Hi! I'm working on bug 1400952 and need to run a taskcluster task to build and update breakpad on Taskcluster, but the task we use (https://github.com/mozilla-services/socorro/blob/052d90bb2e94f581e61fae6c32c4aa523ad8d496/scripts/breakpad-taskcluster.sh#L22) requires the queue:route:index.project.socorro.breakpad.v1.builds.linux64.latest scope. Can we add this to my TC account? Thanks! (If vouching is needed, ted and/or willkg can vouch for me.)

I approve this message.

I have created a role for mkelly@mozilla.com that is granted that scope. Is this a short term thing that we can reverse later or should we consider adding the project-admin:socorro role to mkelly's role? https://tools.taskcluster.net/auth/roles/project-admin%3Asocorro

mkelly is working on Socorro these days, so giving him project-admin:socorro would be great.

and it has been done: https://tools.taskcluster.net/auth/roles/mozilla-user%3Amkelly%40mozilla.com please let me know if things work out.

Can we get an LDAP group set up for this, rather than granting individual scopes?

That definitely would be a lot nicer, especially for when that ldap group can be removed. Is the general suggestion that anytime we start wanting to grant project admin roles to someone we should consider IT creating an ldap group for that project or try to find a common ldap group that could be used?

Yes, I think so. Ideally the only scopes we grant to individual people are for their own, personal stuff (personal github repos, hg user repo, hooks, etc.)

That's fine with me. This role was basically just for me to use up until now, but I'm happy to have folks actually on the Socorro team using it. lonnen manages that team, he might be able to say if we already have an existing ldap group we can use.

I guess this got dropped..