Groups have similar names in LP and gerrit but are no longer synced

We had an outstanding action item from a couple infra meetings ago to rename *-drivers to *-milestone, and create new *-ptl groups with tag push access. I was going to start looking into that today, though it's going to require a coordinated ACL config change and database update query across all projects, so will interrupt code review at least briefly and will likely need to be announced/scheduled.

As for the openstack-*-maint groups for diablo and essex, I have just created those in Gerrit per bug 1160269.

As an update, the .*-drivers groups in Gerrit have all been renamed now and documentation modified accordingly, so this should address some of the confusion. https://review.openstack.org/25423

And yesterday we merged https://review.openstack.org/25806 to adjust Gerrit ACLs for official OpenStack projects to limit client tagging responsibility to their corresponding .*-ptl groups.

I still need to update the project group management wiki article with details on the .*-ptl groups.

Do we still want to remove *-core and openstack-*-maint from LP? I may not have the necessary account permissions to do this.

Do we still want to remove openstack-admins and openstack-release from Gerrit? If so, I'll go ahead and take care of it.

> Do we still want to remove *-core and openstack-*-maint from LP? I may not have the necessary
> account permissions to do this.

At the very minimum they should be renamed *-securitycontacts in LP to avoid confusion.

> Do we still want to remove openstack-admins and openstack-release from Gerrit? If so, I'll go ahead and take care of it.

If they are not used withing gerrit for rights, yes they should be removed.

It looks like the openstack-diablo-maint team is owned by Dave Walker and so OpenStack Administrators will be unable to delete it.

The openstack-essex-maint and official *-core teams seem to be owned by OpenStack Administrators and thus should be deletable/renamable (just not by me).

The openstack-admins group in Gerrit is still used in the ACL for the openstack-planet project, so we need to decide if this should be switched to a more appropriate group of maintainers: https://review.openstack.org/#/admin/projects/openstack/openstack-planet,access

And the openstack-release group in Gerrit is still used in the global All-Projects ACL: https://review.openstack.org/#/admin/projects/All-Projects,access Did we want that switched to use the Release Team group there instead (in which case I should duplicate the current openstack-release members into it too)?

Let's create a planet-core group and ACL for planet.

Your plan for the release team sounds good.

I have shored up the Release Managers group membership to contain all accounts represented in the old openstack-release group, added the former to the All-Projects ACL, removed and cleared the latter. I also have a corresponding documentation update up for review ( https://review.openstack.org/34462 ).

I've proposed a change to use the openstack-planet-core group in place of the old openstack-admins group ( https://review.openstack.org/34452 ) and will clear the old one similarly once that merges and manage-projects runs to update the ACL. The openstack-planet-core group already exists and has mostly the same members, but was not being used in any ACL.

I don't think we need this team https://launchpad.net/~openstack-planet-core/+members anymore, we can send it to the digital dustbin

Gerrit cleanup is complete. We still need a member of OpenStack Administrators to delete:

    https://launchpad.net/~openstack-planet-core
    https://launchpad.net/~openstack-essex-maint

And we need Dave Walker to delete:

    https://launchpad.net/~openstack-diablo-maint

I removed ~openstack-planet-core.

For openstack-{essex,diablo}-maint, they have a mailing-list associated, which causes removal pain. We may actually use that ML to post bitrot job fails, please doublecheck before we can proceed with ML removal. Then the groups themselves can be removed, as they contain only one member (Daviey).

CCed Daviey to get his opinion on this.

bug #1217097 is about confusion surrounding glance-core in launchpad not being the same thing as glance-core in gerrit

The only use for PROJECT-core those days is as group ACL to access security bugs. We should replace them with PROJECT-coresec which would be a subset of core members interested in helping in security bugs. That way we keep the benefit and remove the confusion.

Sounds good

Teams with active PPAs with packages published and may not be renamed... so I need to go through all -core teams and clean up their PPAs first. Sigh

Posted the plan to openstack-dev, will proceed in a couple of days if nobody objects.

All core groups migrated to coresec so there is no duplication about that.
Will open a separate bug for the last duplicated group: openstack-stable-maint

Actually openstack-stable-maint could just be removed, so we are done