Hi, Please move recruiters@ and retirement@ to public aliases because right now I can't even read it or write it myself. There should be no good reason why these aliases should be private. If there is one, let me know.
Both recruiters and retirement alias get some privilege information from time to time. As such, I believe they should be "tightly" controlled, that is their membership shouldn't be open to anyone. I obviously have no objection to their membership to be known.
I complete agree with Jorge.
Then, I guess the ideal would be to make it readable by all people and write for, at least, the people we are in the team, right?
(In reply to Pacho Ramos from comment #3) > Then, I guess the ideal would be to make it readable by all people and write > for, at least, the people we are in the team, right? I would leave the control in infra hands or the team lead.
(In reply to Jorge Manuel B. S. Vicetto from comment #1) > Both recruiters and retirement alias get some privilege information from > time to time. As such, I believe they should be "tightly" controlled, that > is their membership shouldn't be open to anyone. Why? I don't get it. Can you give me an example where a public knowledge of the members of these teams would be a problem? On the contrary, not knowing who is seeing your "sensitive" information is more problematic. To be clear, I only want these aliases to be publicly *visible* not editable. Yet I am not sure how can you restrict the write privileges to these alias. Can I at least have +w access to them which is I am listed as lead in both teams? Because right now, i can't even see who is in these teams, let alone editing them.
I don't think there is any reason to keep the membership info private. We are just worried about private info that can be sent to these lists. I think we are saying the same thing in different ways :P
ALL aliases are world-readable by Gentoo Developers. $ grep recruiters /var/mail/master.aliases recruiters : tommy,hwoarang,jlec,phajdan.jr,garchives@archives.gentoo.org
Ping? can i please get the required +w access to these aliases please?
why is this taking so long? :(
I've made the alias public. As I don't see any other alias writable by anyone other than root in the special* directories, I'll defer to Robin about that.
hwoarang: For changes; i think it would be preferable for the moment if you filed bugs to have changes made. There is a longer-term project to move mail aliases into Git; but it's a way off yet. Right now aliases can be broken down into 4 types (ignoring the master.aliases file): - Read & Write to all devs - Writable by infra, readable by devs - Read & Write to infra scripts, not readable by devs - Read & Write to infra manually, not readable by devs I see two options for doing this: 1. 4 repos 2. One repo, accessible only by infra, plus a local checkout on woodpecker that slurps changes by developers. I'd tend to #2, because it puts all aliases into one repo, and avoids problems of aliases moving between the types.
(In reply to Robin Johnson from comment #11) > hwoarang: > For changes; i think it would be preferable for the moment if you filed bugs > to have changes made. There is a longer-term project to move mail aliases > into Git; but it's a way off yet. > > Right now aliases can be broken down into 4 types (ignoring the > master.aliases file): > - Read & Write to all devs > - Writable by infra, readable by devs > - Read & Write to infra scripts, not readable by devs > - Read & Write to infra manually, not readable by devs > > I see two options for doing this: > 1. 4 repos > 2. One repo, accessible only by infra, plus a local checkout on woodpecker > that slurps changes by developers. > > I'd tend to #2, because it puts all aliases into one repo, and avoids > problems of aliases moving between the types. how does 2 handle the not-readable by devs piece?
(In reply to Robin Johnson from comment #11) > hwoarang: > For changes; i think it would be preferable for the moment if you filed bugs > to have changes made. There is a longer-term project to move mail aliases > into Git; but it's a way off yet. Ok that's fine then
(In reply to Matthew Thode ( prometheanfire ) from comment #12) > (In reply to Robin Johnson from comment #11) > > Right now aliases can be broken down into 4 types (ignoring the > > master.aliases file): > > - Read & Write to all devs > > - Writable by infra, readable by devs > > - Read & Write to infra scripts, not readable by devs > > - Read & Write to infra manually, not readable by devs > > > > I see two options for doing this: > > 2. One repo, accessible only by infra, plus a local checkout on woodpecker > > that slurps changes by developers. > > > > I'd tend to #2, because it puts all aliases into one repo, and avoids > > problems of aliases moving between the types. > > how does 2 handle the not-readable by devs piece? - Only infra can read the repo - the existing directories remain as-is - the script that commits to git runs as root/infra and can read ALL of the aliases.
Given the info in this bug, the aliases are sufficiently public. Write access as per: (In reply to Robin Johnson from comment #11) > hwoarang: > For changes; i think it would be preferable for the moment if you filed bugs > to have changes made. There is a longer-term project to move mail aliases > into Git; but it's a way off yet. Long-term stuff not scope of this bug.
