| 1 |
Comments inline ... |
| 2 |
|
| 3 |
On Sat, 2006-06-10 at 13:37 +0200, Markus Ullmann wrote: |
| 4 |
> Okay, so after figuring out open problems (thanks to kloeri and various |
| 5 |
> other people for help here), we now have a resolution that should |
| 6 |
> satisfy all involved parties here. This should adress dostrow's demands |
| 7 |
> as well. |
| 8 |
> |
| 9 |
> 1) m-w / m-n requirement |
| 10 |
> |
| 11 |
> Only ebuilds that are reported to bugzie (valid bug#) and set to |
| 12 |
> maintainer-wanted are allowed here as well as maintainer-needed ones. |
| 13 |
> |
| 14 |
> maintainer-needed are only allowed if they're removed from the tree and |
| 15 |
> moved over to sunrise (and thus end up as maintainer-wanted again). |
| 16 |
|
| 17 |
Fine. |
| 18 |
|
| 19 |
> 2) Not one large tree but subdirs, one per herd |
| 20 |
> |
| 21 |
> to help herds better keeping track of which parts are alive in the |
| 22 |
> overlay, each herd's ebuilds are grouped in a subdir, e.g. there will be |
| 23 |
> a netmon/ dir with net-analyzer/specialapp below it. |
| 24 |
|
| 25 |
Fine. |
| 26 |
|
| 27 |
> 3) a yes from herds required, keeping a timeout to avoid bugspam |
| 28 |
> |
| 29 |
> after a comment has been placed on a maintainer-wanted bug in bugzie, |
| 30 |
> there's a grace time of two weeks for herds to either leave a comment on |
| 31 |
> whether they're fine with take over or not. When this time is over and |
| 32 |
> it is assigned to maintainer-wanted, then and only then it is implied as |
| 33 |
> an OK to keep it also in the sunrise project. |
| 34 |
|
| 35 |
I'm 100% against implicit acceptance. If someone from the sunrise |
| 36 |
project wishes to add an ebuild to the overlay they should have to get |
| 37 |
an explicit OK from the team in question. The sunrise project could of |
| 38 |
course keep a list of teams that have given a blanket OK and of those |
| 39 |
that have totally opted out. For those teams in between an OK per |
| 40 |
package sought by the sunrise project's team members is needed. I'm |
| 41 |
sorry but the leg work to track this stuff and get acceptance has to be |
| 42 |
100% on your projects head. Your proposal adds a need for me to actually |
| 43 |
look at bugs for packages that I may have no interest in. I don't pay |
| 44 |
any attention to maintainer-wanted now I don't want to pay any attention |
| 45 |
to a subset of that ever. |
| 46 |
|
| 47 |
> 4) work needed by herds |
| 48 |
> |
| 49 |
> - take a look at the homepage of the new program |
| 50 |
> - take a look at the ebuild |
| 51 |
> |
| 52 |
> If you're at least partly happy with the new app, drop a note on the bug |
| 53 |
> or just ping sunrise that you're ok with it. Then sunrise takes it over |
| 54 |
> and improves the ebuild together with the contributor so that it reaches |
| 55 |
> a level where it could theoretically be committed to the tree. |
| 56 |
> Herds are more than welcome to help here if they feel like it but basic |
| 57 |
> checks whether the app should ever be on gentoo will be sufficient. |
| 58 |
|
| 59 |
So long as this is voluntary and the level of acceptance that I |
| 60 |
described above is met I'm OK with it. |
| 61 |
|
| 62 |
> 5) commit access to the overlay |
| 63 |
> |
| 64 |
> We implement two levels of commit rights: |
| 65 |
> |
| 66 |
> 1. As there are people out there who just want to maintain one app for |
| 67 |
> start, the ebuild should reach a level that project devs are fine with |
| 68 |
> it, then the user is given permission to commit on that single app. An |
| 69 |
> automated check makes sure that he doesn't commit anywhere else. If |
| 70 |
> violations arise, the access is revoked immediately. |
| 71 |
> |
| 72 |
> 2. People who contribute good ebuilds over a certain period of time are |
| 73 |
> allowed upon decision by project devs to actively help maintaining the |
| 74 |
> project. They'll be given commit rights for the project then. Same frome |
| 75 |
> above applies here: If we notice any abuse, we revoke access immediately. |
| 76 |
|
| 77 |
Again so long as the team that would have to maintain it in the tree |
| 78 |
says OK *explicitly* then sure. |
| 79 |
|
| 80 |
> 6) QA assurance |
| 81 |
> |
| 82 |
> Of course there are minor issues with the ebuilds, otherwise they could |
| 83 |
> be committed straight forward. Important thing is that it only finds the |
| 84 |
> way into overlaye if the trusted committers (project devs and users who |
| 85 |
> are given permission explicitely, see above) are fine with it. |
| 86 |
> Additional note on arch issues: initially, just ~x86 and ~amd64 may be |
| 87 |
> set. The rest would need successful test reports for other ~arch |
| 88 |
> keywords. Stable keywording isn't permitted at all, there will be some |
| 89 |
> automated check to make sure no one does it (by accident) here. |
| 90 |
> |
| 91 |
> Additional note: we won't start adding this to layman and making it |
| 92 |
> available easier until the QA checks have been implemented. |
| 93 |
|
| 94 |
Erm...no! See that is the thing about item #1 on my list...there is |
| 95 |
nothing preventing Joe User from checking out the overlay and adding say |
| 96 |
a ppc64 keyword or a mips keyword to ${random_ebuild} meaning that bugs |
| 97 |
*will* be generated for arch teams for packages that are not in the |
| 98 |
tree. |
| 99 |
|
| 100 |
Also note I'm not talking necessarily about the "Hey, I installed |
| 101 |
${package} and it broke." bugs because if ${package} isn't in the tree |
| 102 |
bug-wranglers can catch it and off you go...the arch teams aren't |
| 103 |
involved. What I am talking about is "Hey, my ppc64 started doing weird |
| 104 |
things yesterday, ${daemons} are no longer working." having that bug |
| 105 |
assigned to the arch team, and then spending a long time only to track |
| 106 |
down that the user installed some random library from sunrise seven days |
| 107 |
ago and there just happened to be upgrades to programs that took |
| 108 |
advantage of said library in unexpected ways. |
| 109 |
|
| 110 |
The *only* way you can avoid dumping that sort of stuff onto the arch |
| 111 |
teams is to have the expertise in house. Otherwise a VERY BAD habit will |
| 112 |
form. Dev A looks at a bug, sees the sunrise overlay listed in emerge |
| 113 |
--info and before looking even an iota further will assign it to the |
| 114 |
sunrise project because who knows the problem *may* have come from some |
| 115 |
unknown ebuild there and there is *no* way to know without a lot of |
| 116 |
potentially wasted time. This *will* lower the quality of the |
| 117 |
distribution as a whole. So...nope I don't accept the stipulation that |
| 118 |
it will only be ~amd64 and ~x86 for now because there is no way you can |
| 119 |
keep it that way once it hits the users machine. |
| 120 |
|
| 121 |
I also strenuously object to the addition of other keywords without |
| 122 |
someone on the sunrise project who can verify the reports validity. This |
| 123 |
means by the way, having access to the arch yourself *and* having enough |
| 124 |
understanding of the package and the arch to be able to keyword...for |
| 125 |
the main tree we call this being an arch team member. |
| 126 |
|
| 127 |
Above and beyond that until QA checks that meet or exceed the main |
| 128 |
tree's standards are in place...don't bother. |
| 129 |
|
| 130 |
> 7) tag on bugs |
| 131 |
> |
| 132 |
> All ebuilds that are made available on sunrise get an InOverlay KEYWORDS |
| 133 |
> entry on bugs.g.o so that everyone, who looks at the bug, knows about it. |
| 134 |
|
| 135 |
OK. |
| 136 |
|
| 137 |
> 8) Grace time also given from the go point on. |
| 138 |
> |
| 139 |
> When we see that this gets a bit fine-tuning / acceptance among devs, we |
| 140 |
> will explicitely call out a two weeks notice for ebuilds currently |
| 141 |
> assigned to maintainer-wanted so that herds can keep an eye on them and |
| 142 |
> either comment as given, reject take over permission completely, close |
| 143 |
> as WONTFIX in case they're against the app for the tree in futures or |
| 144 |
> just drop a note that they're fine with the take over and the |
| 145 |
> development can be started on the ebuild. |
| 146 |
> Remember the way they need to be reviewed as said in 4). The ebuild is |
| 147 |
> subject to development, the sunrise devs do help with it in case your |
| 148 |
> herd lacks time to completely take care of it. |
| 149 |
|
| 150 |
See my comments above...an explicit OK is needed, an explicit rejection |
| 151 |
with an implicit acceptance just plain won't do. |
| 152 |
|
| 153 |
> 9) Security |
| 154 |
> |
| 155 |
> In this early stage we have no security liaison on board yet. If one is |
| 156 |
> willing to help out here, we'd be more than glad on welcoming him :) |
| 157 |
|
| 158 |
And until you do...don't bother. |
| 159 |
|
| 160 |
Thanks for going over what I put out there but there is still a good |
| 161 |
ways to go. I hope you see from my statements above that part of what |
| 162 |
I'm getting at is it'll take *many many* devs to do this right. At the |
| 163 |
moment I know of you and genstef, and again not meaning this as a dig, |
| 164 |
but that is nowhere near enough. |
| 165 |
|
| 166 |
The bugs are languishing because there are not enough devs to maintain |
| 167 |
them and/or not enough interest in them. Making them more usable without |
| 168 |
a nearly identical support structure to the main tree will not make the |
| 169 |
social problem go away, it'll just introduce many new weird technical |
| 170 |
problems into an already overburdened equation. |
| 171 |
|
| 172 |
I understand the desire to use this as a facility to "train-up" new devs |
| 173 |
but I'm frankly flabbergasted that you seem to overlook the potentially |
| 174 |
huge burden this will place on the rest of the developer community until |
| 175 |
such time as each and every package in sunrise is in the main tree with |
| 176 |
a maintainer. In the long run things may get a little better, in the |
| 177 |
short run there is a very large potential for things to get *much* |
| 178 |
worse. |
| 179 |
|
| 180 |
--Dan |
Archives