New issue
Advanced search Search tips

Issue 628230 link

Starred by 2 users

Issue metadata

Status: Fixed
Owner:
Closed: Sep 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug



Sign in to add a comment

Gerrit: allow non-owners to contribute to CLs, but only for committers

Project Member Reported by tandrii@chromium.org, Jul 14 2016

Issue description

https://groups.google.com/a/chromium.org/forum/#!topic/chromium-dev/Bgwj-HTCGdQ

primiano@ Other people can contribute to my patchsets. this might be tricky from a security/auditing viewpoint but is something I'd like to a certain extent (use case: some colleagues leaves for holidays and they have pending CLs that I need which are almost perfect but need some small final touches)
 
TBH, my first reaction is why don't you just re-upload their CL as a new CL under your name as committer, but their name as author?
Cc: tandrii@chromium.org
> TBH, my first reaction is why don't you just re-upload their CL as a new CL under your name as committer, but their name as author?
that is what I do today, but involve extra process and more importantly loses all the review context, codereview comments and LGTMs.

Comment 4 by aga...@chromium.org, Jul 18 2016

Cc: aga...@chromium.org
Status: WontFix (was: Untriaged)
We actually have thought about this, and it is currently in the list of potential blockers. Namely, the fact that contributors *can* push to other people's branches is a blocker. This is a potential security surface that Chrome explicitly blocked in Rietveld ~3 years ago, and the Gerrit team is working on implementing ACLs (https://b.corp.google.com/u/0/issues/29252988) to prevent it in Gerrit.

We can revisit this decision at a later date, in consultation with security folks, but at launch pushing to other people's CLs will not be possible.

So for now I'm going to mark this "WontFix", as we're actually going out of our way to prevent it for now. After the switch-over, feel free to re-open or file a new bug to ask us to reconsider this policy.
Cc: rmis...@chromium.org
Status: Available (was: WontFix)
The above mentioned bug https://buganizer.corp.google.com/issues/29252988 is actually finished. We've already enabled committers to upload to other people's patches on infra repo:
https://chromium.googlesource.com/infra/+/8ffa217c6a2869473f142de7e3aab2ecb2f90ac2%5E%21/#F0

This bug is still open to do the same for chromium.

+rmistry@ you probably should know about this for Skia.
Labels: Pri-2 Type-Bug
Summary: Gerrit: allow non-owners to contribute to CLs, but only for committers (was: Gerrit: allow non-owners to contribute to CLs)
Components: Infra>Codereview>Gerrit

Comment 8 by aga...@chromium.org, Sep 21 2016

Owner: aga...@chromium.org
Status: Fixed (was: Available)
I've updated the "polygerrit best practices" doc (https://docs.google.com/document/d/1jk0XoAU0aPcueUSWpu1yW3iK4ZXn1JbzWkhXa1jl_DQ/edit, which links to https://paste.googleplex.com/5845787124695040?raw) so that, when Chromium comes over to PolyGerrit, committers (and no one else) will be able to upload patchsets to other people's reviews.

Sign in to add a comment