)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"6290f8162e22d884483c58e229d5ba5f614cbefe","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"3db31436_ecee0f05","updated":"2023-11-29 18:06:10.000000000","message":"@fungi and @frickler: some questions inline.","commit_id":"39022bed56389915de0c45f60e524a2c5047509e"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"c9ba99f5ceded4b5e07c03000ce81bd45ce34096","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"03308ca2_cae1c865","updated":"2023-11-29 23:58:59.000000000","message":"Added code to the normalization scripts to handle the namespace issue.  If it looks like overkill, we can revert to PS 2.","commit_id":"a125f040af76b7617df96c8fbfd7cab9639fcf8b"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"c8c6f3b1cd63832039704fc6f405c34c709d223c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"319ee267_1835879e","updated":"2023-11-30 02:51:19.000000000","message":"Addressed bashate warning","commit_id":"60de765fa0c8dac1654b11ded4b3986db0ec681c"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"963744a1a3b2c3468ba30ad8c5b18781e64d3a80","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"d504e92d_ddd8a975","updated":"2023-11-30 13:03:48.000000000","message":"Just want to flag that the normalize_acl.py change is backward-incompatible for anyone who calls that script directly.  The change is handled automatically by the check_valid_gerrit_config.sh script, so there\u0027s no change to tox.ini, but I don\u0027t know if this is a concern or not (or where it should be documented).","commit_id":"60de765fa0c8dac1654b11ded4b3986db0ec681c"}],"gerrit/acls/openstack/meta-config.config":[{"author":{"_account_id":5263,"name":"Jeremy Stanley","display_name":"fungi","email":"fungi@yuggoth.org","username":"fungi","status":"missing, presumed fed"},"change_message_id":"9af57b111c6b5b7650c3a023da27abc0388849de","unresolved":false,"context_lines":[{"line_number":8,"context_line":"\tabandon \u003d group Change Owner"},{"line_number":9,"context_line":"\tabandon \u003d group Project Bootstrappers"},{"line_number":10,"context_line":"\tabandon \u003d group openstack-unmaintained-core"},{"line_number":11,"context_line":"\texclusiveGroupPermissions \u003d abandon label-Code-Review label-Workflow"},{"line_number":12,"context_line":"\tlabel-Code-Review \u003d -2..+2 group Project Bootstrappers"},{"line_number":13,"context_line":"\tlabel-Code-Review \u003d -2..+2 group openstack-unmaintained-core"},{"line_number":14,"context_line":"\tlabel-Code-Review \u003d -1..+1 group Registered Users"}],"source_content_type":"text/x-ini","patch_set":1,"id":"d0c620e4_45c2aebe","line":11,"updated":"2023-11-28 20:12:45.000000000","message":"Keep in mind that setting exclusiveGroupPermissions here means core review teams for the projects won\u0027t have the usual Code-Review and Workflow permissions on branches matching this pattern. Presumably that\u0027s the intent.","commit_id":"39022bed56389915de0c45f60e524a2c5047509e"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"28ffc73b90fc6afda82dfa4382c284798fe1d9f6","unresolved":false,"context_lines":[{"line_number":8,"context_line":"\tabandon \u003d group Change Owner"},{"line_number":9,"context_line":"\tabandon \u003d group Project Bootstrappers"},{"line_number":10,"context_line":"\tabandon \u003d group openstack-unmaintained-core"},{"line_number":11,"context_line":"\texclusiveGroupPermissions \u003d abandon label-Code-Review label-Workflow"},{"line_number":12,"context_line":"\tlabel-Code-Review \u003d -2..+2 group Project Bootstrappers"},{"line_number":13,"context_line":"\tlabel-Code-Review \u003d -2..+2 group openstack-unmaintained-core"},{"line_number":14,"context_line":"\tlabel-Code-Review \u003d -1..+1 group Registered Users"}],"source_content_type":"text/x-ini","patch_set":1,"id":"3f0c4578_8ce7a7d2","line":11,"in_reply_to":"59101307_8c1a362c","updated":"2023-11-30 07:43:47.000000000","message":"ok, thx, I think this is good for now and we can verify the project specific overrides when they become needed","commit_id":"39022bed56389915de0c45f60e524a2c5047509e"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"aef388b4a9fbd458626b556f3985433b58bba193","unresolved":true,"context_lines":[{"line_number":8,"context_line":"\tabandon \u003d group Change Owner"},{"line_number":9,"context_line":"\tabandon \u003d group Project Bootstrappers"},{"line_number":10,"context_line":"\tabandon \u003d group openstack-unmaintained-core"},{"line_number":11,"context_line":"\texclusiveGroupPermissions \u003d abandon label-Code-Review label-Workflow"},{"line_number":12,"context_line":"\tlabel-Code-Review \u003d -2..+2 group Project Bootstrappers"},{"line_number":13,"context_line":"\tlabel-Code-Review \u003d -2..+2 group openstack-unmaintained-core"},{"line_number":14,"context_line":"\tlabel-Code-Review \u003d -1..+1 group Registered Users"}],"source_content_type":"text/x-ini","patch_set":1,"id":"f059dec3_b17e0aa2","line":11,"in_reply_to":"d0c620e4_45c2aebe","updated":"2023-11-28 21:04:09.000000000","message":"We\u0027ll still need Release Managers to be able to abandon reviews prior to EOLing a branch, so that should not be exclusive IMO.\n\nThe other labels are intended, we want a clear separation between the \"regular\" project team and the \"unmaintained\" team.\n\nWhat I\u0027m not sure about is whether this stanza would still allow a specific project to override access with a project-specific unmaintainer group?","commit_id":"39022bed56389915de0c45f60e524a2c5047509e"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"6290f8162e22d884483c58e229d5ba5f614cbefe","unresolved":true,"context_lines":[{"line_number":8,"context_line":"\tabandon \u003d group Change Owner"},{"line_number":9,"context_line":"\tabandon \u003d group Project Bootstrappers"},{"line_number":10,"context_line":"\tabandon \u003d group openstack-unmaintained-core"},{"line_number":11,"context_line":"\texclusiveGroupPermissions \u003d abandon label-Code-Review label-Workflow"},{"line_number":12,"context_line":"\tlabel-Code-Review \u003d -2..+2 group Project Bootstrappers"},{"line_number":13,"context_line":"\tlabel-Code-Review \u003d -2..+2 group openstack-unmaintained-core"},{"line_number":14,"context_line":"\tlabel-Code-Review \u003d -1..+1 group Registered Users"}],"source_content_type":"text/x-ini","patch_set":1,"id":"f9306977_3749eab1","line":11,"in_reply_to":"f059dec3_b17e0aa2","updated":"2023-11-29 18:06:10.000000000","message":"@fungi: correct, we don\u0027t want the \"regular\" project team having any special +2/+W/-2/-W on these branches; they\u0027ll have +1/-1 via Registered Users\n\n@frickler and @fungi: sounds like what I should do is remove \"abandon\" from line 11, and then I believe Release Managers will then have abandon powers by inheritance from line 2 ... or should I keep the \"abandon\" at line 11, and explicitly add Release Managers as having \u0027abandon\u0027 permission in lines 8-10?  Also, a quick look at a few projects\u0027 config files (well, cinder and nova) for \"refs/heads/stable/*\" show \"abandon\" in exclusiveGroupPermissions, but the Release Managers aren\u0027t included there (Project Bootstrappers are required by normalize_acl.py).  Is Project Bootstrappers enough (I\u0027m not sure exactly who they are), or do we need to add Release Managers (or make \"abandon\" un-exclusive)?\n\n@fungi and @frickler: good question about the override ... my theory is that if cinder, say, wanted to maintain its own unmaintainers-group, the team would basically copy lines 7-16 to the cinder.config file, replacing \u0027openstack-maintained-core\u0027 with \u0027cinder-unmaintained-core\u0027 throughout; the permissions for Change Owner, etc., are required by normalize_acl.py, so a project won\u0027t \"forget\" to include those.  My reading of https://review.opendev.org/Documentation/access-control.html is that the project-specific exclusiveGroupPermissions would override what\u0027s defined in this file (but I don\u0027t know for sure).","commit_id":"39022bed56389915de0c45f60e524a2c5047509e"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"7dc1941091c81001f0c63959dc417e4e4af52aa2","unresolved":true,"context_lines":[{"line_number":8,"context_line":"\tabandon \u003d group Change Owner"},{"line_number":9,"context_line":"\tabandon \u003d group Project Bootstrappers"},{"line_number":10,"context_line":"\tabandon \u003d group openstack-unmaintained-core"},{"line_number":11,"context_line":"\texclusiveGroupPermissions \u003d abandon label-Code-Review label-Workflow"},{"line_number":12,"context_line":"\tlabel-Code-Review \u003d -2..+2 group Project Bootstrappers"},{"line_number":13,"context_line":"\tlabel-Code-Review \u003d -2..+2 group openstack-unmaintained-core"},{"line_number":14,"context_line":"\tlabel-Code-Review \u003d -1..+1 group Registered Users"}],"source_content_type":"text/x-ini","patch_set":1,"id":"59101307_8c1a362c","line":11,"in_reply_to":"f9306977_3749eab1","updated":"2023-11-29 21:32:44.000000000","message":"I followed frickler\u0027s suggestion and specifically give the Release Managers \u0027abandon\u0027 permission.  To make sure that\u0027s also done by any projects that override the unmaintained/* branches, I added code to check for this in the normalization tool that gates gerrit acl changes.","commit_id":"39022bed56389915de0c45f60e524a2c5047509e"},{"author":{"_account_id":5263,"name":"Jeremy Stanley","display_name":"fungi","email":"fungi@yuggoth.org","username":"fungi","status":"missing, presumed fed"},"change_message_id":"ef17d7a196a17c91463a97d2badae95b5462aa1a","unresolved":false,"context_lines":[{"line_number":12,"context_line":"\tlabel-Code-Review \u003d -2..+2 group Project Bootstrappers"},{"line_number":13,"context_line":"\tlabel-Code-Review \u003d -2..+2 group openstack-unmaintained-core"},{"line_number":14,"context_line":"\tlabel-Code-Review \u003d -1..+1 group Registered Users"},{"line_number":15,"context_line":"\tlabel-Workflow \u003d -1..+0 group Change Owner"},{"line_number":16,"context_line":"\tlabel-Workflow \u003d -1..+1 group openstack-unmaintained-core"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"[receive]"}],"source_content_type":"text/x-ini","patch_set":1,"id":"60adfe28_1701a2c9","line":15,"updated":"2023-11-28 20:17:51.000000000","message":"Oh, also according to Zuul you missed granting Workflow override for the Project Bootstrappers group here.","commit_id":"39022bed56389915de0c45f60e524a2c5047509e"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"6290f8162e22d884483c58e229d5ba5f614cbefe","unresolved":false,"context_lines":[{"line_number":12,"context_line":"\tlabel-Code-Review \u003d -2..+2 group Project Bootstrappers"},{"line_number":13,"context_line":"\tlabel-Code-Review \u003d -2..+2 group openstack-unmaintained-core"},{"line_number":14,"context_line":"\tlabel-Code-Review \u003d -1..+1 group Registered Users"},{"line_number":15,"context_line":"\tlabel-Workflow \u003d -1..+0 group Change Owner"},{"line_number":16,"context_line":"\tlabel-Workflow \u003d -1..+1 group openstack-unmaintained-core"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"[receive]"}],"source_content_type":"text/x-ini","patch_set":1,"id":"295b7359_52e1354a","line":15,"in_reply_to":"60adfe28_1701a2c9","updated":"2023-11-29 18:06:10.000000000","message":"OK, I\u0027ll add that to the next patch set.","commit_id":"39022bed56389915de0c45f60e524a2c5047509e"}],"tools/check_valid_gerrit_config.sh":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"c8c6f3b1cd63832039704fc6f405c34c709d223c","unresolved":false,"context_lines":[{"line_number":13,"context_line":""},{"line_number":14,"context_line":"function check_team_acl {"},{"line_number":15,"context_line":"    local configs_dir\u003d\"$1\""},{"line_number":16,"context_line":"    local namespace\u003d\"$(basename $configs_dir)\""},{"line_number":17,"context_line":"    local configs_list"},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"    echo \"Checking $namespace\""}],"source_content_type":"text/x-sh","patch_set":3,"id":"9b7874b7_6564d9f1","line":16,"in_reply_to":"f66b7042_d3b16739","updated":"2023-11-30 02:51:19.000000000","message":"\u003e linters: E042 local declaration hides errors\n\nPlease fix.","commit_id":"a125f040af76b7617df96c8fbfd7cab9639fcf8b"}],"tools/normalize_acl.py":[{"author":{"_account_id":5263,"name":"Jeremy Stanley","display_name":"fungi","email":"fungi@yuggoth.org","username":"fungi","status":"missing, presumed fed"},"change_message_id":"90e6c7394d85eafeec05e429b47b9117c5b142a3","unresolved":false,"context_lines":[{"line_number":307,"context_line":"                    newsection.append(\u0027abandon \u003d group Change Owner\u0027)"},{"line_number":308,"context_line":"                    newsection.append(\u0027abandon \u003d group Project Bootstrappers\u0027)"},{"line_number":309,"context_line":"                    if \u0027refs/heads/unmaintained\u0027 in section:"},{"line_number":310,"context_line":"                        newsection.append(\u0027abandon \u003d group Release Managers\u0027)"},{"line_number":311,"context_line":"                if \u0027label-Code-Review\u0027 in exclusives:"},{"line_number":312,"context_line":"                    newsection.append(\u0027label-Code-Review \u003d -2..+2 \u0027"},{"line_number":313,"context_line":"                                      \u0027group Project Bootstrappers\u0027)"}],"source_content_type":"text/x-python","patch_set":2,"id":"1a62aee9_e6fb94a8","line":310,"updated":"2023-11-29 21:39:51.000000000","message":"Im on the fence but not -1 about this. It\u0027s an OpenStack-specific policy which is going to get applied outside the \"openstack/\" namespace but up to now we don\u0027t have any namespace-specific policies we enforce so could deal with diversifying it as exceptions arise.","commit_id":"21fd1c67ed85b85a9e2839140968982d81badb0e"}]}