Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Design Considerations for maintainers of packages & namespaces. #17

Open
arteevraina opened this issue Mar 11, 2023 · 6 comments
Open

Design Considerations for maintainers of packages & namespaces. #17

arteevraina opened this issue Mar 11, 2023 · 6 comments

Comments

@arteevraina
Copy link
Member

In the project, there have been discussions on namespace maintainers & package maintainers.
Let's say if we have multiple packages under a namespace and if the admin adds a new maintainer to the namespace then the newly added maintainer will have access to all the packages that are listed under that namespace.

But, on the other hand, if we only have maintainers of the package. So, this security issue won't be there as that newly added maintainer will have access to that only package under that namespace and other packages will be not accessible to the maintainer.

On the other hand, we can allow user to add maintainers to the packages as well as to the namespaces. The logic will be similar, only the entity package will be changed with the namespace.

So, if an admin adds a user as a maintainer to the namespace, the user will be now the maintainer of all the packages under that namespace and if admin adds a user as a maintainer to the package, the user will be the maintainer of the package only.

Also, we can allow to remove maintainers from the packages easily. For removing maintainers from the namespaces, we can have multiple solutions. So, if a user wants to remove a maintainer from namespace, the maintainer can be directly removed from all the packages under that namespace or they can ask the backend to keep the user as the maintainer of the packages and only remove the maintainer from the namespace.

It would be really helpful if can gather a wider community feedback to better implement this feature. @fortran-lang/fpm @minhqdao @perazz @henilp105
@minhqdao
Copy link
Contributor

What is the actual question? 😅

So it seems like you want to have:

  • Namespace maintainers
  • Package maintainers
  • Namespace maintainers automatically being a package maintainer for all the packages within the namespace
  • Optional removal of all package maintenance rights within the namespace when the namespace maintenance rights are being removed for a user
  • A warning if the user still has namespace maintenance rights when package maintenance rights are being removed

I guess that sounds sensible to me.

@arteevraina
Copy link
Member Author

What is the actual question? sweat_smile

So it seems like you want to have:

* Namespace maintainers

* Package maintainers

* Namespace maintainers automatically being a package maintainer for all the packages within the namespace

* Optional removal of all package maintenance rights within the namespace when the namespace maintenance rights are being removed for a user

* A warning if the user still has namespace maintenance rights when package maintenance rights are being removed

I guess that sounds sensible to me.

Yes, @minhqdao. I am actually considering whether to have the maintainers in a namespace or not for the MVP. It also depends on the organizations that will be planning to use our registry and if the need arises maintainers of the namespace feature can be integrated as well.

@minhqdao
Copy link
Contributor

I don't think it's the most important thing for the MVP but being able to add namespace maintainers is a useful feature, I'd say. You won't have to add them to every individual package.

@perazz
Copy link

perazz commented Mar 13, 2023

I like the way this feature is designed, I'm no expert in this but I would think that organizations use a namespace to oversee all their packages, so I agree that the users that are designated as namespace maintainers should be able to operate on all the packages in the namespace.

So, if a user wants to remove a maintainer from namespace, the maintainer can be directly removed from all the packages under that namespace or they can ask the backend to keep the user as the maintainer of the packages and only remove the maintainer from the namespace.

Yes, I also agree that when removing maintainer rights, namespace maintainers should probably be able to have both options, for example:

  • user maintains 3 packages in a namespace that has 10 packages.
  • user is promoted to namespace maintainer -> can now oversee all 10 packages.
  • Another namespace maintainer or admin wants to remove user from the namespace maintainer:
    -- removed from namespace only -> user can still maintain the 3 packages it was previously maintaining
    -- total removal -> user does not maintain any packages in the namespace anymore.

Makes sense?

@minhqdao
Copy link
Contributor

Think we're all on the same page here.

@henilp105
Copy link
Member

@arteevraina it seems to be the most apt solution for the MVP.

arteevraina pushed a commit to arteevraina/registry that referenced this issue Apr 9, 2023
@henilp105
Merge pull request fortran-lang#17 from arteevraina/refactor-search-tile
c516f88 
refactor: Search Tile & Component
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@perazz @henilp105 @minhqdao @arteevraina