Skip to content

Garbage-collect maintainers from anything but the rolling release #830

@fricklerhandwerk

Description

@fricklerhandwerk

Since #793 we're only adding/updating maintainers with evaluation data from the rolling release:

# Anything but the rolling release must be considered stale.
# Therefore we only add new rows if this is not a rolling release.
start = time.time()
NixMaintainer.objects.bulk_create(
bulk_maintainers.values(),
# This will ignore existing rows and won't return primary keys when `True`.
# That's okay because we'll fetch the relevant objects aftwards unconditionally.
ignore_conflicts=not self.rolling_release,
update_conflicts=self.rolling_release,
unique_fields=["github_id"],
update_fields=["github", "email", "matrix", "name"],
)
db_maintainers = NixMaintainer.objects.in_bulk(
bulk_maintainers.keys(),
field_name="github_id",
)

But but maintainers entirely removed in Nixpkgs will currently persist in our database, which may become a security consideration if we ever give maintainers elevated privileges (at the moment, at worst a past maintainer may get pinged by an old suggestion, but this is unlikely given CVEs aren't really looked at beyond some age). Right now, whether someone is a maintainer is decided by whether they have a database entry:

def ismaintainer(user: Any) -> bool:
return NixMaintainer.objects.filter(
github_id=user.socialaccount_set.get(provider="github").uid
).exists()

This must be garbage collected to ensure it corresponds to what's in the rolling release.

Metadata

Metadata

Assignees

No one assigned

    Labels

    datasomething about quality or quantity of ingested datatech debt

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions