From Fedora Project Wiki


Problem Space

A good number of previously core packages still have default locked down ACLs. This prevents a culture of fixing each others packages and can delay important changes being done or timely rebuilds done for broken deps.

Solution Overview

Having an automated "opening" of all ACLs (that is allowing cvsextras commit access) that a maintainer can opt /out/ of should they choose.


This change would mostly deal with pkgdb, however depending on the method decided to use for opting out of ACL opening it could touch on cvs or bugzilla.

Active Ingredients

The active ingredient would be a script that is used to identify packages that currently do not allow cvsextras commit access. This script would mark these packages in some way as being targetted by an automated opening. An appropriate wait time will be observed allowing maintainers to opt out, and then another script would identify all the packages still marked for opening and open them using pkgdb.

Sub Component

CVS could potentially be used to mark a package for opening and allow for a maintainer to opt-out.

Discussion Points

  • How to mark packages for opening?
  • How maintainers can opt-out?
  • What is a reasonable delay between marking and opening?

Comments ?

We should probably make it a requirement to provide a good rationale and store it along with the packages in the package database for maintainers who wish to retain ACL's in their packages - RahulSundaram