package-import uses james_w credentials

We should also get the sysadmins (e.g. losas) access to that account - ideally they will set it up like they did bzr-pqm etc.

> * create a new LP user.
> * make that user part of ~ubuntu-branches so that it can set official branches.
> * allow that user to write to any official branch.

Is the third of these a consequence of the second, or does something else need to be done?

On Wed, 02 Feb 2011 02:26:37 -0000, Martin Pool <email address hidden> wrote:
> > * create a new LP user.
> > * make that user part of ~ubuntu-branches so that it can set official branches.
> > * allow that user to write to any official branch.
>
> Is the third of these a consequence of the second, or does something
> else need to be done?

It's almost a consequence given that the majority of official branches
are owned by that team.

However, we have been relying on the fact that I am a core-dev to allow
us to push to all branches.

Thanks,

James

On 3 February 2011 01:39, James Westby <email address hidden> wrote:
> On Wed, 02 Feb 2011 02:26:37 -0000, Martin Pool <email address hidden> wrote:
>> >  * create a new LP user.
>> >  * make that user part of ~ubuntu-branches so that it can set official branches.
>> >  * allow that user to write to any official branch.
>>
>> Is the third of these a consequence of the second, or does something
>> else need to be done?
>
> It's almost a consequence given that the majority of official branches
> are owned by that team.
>
> However, we have been relying on the fact that I am a core-dev to allow
> us to push to all branches.

So would making the bot account be part of ~core-dev be a good idea
too, and would that be sufficient?

I'd really prefer not. The bot should only be able to modify branches,
not trigger uploads to the archive. I thought we made ~ubuntu-branches
a celebrity so that it could do this kind of thing?

On Wed, 02 Feb 2011 23:37:15 -0000, Colin Watson <email address hidden> wrote:
> I'd really prefer not. The bot should only be able to modify branches,
> not trigger uploads to the archive. I thought we made ~ubuntu-branches
> a celebrity so that it could do this kind of thing?

I think that is what we should do as well.

I think the current state is that it just has special permission for
setting official branches, and not for pushing to them.

I guess it would be easy to extend it though.

Thanks,

James

Francis is now in the process of removing ~ubuntu-branches, so the options are now
 * add to ~core-dev which is said above to be undesirable
 * or, add it to the "uploaders" in <https://launchpad.net/ubuntu/> which is a member of ~techboard can do by running an api script (I don't know the name)

We are removing the Ubuntu branches celebrity. Setting the official package branch will be controlled through the normal upload permission.

So I think this argue either for adding a robot to Ubuntu Core Devs, or granting archive upload permission through the robot directly (through the archive permissions API).

Also, once build-from-branch-into-main is complete, there won't be any real differences between uploading to a branch and to the archive.

technical-board mail about this: https://lists.ubuntu.com/archives/technical-board/2011-June/000922.html

rt 46239 for creating a mail alias.

https://launchpad.net/~package-import now exists and has an ssh key. Next, according to the prior discussion, we need to add it to ~core-dev.

That robot account is now also in launchpad.net/~ubuntu-core-dev so now we just need to switch the actual machine.

I'm going to leave that for tomorrow when I have more uninterrupted time to deal with any possible fallout.

This is switched over, and I think it's all working. We need to check a bit for fallout in the next day or so.

I omitted to change the lp api token; will do that now.

The lp token is now switched. James, if you want (and if you can identify it) you can disable the old token from your account.

for the record, I switched it by moving away the old credential file, and running

udd.lpapi.get_lp()

So you didn't actually need to use create_creds.py in this case, then? In that case, let's delete that script.

Also, there are still various references to James in the settings of BZR_EMAIL in various udd scripts, so reopening bug.

That's addressed in lp:~/udd/524173-script which is currently present but uncommitted on Jubany.

That should be lp:~mbp/udd/524173-script

I _think_ this is now done; if not please reopen again.