Here is an introduction to the ATR's data model.
The view here is descriptive of a JSON model, but the implementation will be a combination of filesystem files and subdirs along with a database schema.
Projects are run by a PMC with members and committers, have metadata, vote policy settings, and product lines.
One or more product lines with separate releases including the main one. A product line may override PMC vote policy.
Public Signing Keys are stored using the User ID of the owner as the key.
These are a set of choices which control how a release vote is conducted by the ATR.
0 then wait until 3 +1 votes and more +1 than -1.Releases are related groups of packages. Candidate releases go through stages and these have phases. When approved to be released the stage is moved to current. Current releases have initial phases to distribute and announce the release.
Should we use Artifacts instead of Packages?
Distribution channels are where PMCs distribute release packages. These need to be defined in the ATR. Distribution channels may be for test packages. Package Managers will be automated over time.
Multiple roles are possible and available actions are composed. Empty cells denote “no”.
| Activity | PMC Member | Release Manager | Committer | Visitor | ASF Member | SysAdmin |
|---|---|---|---|---|---|---|
| binding vote | yes | |||||
| vote | yes | yes | yes | yes | yes | |
| release admin | yes | yes | yes | |||
| project admin | yes | yes | ||||
| product admin | yes | yes | ||||
| manage key | yes | yes | ||||
| run phase | yes | yes | yes | |||
| channel admin | yes | |||||
| view release events | yes | yes | yes | yes | yes | yes |
| view project events | yes | yes | yes | yes | yes | yes |
| search all events | yes | yes |
To vote visitors must provide PII and we need to explain how we are protecting their privacy.
The authorization and authentication for
GitHub PATswill be specific and fine-grained, but should be similar to a “release manager”