On Sat, Nov 29, 2025 at 02:51:55PM +0100, Joerg Jaspert wrote: > In general there is nothing to say against a process where an existing DD > could vouch for a new signup on salsa. > > Gitlab has an API that allows one to do so. > > I can imagine a webapp where a DD can approve (or deny) requests. That's > basically what we salsa admins currently do (well, mostly with a script, but > that uses the Gitlab API thing). Only, we do have admin rights, and we do > not want to hand those to each and every DD, obviously, and as far as I can > see, it is currently bound to that admin role. > > So if you (or someone) comes up with a standalone webapp that we can run on > some .d.o host that allows the user approval step (and writes some logs > about it) for anyone who is a DD - I do think it has a good chance of > getting run. It would take much pretty boring work away from us. > > Basic requirements: > > - Does *NOT* patch gitlab in any way. Runs externally on some web server and > only uses gitlab API, that is, is entirely independent of the actual gitlab > instance. > - Does some verification that the user using it is actually a DD. > - Keeps logs of the actions. > > There might be more requirements, this is just quick thinking, and its only > me speaking, not yet the rest of the team. But I'm in favor, if its > implemented with care.
Extending the "Debian GitLab self-service" would be one solution:
https://signup.salsa.debian.org/
https://salsa.debian.org/salsa/gitlab-newuser
I can draft this, if we choose this way.
On Sat, Nov 29, 2025 at 12:08:56PM -0300, Antonio Terceiro wrote:
> IMO we do not even need a web app for this. We can solve this with a git
> repository where only DDs can write to. DDs would list usernames that
> should be approved in a text file, one per line. It
> would then be easy to change our user review script to fetch that
> repository and read the hints from it. git gives us logging and
> traceability for free.
>
> This idea was inspired by how the Release team manages their hints files
> for the testing migration scripts.
>
> I can draft something like this relatively easily.
This way also looks good to me.
--
Jongmin Kim
D3D7 A235 22B6 41FB 78AC C775 0000 01EF CF1A 50FA
signature.asc
Description: PGP signature
