One design issue is how to store the information associated with token=458974235879543789.
This could be a single file in json format, with key/value pairs that we decide. In order to support multiple simultaneous updates from different pmc members, we would need to read the file for exclusive use, update the information, and write it back. I expect that this can be done. The location of the file is the biggest issue. Users of the tool will sign in with their apache credentials. Where should be file be stored? What access controls are needed? What kind of attacks are possible if the file name is known? Another issue is permissions to access private information. We need to look up the email address of the candidate and find out whether the candidate already has an icla on file and whether they are already a committer. The user might just be a PPMC member with no credentials other than an apache id and "incubator" project. Can the tool use this user credentials to access LDAP to obtain the information? Or is the tool running in super-user mode and validates the user id? Craig > On Dec 12, 2017, at 5:51 AM, Craig Russell <[email protected]> wrote: > > I'd like to continue the discussion on the project/icla topic. > > I've been thinking about the entire process of committer invitations and the > project/icla just handles the last bit. I'd like to include the whole process > from discussion to vote to invite. > > Discussion: > > Whimsy allows a PMC/PPMC member to kick off a discussion of a potential > committer/pmc member. The form has a drop down for committee and entry fields > for email address and GivenName(s) FamilyName, and text. Clicking (submit) > sends email to [email protected] subject: [DISCUSS] Committer status for > GivenName FamilyName and includes the email address and text that the pmc > member entered and a link to > whimsy.apache.org/project/discuss?token=458974235879543789. > > Pmc members can add comments from a text box that will be stored and shown to > others who click the link. > > Voting: > > Once discussion has died down, the original pmc member can call for a vote by > filling a vote text box and clicking (vote). This will send email to the pmc > private list with a link to the discussion (lists.apache.org/xxx) and > whimsy.apache.org/project/vote?token=458974235879543789. > > The first pmc member who clicks the link will see the vote text box and a > form with: > > (0) +1 > (0) -1 > (0) +0 > (0) -0 > <text box for comments> > > Other pmc members who click the link will see all other votes and comments > and can vote as above. > > Clicking (submit) will send email to the pmc private list with all of the > comments and a link to the same page. > > Anyone on the pmc can close the vote by clicking (close vote). This will send > email with subject [RESULT][VOTE] and an email to board with [NOTICE] > GivenName FamilyName for <pmc> PMC. > > After 72 hours, the pmc member can visit the > whimsy.apache.org/project/vote?token=458974235879543789 link and click > (invite). This will then bring up the project/icla form if the candidate does > not already have an icla on file. If the candidate does already have an icla > but does not have an apache id, it will bring up the account request form. > Finally, if the candidate has an apache id, it will bring up the "add to > project" form. > > Craig L Russell > Secretary, Apache Software Foundation > [email protected] http://db.apache.org/jdo > Craig L Russell Secretary, Apache Software Foundation [email protected] http://db.apache.org/jdo
