1 |
Comments inline ... |
2 |
|
3 |
On Sat, 2006-06-10 at 13:37 +0200, Markus Ullmann wrote: |
4 |
> Okay, so after figuring out open problems (thanks to kloeri and various |
5 |
> other people for help here), we now have a resolution that should |
6 |
> satisfy all involved parties here. This should adress dostrow's demands |
7 |
> as well. |
8 |
> |
9 |
> 1) m-w / m-n requirement |
10 |
> |
11 |
> Only ebuilds that are reported to bugzie (valid bug#) and set to |
12 |
> maintainer-wanted are allowed here as well as maintainer-needed ones. |
13 |
> |
14 |
> maintainer-needed are only allowed if they're removed from the tree and |
15 |
> moved over to sunrise (and thus end up as maintainer-wanted again). |
16 |
|
17 |
Fine. |
18 |
|
19 |
> 2) Not one large tree but subdirs, one per herd |
20 |
> |
21 |
> to help herds better keeping track of which parts are alive in the |
22 |
> overlay, each herd's ebuilds are grouped in a subdir, e.g. there will be |
23 |
> a netmon/ dir with net-analyzer/specialapp below it. |
24 |
|
25 |
Fine. |
26 |
|
27 |
> 3) a yes from herds required, keeping a timeout to avoid bugspam |
28 |
> |
29 |
> after a comment has been placed on a maintainer-wanted bug in bugzie, |
30 |
> there's a grace time of two weeks for herds to either leave a comment on |
31 |
> whether they're fine with take over or not. When this time is over and |
32 |
> it is assigned to maintainer-wanted, then and only then it is implied as |
33 |
> an OK to keep it also in the sunrise project. |
34 |
|
35 |
I'm 100% against implicit acceptance. If someone from the sunrise |
36 |
project wishes to add an ebuild to the overlay they should have to get |
37 |
an explicit OK from the team in question. The sunrise project could of |
38 |
course keep a list of teams that have given a blanket OK and of those |
39 |
that have totally opted out. For those teams in between an OK per |
40 |
package sought by the sunrise project's team members is needed. I'm |
41 |
sorry but the leg work to track this stuff and get acceptance has to be |
42 |
100% on your projects head. Your proposal adds a need for me to actually |
43 |
look at bugs for packages that I may have no interest in. I don't pay |
44 |
any attention to maintainer-wanted now I don't want to pay any attention |
45 |
to a subset of that ever. |
46 |
|
47 |
> 4) work needed by herds |
48 |
> |
49 |
> - take a look at the homepage of the new program |
50 |
> - take a look at the ebuild |
51 |
> |
52 |
> If you're at least partly happy with the new app, drop a note on the bug |
53 |
> or just ping sunrise that you're ok with it. Then sunrise takes it over |
54 |
> and improves the ebuild together with the contributor so that it reaches |
55 |
> a level where it could theoretically be committed to the tree. |
56 |
> Herds are more than welcome to help here if they feel like it but basic |
57 |
> checks whether the app should ever be on gentoo will be sufficient. |
58 |
|
59 |
So long as this is voluntary and the level of acceptance that I |
60 |
described above is met I'm OK with it. |
61 |
|
62 |
> 5) commit access to the overlay |
63 |
> |
64 |
> We implement two levels of commit rights: |
65 |
> |
66 |
> 1. As there are people out there who just want to maintain one app for |
67 |
> start, the ebuild should reach a level that project devs are fine with |
68 |
> it, then the user is given permission to commit on that single app. An |
69 |
> automated check makes sure that he doesn't commit anywhere else. If |
70 |
> violations arise, the access is revoked immediately. |
71 |
> |
72 |
> 2. People who contribute good ebuilds over a certain period of time are |
73 |
> allowed upon decision by project devs to actively help maintaining the |
74 |
> project. They'll be given commit rights for the project then. Same frome |
75 |
> above applies here: If we notice any abuse, we revoke access immediately. |
76 |
|
77 |
Again so long as the team that would have to maintain it in the tree |
78 |
says OK *explicitly* then sure. |
79 |
|
80 |
> 6) QA assurance |
81 |
> |
82 |
> Of course there are minor issues with the ebuilds, otherwise they could |
83 |
> be committed straight forward. Important thing is that it only finds the |
84 |
> way into overlaye if the trusted committers (project devs and users who |
85 |
> are given permission explicitely, see above) are fine with it. |
86 |
> Additional note on arch issues: initially, just ~x86 and ~amd64 may be |
87 |
> set. The rest would need successful test reports for other ~arch |
88 |
> keywords. Stable keywording isn't permitted at all, there will be some |
89 |
> automated check to make sure no one does it (by accident) here. |
90 |
> |
91 |
> Additional note: we won't start adding this to layman and making it |
92 |
> available easier until the QA checks have been implemented. |
93 |
|
94 |
Erm...no! See that is the thing about item #1 on my list...there is |
95 |
nothing preventing Joe User from checking out the overlay and adding say |
96 |
a ppc64 keyword or a mips keyword to ${random_ebuild} meaning that bugs |
97 |
*will* be generated for arch teams for packages that are not in the |
98 |
tree. |
99 |
|
100 |
Also note I'm not talking necessarily about the "Hey, I installed |
101 |
${package} and it broke." bugs because if ${package} isn't in the tree |
102 |
bug-wranglers can catch it and off you go...the arch teams aren't |
103 |
involved. What I am talking about is "Hey, my ppc64 started doing weird |
104 |
things yesterday, ${daemons} are no longer working." having that bug |
105 |
assigned to the arch team, and then spending a long time only to track |
106 |
down that the user installed some random library from sunrise seven days |
107 |
ago and there just happened to be upgrades to programs that took |
108 |
advantage of said library in unexpected ways. |
109 |
|
110 |
The *only* way you can avoid dumping that sort of stuff onto the arch |
111 |
teams is to have the expertise in house. Otherwise a VERY BAD habit will |
112 |
form. Dev A looks at a bug, sees the sunrise overlay listed in emerge |
113 |
--info and before looking even an iota further will assign it to the |
114 |
sunrise project because who knows the problem *may* have come from some |
115 |
unknown ebuild there and there is *no* way to know without a lot of |
116 |
potentially wasted time. This *will* lower the quality of the |
117 |
distribution as a whole. So...nope I don't accept the stipulation that |
118 |
it will only be ~amd64 and ~x86 for now because there is no way you can |
119 |
keep it that way once it hits the users machine. |
120 |
|
121 |
I also strenuously object to the addition of other keywords without |
122 |
someone on the sunrise project who can verify the reports validity. This |
123 |
means by the way, having access to the arch yourself *and* having enough |
124 |
understanding of the package and the arch to be able to keyword...for |
125 |
the main tree we call this being an arch team member. |
126 |
|
127 |
Above and beyond that until QA checks that meet or exceed the main |
128 |
tree's standards are in place...don't bother. |
129 |
|
130 |
> 7) tag on bugs |
131 |
> |
132 |
> All ebuilds that are made available on sunrise get an InOverlay KEYWORDS |
133 |
> entry on bugs.g.o so that everyone, who looks at the bug, knows about it. |
134 |
|
135 |
OK. |
136 |
|
137 |
> 8) Grace time also given from the go point on. |
138 |
> |
139 |
> When we see that this gets a bit fine-tuning / acceptance among devs, we |
140 |
> will explicitely call out a two weeks notice for ebuilds currently |
141 |
> assigned to maintainer-wanted so that herds can keep an eye on them and |
142 |
> either comment as given, reject take over permission completely, close |
143 |
> as WONTFIX in case they're against the app for the tree in futures or |
144 |
> just drop a note that they're fine with the take over and the |
145 |
> development can be started on the ebuild. |
146 |
> Remember the way they need to be reviewed as said in 4). The ebuild is |
147 |
> subject to development, the sunrise devs do help with it in case your |
148 |
> herd lacks time to completely take care of it. |
149 |
|
150 |
See my comments above...an explicit OK is needed, an explicit rejection |
151 |
with an implicit acceptance just plain won't do. |
152 |
|
153 |
> 9) Security |
154 |
> |
155 |
> In this early stage we have no security liaison on board yet. If one is |
156 |
> willing to help out here, we'd be more than glad on welcoming him :) |
157 |
|
158 |
And until you do...don't bother. |
159 |
|
160 |
Thanks for going over what I put out there but there is still a good |
161 |
ways to go. I hope you see from my statements above that part of what |
162 |
I'm getting at is it'll take *many many* devs to do this right. At the |
163 |
moment I know of you and genstef, and again not meaning this as a dig, |
164 |
but that is nowhere near enough. |
165 |
|
166 |
The bugs are languishing because there are not enough devs to maintain |
167 |
them and/or not enough interest in them. Making them more usable without |
168 |
a nearly identical support structure to the main tree will not make the |
169 |
social problem go away, it'll just introduce many new weird technical |
170 |
problems into an already overburdened equation. |
171 |
|
172 |
I understand the desire to use this as a facility to "train-up" new devs |
173 |
but I'm frankly flabbergasted that you seem to overlook the potentially |
174 |
huge burden this will place on the rest of the developer community until |
175 |
such time as each and every package in sunrise is in the main tree with |
176 |
a maintainer. In the long run things may get a little better, in the |
177 |
short run there is a very large potential for things to get *much* |
178 |
worse. |
179 |
|
180 |
--Dan |