[all][foundation][ecosystem] External projects under the foundation hat

Jeremy Stanley fungi at yuggoth.org
Fri Jun 24 18:19:14 UTC 2022 

On 2022-06-24 20:01:09 +0200 (+0200), Artem Goncharov wrote:
[...]
> - can we have official OpenStack projects outside opendev?
>   [yes/no]
> - can we have non-official OpenStack projects (lets call them
>   affiliated) not hosted on opendev under *some* OpenStack
>   governance? [yes/no]
> - can we have OpenStack manage *git* organisation (i.e. GitHub
>   organisation) as well as artifacts publishing for those outside
>   of opendev as some form of limited governance? This may or may
>   not include some more regulations regarding PTI, code-review,
>   etc. Purpose is to improve marketing side of the delivery and be
>   able to revive it once current maintainers depart [yes/no]

Those are up to the TC members to decide, so I'll leave that to
them.

> - can we provide Zuul gating for those official or affiliated
>   projects outside of opendev (with strict regulations what and
>   how)? [yes/no]

If that's a question for the OpenDev sysadmins, we've got a pretty
firm collective "no" on it at this point based on prior discussions.
We're happy for projects to set up advisory testing for dependencies
hosted on GitHub (think "third-party CI" type feedback on those
projects' pull requests) and do things like provide builds of
ARM/AArch64 wheels for pyca/cryptography in order to make
OpenStack's ARM-based jobs much faster, but configuring our Zuul
deployment to provide gating services for projects hosted outside
the Gerrit we operate isn't happening in my opinion.

> - can we _think_ on allowing people use alternative public auth
> providers (i.e. GitHub, ...) accounts with OpenStack to lower the
> entry barrier? [yes/no]
[...]

That's one of the goals for
https://docs.opendev.org/opendev/infra-specs/latest/specs/central-auth.html
so if you have time or know someone who has time to help make
further progress on it, please let us know. We have a Keycloak PoC
already up so we can demo authenticating Zuul admin API calls (at
https://keycloak.opendev.org/ currently), but the larger effort is
migration planning and integrating the existing Launchpad OpenID as
a source so we can let existing users continue to authenticate, at
least temporarily.
-- 
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20220624/6e576875/attachment.sig>

More information about the openstack-discuss mailing list