[CentOS-devel] CERN pre-dojo meeting topic : build bots accounts for CBS

Tue Oct 24 08:45:05 UTC 2017
Fabian Arrotin <arrfab at centos.org>

Here are some notes taken from the CERN pre-dojo meeting from last week :

<paste>
Allow SIGs to have separate accounts for build bots
 - separate user accounts from "bot" accounts for security reasons
 - [proposal] have an email alias (not list) per sig for the bots, like
sig-<bla>@centos.org pointing to the SIG's chair
 - [proposal] SIG chair must request or approve email alias requests/
ACO account creation sent to CentOS Board chairman
</paste>

So, (as also discussed yesterday in the CBS meeting -
https://www.centos.org/minutes/2017/October/centos-devel.2017-10-23-14.01.log.html)

The proposal would be to create a @centosproject.org (or @centos.org)
email alias, that would go to SIG chair, and that would be used to
create an account on https://accounts.centos.org
While we can manually generate x509 cert with longer validity period, we
discussed the fact that using centos-cert just takes 2 seconds every 6
months, so SIG members who were present didn't find it a real issue.
(email notifications go to SIG chair - and/or other members ? - in
advance so easy to follow)

That's probably the workflow people use already anyway, while Brian
confirmed that longer-term a proper credentials store would be on the
roadmap, but soon.


-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20171024/2deb22f9/attachment-0007.sig>