Hans Meine wrote:
> > To be clear: when I enable ACLs for the www module, if you aren't on
> > the list then you won't be able to commit any changes!
> 
> Hmm, I always found it to be nice to be able to correct speling errros
> or bad links right away when I found them. Why do you think it is 
> neccessary to have more tight access rights to the www module than to
> kdelibs? Just wondering..
 
Good question and it's one that I forgot to address in my earlier
email.

We've treated the www module like any other module so far because it
seems at first glance that it behaves similarly.  After all, the HTML
is just code and we want *all* code in KDE to be available to
everybody.  If anybody makes a bad change (or worse, a destructive
change) to a KDE module, it can be reverted before any harm is done.

But that's not true in the case of the www module.  The website
updates every 30 minutes (or so.. I don't remember anymore).  So say
somebody wants to make a destructive change to the KDE website (this
is all the more possible now that everything is PHP).  They could do
so and have it distributed worldwide instantly with no peer review.
That's the difference between, say, kdelibs and www.  *All* changes to
kdelibs are "reviewed" before they are releases whereas it's very
possible to make changes to www that are released before they are
reviewed.

So we want to limit the scope of how we can get burned.  By putting an
ACL on www and restricting it only to certain people, we lower the
risk of getting screwed.

This *will* make (mostly) my job a bit harder since the little changes
will have to go through webmaster@kde.org.. but I think it's necessary
in the end.
-- 
Kurt Granroth            | http://www.granroth.org
KDE Developer/Evangelist | SuSE Labs Open Source Developer
granroth@kde.org         | granroth@suse.com
            KDE -- Conquer Your Desktop