On Sun, Jan 6, 2019 at 10:20 PM Alex Harui <aha...@adobe.com.invalid> wrote: >...
> All commits, even PR's from non-commiters accepted by a committer are > supposed to be reviewed, AIUI. So if the bot makes a commit to the repo, > the PMC is responsible for reviewing it. In Royale's case, the bot should > only be changing pom.xml files and making tags and branches, so a bad bot > commit should be easy to spot and detection may even be tool-able. > Git does not have path-based authorization, so there is no way to restrict a bot from changing *code*. Give it access to pom.xml, and it has access to the entire repository. "But the bot won't do that" ... Well, the bot is not auditable by Legal Affairs or Infrastructure, so there is no way to validate it is committing Properly. This is the basic conundrum behind Legal/Infra's decision to disallow bots from commit access to git repositories. We do have a couple running for svn repositories, using path-based authz. Within the Apache Subversion project, have tooling[1] to assist an RM with pretty much all the steps of a release. From reading this thread, it seems like Royale's problem is getting RMs up to speed, so maybe it can be solved with additional build-side tooling? Cheers, Greg InfraAdmin, ASF [1] https://svn.apache.org/repos/asf/subversion/trunk/tools/dist/
