It's quite hard to get commit access atm because you have to be
trusted initially. If a maintainer can give commit access to one repo
he/she watches anyway there is less trust needed in the beginning. Or
if a new contributor wants to take over an abandoned project.
is that true? I mean you have to have someone with commit access vouch for you but that's a pretty low bar. I don't think it should be any lower than that, but I also wouldn't want to see it higher than that. GNOME has had open ACLs from the beginning and it's a good thing! There's no evidence of abuse, we shouldn't go locking everything down just because we can.
IMO, there should be three access tiers:
1) Can report issues and propose fixes
2) Can triage issues
3) Can fix issues
Anything more granular than that is a bad idea. It just introduces artificial barriers that people will run into. (What happens when a maintainer goes AWOL ?)
Let's keep things open like we always have!
--Ray
