BranchOwnership

Status

• Created: 2005-04-27 by MartinPool

• Priority: NeedsPriority

• People: AndrewBennettsLead, AaronBentleySecond

• Contributors: MartinPool

• Interested: GuilhermeSalgado

• Status: BrainDump, UduBof, NewSpec, BreezyGoal

• Branch:
• Malone Bug:
• Packages:
• Depends:
• Dependents:
  1. UbuntuDownUnder/BOFs/BazaarLaunchpadClient
  2. UbuntuDownUnder/BOFs/BranchOwnership
  3. UbuntuDownUnder/BOFs/LaunchpadBranchManagement
  4. UbuntuDownUnder/ScheduleFriday
  5. UbuntuDownUnder/ScheduleThursday

• UduSessions: needs another

Introduction

A branch is owned by a person or group. The owner typically controls what flows into the branch and is interested in receiving patches for it.

We may be able to verify ownership of a branch in various ways, by e.g. sending an email message to the owner or checking that their OpenPGP key was used to sign the branch

There's no ultimate naming authority for branches. Bazaar is designed under the assumption of good behaviour. We cannot absolutely prove that someone owns a particular branch name, but neither can anyone else. The danger is minimal, because trust in Bazaar relies on the signing of the contents of branches.

We want someone who is actively involved in the branch, probably the maintainer, to be able to control what Launchpad says about that branch, such as its description and its relation to products registered in Launchpad.

Rationale

The owner may not be a launchpad or bazaar user, if the branch is imported from CVS. We do not want to spam owners who don't want to receive mail from or via LaunchPad.

Scope and Use Cases

Owners of branches should be able to request remirroring, and inform Launchpad when the archive location moves.

• Fred wants to ask the owner of GnomeBaker branch a question about their code.

  • He should be able to do this by visiting the branch's page on Launchpad (via finding it on the GnomeBaker product page), which should list the owner of that branch (there he should also be able to see who has made GPG signed commits (and how many) to that branch).

• The owner of a branch wants to to update the metadata for that branch, such as the description. Owners in Launchpad have permission to edit metadata.

• Sally A has changed ISP (or employer) from Foobar to Quux, and so no longer has access to her old sally@foobar.com address. She has a sally@foobar.com archive with useful history that she continues to publish elsewhere. This archive was already registered in Launchpad with Sally as the owner. Sally should continue to be the owner of the sally@foobar.com archive in Launchpad.

• Sally B joins the Foobar ISP, and gets the now available sally@foobar.com email address. Sally B should not be able to hijack the ownership of Sally A's sally@foobar.com archive.

• Bob has an archive named with invalid address, bob@nospam.myisp.com. Even though it's an address that Bob never has and never will own, Bob should be the owner of that archive in Launchpad.

Arch archives are theoretically useful forever, as they are likely to be referenced in branches that are descendents of branches in that archive.

Implementation Plan

Push mirroring:

• whoever pushes the archive is the owner of all the branches in that archive. This restricts based on the email address in the archive name, which doesn't work for everyone (see use cases).

Importd:

• use the owner of the product?

Pull mirroring:

• explicit requests:
  • assume owner is the requester?
• mysterious magical discovery:
  • ?

Most of the time, the email address in the archive name is accurate, so we will optimise for this common case.

• BazaarLaunchpadClient is speccing ways to define the owner in branch metadata. We will use that if it is there as our first preference.

• Otherwise, we'll rely on the archive name and email address corresponding. (But we won't allow reassignment of that archive? Discuss email address claiming / people merge here.)
• Failing that, first come first served?

XXX

If we mirror a signed archive, and they send a signed request saying "I am the owner", and it's the same key, then they're the owner of that location. (This makes the "yes I'm me" signed info in the archive unnecessary).

Data Preservation and Migration

Packages Affected

User Interface Requirements

Discussion

Rejected solutions for determining ownership

The simplest option is first come first served. This was rejected because it requires a human dispute resolution process, and developers that would otherwise not want to deal with Launchpad may feel they need to get a Launchpad account to prevent squatters.

Proof of control of archive location (for instance, write a cookie from launchpad into a file in your archive to prove you control it) is not an adequate solution. It only proves the person controls that location, but not that they are the authoritative source of that archive.

Outstanding Issues

XXX: Where exactly does information about branches get into launchpad from?

XXX: What about the dumb resigning bollocks when archives get remirrored?

XXX: Two seperate issues here: how to determine the owner initially, and how that can change (how can someone claim and prove an archive as theirs)?

UDU BOF Agenda

UDU Pre-Work

Brain dump

validation ideas (to prove control of archive location):

• write "yes I'm me" magic file into archive location? =meta-info/archives
• gpg key signatures? (e.g. sign =meta-info/name?) how to tell right sig? Bad.
• commit with a cookie.

• BazAutoMirroring has a way to specify launchpad accounts in the archive. Let's just trust that.

conflicting archives with same name but different content:

• has never happened yet
• requires human/community evaluation to resolve.

need to clearly sign-post the way we do automatic registration/mirroring, so people don't get the wrong idea about quality control and the authoritativeness of archives.

we could only auto-register signed archives? (but still mirror) This encourages good practice. People should be trusting content (via gpg sigs), not where or how they got it. Fundamentally, gpg signatures on *content* is what matters, not where the content came from.

Could add a Launchpad page/report that lists LP people that have signed revs in an archive (or branch)? And also report people that have been merged in.

See also BranchMetadata: if the author cares to put an RDF file or something similar in the source tree, then we can immediately and easily find their FOAF/email identity from there. However, we cannot expect most authors to create this metadata in the medium term.

CategoryUdu CategorySpec