[arch-devops] Add Frederik Schwan to the devops team

Sven-Hendrik Haase svenstaro at gmail.com
Wed Jul 15 06:24:03 UTC 2020

On 21.06.20 03:27, Sven-Hendrik Haase wrote:
> Hey all,
> I propose adding Frederik Schwan to the devops team. He's eager to help
> Arch, he's knowledgeable, and does devops professionally. He's got a
> good amount of experience with mail stacks and cloud stuff and he'd like
> to help us out.
> In fact, he's already helped quite a bit with testing and some
> accessless devops tasks but the number of tasks requiring access that we
> currently have far outweigh the accessless tasks and I think he'd like
> to become more involved.
> Thoughts?
> Cheers,
> Sven

Since no new opinions are coming in, I'll summarise: Everyone agrees
it's fine to let Frederik do some specific tasks without giving him full
access. Some people have reservations about giving full access which is
fair. Our problem is that our vault currently is all-or-nothing.

This leads me to a new conundrum: How do we share only a little bit of
access but still allow people to run the playbooks properly? Currently
we assume everyone has full access but we need to rethink that
assumption. This in turn would also make it less painful to get people
into DevOps roles in Arch as we wouldn't necessarily have to grant full
access to all secrets. I made an issue for this where we can discuss it
further [0]. But I digress.

The problem is: We only have so many tasks which can be done on a
limited access basis. Our biggest tasks right now are migrations which
often involve multiple services at once and therefore require
significant access.

I'll do this: I'll work with Frederik and see how much we can do without
full vault access. There are a few specific issues I have in mind and
I'll hand out specific credentials as required. When the time comes and
we're reaching a point where we've exhausted the issues that can be done
without full access, I'll send another mail.

Let's consider Frederik a limited-access member of the DevOps team for
the time being. :)


[0] https://gitlab.archlinux.org/archlinux/infrastructure/-/issues/64

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-devops/attachments/20200715/b1a7811e/attachment.sig>

More information about the arch-devops mailing list