openstack-stable-maint only approves stable/diablo reviews for nova and glance

Please do not implement this change until it has been discussed further, thanks.

I had a discussion with Mark just now, and i think that what he is proposing makes sense; and should make the stable trees easier to maintain all round..

I'd like to further discuss it at the Summit, but it does make sense for us to try it between now and then.

Thanks!

Ok, Dave and I have talked this over and agreed it makes sense to not block stable/essex changes for the likes of openstack-manuals and devstack

In detail, here's what I think needs doing:

  1) In:

         https://review.openstack.org/#admin,project,All-Projects,access

      remove config for refs/heads/stable/*

  2) To

         https://review.openstack.org/#admin,project,openstack/nova,access
         https://review.openstack.org/#admin,project,openstack/glance,access
         https://review.openstack.org/#admin,project,openstack/swift,access

         add:

         Reference: refs/heads/stable/diablo

           Label Code Review (exclusive)
             +2/-2 openstack-stable-maint
             +1/-1 Registered users

           Label Code Approved (exclusive)
             +1/-1 openstack-stable-maint

  3) To

         https://review.openstack.org/#admin,project,openstack/nova,access
         https://review.openstack.org/#admin,project,openstack/glance,access
         https://review.openstack.org/#admin,project,openstack/swift,access
         https://review.openstack.org/#admin,project,openstack/keystone,access
         https://review.openstack.org/#admin,project,openstack/horizon,access

         add:

         Reference: refs/heads/stable/essex

           Label Code Review (exclusive)
             +2/-2 openstack-stable-maint
             +1/-1 Registered users

           Label Code Approved (exclusive)
             +1/-1 openstack-stable-maint

That makes sense. After talking with Mark in IRC, and performing some experiments, I actually implemented this a little in reverse from what Mark suggested. I wrote the access rules as generally allowing stable-maint to review stable/ branches, with some exceptions. That way we continue to have the behavior that stable-maint can review new stable/branches as they are created without an admin having to go and write new rules.

So what I actually did was:

1) Leave All-Projects alone (stable-maint still has exclusive review access to stable/*).
2) In keystone and horizon:

         Reference: refs/heads/stable/diablo

           Label Code Review (exclusive)
             +2/-2 PROJECT-core
             +1/-1 Registered users

           Label Code Approved (exclusive)
             +1/-1 PROJECT-core

   (And similarly for quantum and melange with essex as needed.)
   Since the reference is more specific than the one in All-Projects, this takes precedence.

3) In devstack and openstack-manuals:

         Reference: refs/heads/stable/*

           Label Code Review (exclusive)
             +2/-2 PROJECT-core
             +1/-1 Registered users

           Label Code Approved (exclusive)
             +1/-1 PROJECT-core

  Even this reference is more specific, because it's not inherited, so it too takes precedence over All-Projects.

So that should codify the exceptions as exceptions, which we can remove over time, gradually making the ACL situation simpler rather than more complex. We may run into more exceptions; just let one of us know if it comes up.