On Mon, Feb 21, 2022 at 10:58:58AM -0500, Neal Gompa wrote:
On Mon, Feb 21, 2022 at 10:51 AM Pierre-Yves Chibon pingou@pingoured.fr wrote: The git server and git structure is orthogonal to the lookaside problem. Fundamentally, the issue was that the same upload endpoint is used for both Red Hat compliance and SIG work. We already have authentication/authorization on branches at the Pagure level, so we just lacked a way to handle this for the lookaside upload. By splitting the endpoint, it should be possible to solve that since you can deny access to the Red Hat endpoint to everyone.
However, I'd make a small suggestion: instead of changing the endpoint URL for SIGs, change the endpoint URL for Red Hat. RCM uses that endpoint through automation (I assume), so changing the endpoint for the one service is considerably simpler than dealing with everyone's own scripts to adjust for SIGs.
That is an interesting point, I'll ask around to know how feasible it would be.
As an example, I've written automation to deal with Hyperscale work because doing it by hand is a lot of grunt work. While I can probably tweak my stuff easily enough, I don't know if *everyone* can.
Your automation doesn't use the `lookaside_upload` script from centos-git-commoin then?
And again, the lookaside thing is completely orthogonal to the git structure. I should be able to use it just fine from git.centos.org in the current branched package structure.
I agree, though dropping the branch structure that git.centos.org imposes exacerbates this. I don't know that we want to change the current structure used for all SIGs (vs making it opt-in), but it is an interesting thought.
Thanks for your thoughts, Pierre