On Sat, Mar 19, 2022 at 11:03 PM Kevin Fenzi <kevin(a)scrye.com> wrote:
On Sat, Mar 19, 2022 at 10:58:59PM +0100, Fabio Valentini wrote:
>
> Oh, I think I know what's going on. I looked at
>
src.fedoraproject.org/user/$user.
> But those group memberships are only synced if the user logs in, AFAIK?
> So ... do these packagers retain provenpackager capabilities in
> dist-git so long as they never log in? :)
Yeah. Group memberships are refreshed there on login.
But no one could use that, as if they logged in, it would refresh and
not let them use provenpackager access since they are no longer in the
group.
Well, in the GUI, yes, but what about the access controls in git
pre-receive hooks?
You don't need to log in with the web GUI to do "fedpkg clone; do
'malicious changes'; git commit -m 'spec cleanup'; git push".
Fabio