Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upAdd the Mozilla central servo sync account as an operator. #702
Conversation
|
@larsbergstrom I agree with the idea of giving a shared sheriff account sufficient perms to close the tree. Can you or @globau point me to docs on:
Even if these docs are behind a Mozilla LDAP wall, I would like to look over them just to make sure we aren't accidentally introducing a huge vulnerability by adding this account. |
globau
commented
Jun 20, 2017
the only people who have access are those who also have root access to the systems running servo-vcs-sync. ie. selected dev-ops and developers. this excludes sheriffs and contributors. best to ask fubar about what happens with regards to staffing changes and access. |
|
From further conversations with @globau, the credentials are stored in a wonderfully secure manner with extremely limited access to the underlying API key. I'm comfortable that the Firefox protections are at least as good as our own protection of the @bors-servo account :-) |
|
Is this a human account or a bot account? If the latter, are we planning to add another interface for closing the tree than writing GitHub comments to bors-servo? |
globau
commented
Jun 22, 2017
|
it's a bot account. lars and i discussed a few times an out of band signalling mechanism such as SQS (it would help reduce race conditions) but it wasn't really viable to fit that into the schedule. if need be we can investigate that later. |
|
@bors-servo r+ I'd appreciate a pointer to the code be left here, or a page created in the wiki so people know where to start looking if something weird happens. |
|
|
Add the Mozilla central servo sync account as an operator. r? @edunham @globau tells me that https://github.com/moz-servo-sync is the account that sheriff backouts will appear as. In order to auto-approve and support `treeclosed`, I was thinking that it would make sense to make it an `operator`. <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/saltfs/702) <!-- Reviewable:end -->
|
The Gecko side backout code is here: |
|
|
|
@bors-servo retry
|
Add the Mozilla central servo sync account as an operator. r? @edunham @globau tells me that https://github.com/moz-servo-sync is the account that sheriff backouts will appear as. In order to auto-approve and support `treeclosed`, I was thinking that it would make sense to make it an `operator`. <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/saltfs/702) <!-- Reviewable:end -->
|
|
|
I deployed this yesterday. |
larsbergstrom commentedJun 19, 2017
•
edited
r? @edunham
@globau tells me that https://github.com/moz-servo-sync is the account that sheriff backouts will appear as. In order to auto-approve and support
treeclosed, I was thinking that it would make sense to make it anoperator.This change is