[jira] [Resolved] (INFRA-10014) Allow PMC members to label Github pull requests

["Geoffrey Corey (JIRA)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/INFRA-10014?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Geoffrey Corey resolved INFRA-10014.
------------------------------------
    Resolution: Later

Since this was answered on the infrastructure@a.o mailing list, I'm resolving with resolution "Later".

Here's the archive link: https://mail-search.apache.org/members/private-arch/infrastructure/201507.mbox/%3CCAKprHVYMwYCHManZ8tJH-Mun_Qtu3kVw3FEr6YHZj_W48u8K5g@mail.gmail.com%3E but it does require one to be a PMC or member to read.

tl;dr:

This (and related issues with pull requests) are a frequent request
from projects. So we have a number of things going on right now with
regards to github that will be of interest, but won't solve this
problem for you (at least yet).

So today, the permissions for Github are pretty coarse, there are
essentially three levels: read, write, and admin.

Unfortunately to do anything much more than comment on a review, you
need write level. Currently we don't have anyone with write level
access because the repos are mirrors only. (A subset of the root@
infrastructure team has admin access to the Apache organization.)

Earlier this year we began exploring the possibility of making Github
our canonical repository (meaning committers would get write access)
and while most of the issues we found were solvable, the current
blocker on that Github doesn't expose push logs to us. They feel they
have a duty to protect their users privacy. We feel that we need to
see push logs for provenance purposes. You can see that decision in
the April Legal Affairs board report. [1]. We are continuing the
conversation with Github, and have even talked as recently as this
week about the situation as we continue to try and sort it out.

Separately from that, Github is just now starting early access to
improved org permissions that features greatly enhanced granularity of
permissions[2], including granting permissions to manipulate pull
requests and issues separate from write access to the repositories.
We've asked, and been told we'll be included in the early access
program, but as of yet, that hasn't yet begun; though we hope it will
come to fruition in the coming weeks and we'll start working on
deploying that.

Completely separately from those two - IF the improved org permissions
doesn't come about in a timely manner, or if it doesn't meet our
needs, we have some code that authenticates and authorizes based on
the ASF's LDAP service, and then proxies requests to Github using one
of service accounts at Github. We don't want to stand this up service
if it's going to be obviated by Github in a matter of days or weeks.


--David


[1] https://whimsy.apache.org/board/minutes/Legal_Affairs.html
[2] https://github.com/blog/2020-improved-organization-permissions

> Allow PMC members to label Github pull requests
> -----------------------------------------------
>
>                 Key: INFRA-10014
>                 URL: https://issues.apache.org/jira/browse/INFRA-10014
>             Project: Infrastructure
>          Issue Type: Wish
>          Components: Git, Mirrors
>            Reporter: Nikhil Khandelwal
>
> I am a committer in the Apache Cordova community and we use github extensively to accept code contributions from others in the community. We had been fortunate to have a high number of contributions coming in over the 40+ github repos that we maintain. One of the challenges has been to ability to organize the list of pull requests by using assignees, label for milestones, severity, or feature area. 
> Currently, we have over 240 pull requests open: http://s.apache.org/cordovaPulls
> Github UI offers great features to label, and track pull requests and none of these are available to committers. 
> I would like to figure out a way for committers to be able to get access to this on github. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)