On 1/16/14, 8:01 AM, Mike Hoye wrote:
On 1/16/2014, 12:25 AM, Gregory Szorc wrote:
Can we just store the modules membership in LDAP or some other machine
readable location (if not inside mozilla-central for relevant modules)
and have a web page pull from that? Yes, it introduces process and
overhead. But, module membership is the cornerstone of trust and
giving automated agents access to the module membership [in a way that
can be correlated to accounts] enables all kinds of nifty auditing
possibilities. I believe this would help enable the verification
actions proposed by Brendan and Andreas in their recent blog post [1].
Just! I love the word just. All the best plans start with "why don't we
just", am I right?
Slightly more seriously, I think that you're conflating your business
card with your house keys. The Mozillians site doesn't currently talk to
LDAP, and making it pull data from LDAP seems like a lot of delicate and
carefully-secreviewed work, particularly given how rarely module
ownership and membership turns over.
mozillians.org doesn't necessarily need to talk to LDAP. But whatever
displays the module ownership list would (could be just a random page on
mozilla.org). Alternatively, we could stand up a small and simple web
service to store module ownership. I just threw out LDAP because I think
it makes sense. My only requirement is it is machine readable.
Your argument about verification actions may outweigh my hypothetical
future problem, though, and be worth the work; do you have specific
things in mind that aren't possible with our current setup?
Right now, we can't easily audit pushed patches to verify they were
reviewed by an appropriate module peer. As a module owner, I would love,
love, love to get a notification if someone changed a file under my
module without a peer's consent. To do this automatically, we'd need
module membership and IRC nicks (to parse commit messages back to
people) somewhere machine readable. Alternatively, we change our code
review and landing mechanism such that the reviewer "annotation" is
enforced at push time. Some people have ideas for working this into
autoland. Automated auditing like this would go a long way to preventing
silliness like the solution in bug 959821.
FWIW, some other large projects (notably Chromium) embed module
membership in the source tree. You not only get machine readable module
membership and a tracked history over time, but you also get
directories/files relevant to specific modules. This is great for
automated auditing!
_______________________________________________
governance mailing list
[email protected]
https://lists.mozilla.org/listinfo/governance
