"forge author" Gerrit permission

[Daniel Martí]

I'd like to suggest that all members of the Gerrit "approvers" team, who
can already +2 CLs and submit them, gain the following permission:

https://gerrit-review.googlesource.com/Documentation/access-control.html#category_forge_author

This is useful in a couple of common scenarios when reviewing a CL to
submit it:

* To start the trybots again, if they encountered an unrelated flake or
failure
* To fix small typos in commit messages before submission, without
waiting to hear back from them

I realise that the permission can be abused to impersonate others, but
it seems about as dangerous as approving and submitting any patch :)

I've also seen some Go team members removing flaky "Trybot-Result-1"
labels to kick the trybots again without a rebase, but I don't know what
kind of permission allows that. A rebase should be enough in any case.

Thoughts?

[Bryan C. Mills]

(I have no particular thoughts, but I'll note that this week us U.S. Thanksgiving — folks might not have time to respond in depth until next Monday.)

--
You received this message because you are subscribed to the Google Groups "golang-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-dev+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Andrew Bonventre]

I'm wary of giving people the ability to impersonate others even if they can approve and submit code to the repository themselves.

Given the sheer number of permissions and knobs in Gerrit it seems that we may be able to accomplish what is needed without allowing forge-author, but I'm not sure.

This is better tracked as a proposal in the issue tracker.

On Tue, Nov 20, 2018 at 6:26 AM Daniel Martí <mv...@mvdan.cc> wrote:

[Daniel Martí]

I agree - if we could give approvers these limited powers, that would be
better than the broader "forge author" one. Filed the proposal:

https://github.com/golang/go/issues/29285