to the group which most packages would allow to have commit access.

Active Ingredients

The main active ingredient would be the script used to generate CVS ACLs. It would have to be altered to use a different group to apply the site wide CVS ACLs (or alternatively it would use a different group to apply the file level ACLs).

Package DB

PackageDB may have to be changed to display different group names for access.


Various wiki pages would have to be updated, maintain a list here:

Discussion Points

  • What to call the group that all maintainers get in that is the file level ACL?
  • What to call the group that elevated maintainers get in that is the wide CVS ACL?
  • How do maintainers get added to the elevated group?
  • What maintainers are grandfathered in?

Comments ?

Potential criteria for being elevated to the supergroup:

  • Being elected a Sponsor
  • Being promoted by your Sponsor
  • Adding a Karma system to Fedora, in that maintainers promoted up from the containment group can grant other maintainers Karma. If a maintainer in the containment group gets enough karma votes, they get automatically bumped to the wider access group. This could also be used to promote folks to be sponsors, and a number of other things. Should be possible with FAS2.

Do take a close look at what Debian does to solve the same problem: