[FFmpeg-devel] root access voting

Anton Khirnov anton at khirnov.net
Sat Nov 16 04:16:16 EET 2024 

Quoting Michael Niedermayer (2024-11-06 15:48:19)
> > You publicly resigned as this project's leader 9 years ago. Yet after
> > all this time you treat it as a matter of course that you and only you
> > can unilaterally decide who is trustworthy enough to be root, get git
> > push, or any other infrastructure access.
> 
> About root, I have always looked for professional admins within the team
> and given them access.
> When we didnt need anyone, i looked less
> When we very dearly needed more manpower the threshold was lower.
> 
> The most recent addition is Timo, his day job is to "tend to servers"
> Nikolay is the man from the ISP/Hoster/data center. You know the guy
> who can tigthen the screws if they come loose or replace hw
> Thresh and Arpi where tending to servers before FFmpeg even existed
> 
> do i unilaterally decide who i trust as root, maybe. I mean its a yes
> but i definitly listen to other peoples oppinions so in that respect
> its not unilaterally.
> If people where to tell me they dont trust someone, i would avoid
> giving that person access. OTOH if people where to tell me someone
> is a really important addition i would give her access if the arguments
> make sense. People need to talk with me more about who should and should
> not have access.

This is all missing the point.

The main issue is that you have this special privilege that is
unelected, does not expire, and with no accountability. That makes you a
single point of failure, and those are generally bad.

There is also a secondary issue, which is that you have used your
privilege to give admin power to people who are unknown to the (current)
development community and/or have not been active for many years.

> About git access
> We have a documented and public process since a very long time.
> people need to be in MAINTAINERS to get git write.

1) That is not true. E.g. I had git push access without being in
   MAINTAINERS.
2) Where is it documented and how is it public? I do not see any public
   log of people who gained git push access.
3) Why should that be the criterion and who decided it?

> > Furthermore you object to this being discussed, deny the issue even
> > exists, and in at least one case you wanted to ban someone for raising
> > it. Those are all tactics authoritarian governments use to suppress
> > opposition.
> >
> > > What we need is a open dialoge, a calm discussion about what the underlaying
> > > issues are (if there are any). And to work towards correcting them.
> >
> > How can we have a discussion that includes you when you refuse to
> > acknowledge there is something to discuss?
> 
> I fail to understand these last two paragraphs or what they refer to

This has been a recurring pattern over several years now:
* there is a dev meeting
* some people raise the point that our infrastructure situation is
  highly opaque
* you reply to it saying that everything is perfectly clear

Consider the possibility that it only looks clear to you because you are
the sole person with full access to everything.
Consider also that because thise keeps getting raised repeatedly, there
actually is an issue that needs to be addressed, and denying it will not
make it go away.

-- 
Anton Khirnov

More information about the ffmpeg-devel mailing list