| 1 |
Hi, |
| 2 |
|
| 3 |
I was the one that (re)trigger this discussion, I thank bircoph for |
| 4 |
opening this up. |
| 5 |
|
| 6 |
First, let me apologize that I did not test the capi USE for long |
| 7 |
time, as this option is not used for long time by users, I am also |
| 8 |
apologize of treating bug from anyone (may it be user, developer or |
| 9 |
even qa) at the same SLA. It took one hour from report to fix |
| 10 |
including evaluation of the issue and submitting the fix to upstream. |
| 11 |
The package is non-stable for four months and stable in amd64 for a |
| 12 |
while without users reporting that because as expected feature is |
| 13 |
seldom used. Please avoid flaming me for this and address the |
| 14 |
principal subject at hand as it is important. |
| 15 |
|
| 16 |
I would like to suggest a modify our policy with the following |
| 17 |
exception clause: Package maintainer may decide to keep upstream |
| 18 |
-Werror as long as he is willing to resolve all issues resulting from |
| 19 |
-Werror as if it was a blocker bug. |
| 20 |
|
| 21 |
The package maintainer decision may be based on the package state and |
| 22 |
the relationship with upstream, but basically, it is his decision as |
| 23 |
long as issues are fixed in timely manner, it is his overhead after |
| 24 |
all. |
| 25 |
|
| 26 |
I am maintaining selected packages in which upstream is fully aware of |
| 27 |
-Werror implications, accepting any patches to resolve issues found by |
| 28 |
anyone. My judgment as Gentoo developer for these selected packages is |
| 29 |
to absorb additional overhead in maintaining these packages while |
| 30 |
helping upstream and users to enjoy higher quality. I've never assumed |
| 31 |
that an effort individual project is willing to invest is something |
| 32 |
that overrule by any other project as long as users receives a great |
| 33 |
service (bugzilla stats are available). |
| 34 |
|
| 35 |
I believe that a maintainer in Gentoo is a special role, we not only |
| 36 |
helping users, but we also help upstream to improve their packages. We |
| 37 |
are unique as permutations and architectures that are used by Gentoo |
| 38 |
users are so diverse that we find issues that nobody else finds. In |
| 39 |
addition to these, we also use latest and greatest toolchains, tools |
| 40 |
and utilities, this triggers issues at Gentoo even before other |
| 41 |
distributions. |
| 42 |
Gentoo non-stable users are a great asset as they are willingly |
| 43 |
helping to find these issues, with the understanding that their system |
| 44 |
may break. A good relationship between Gentoo downstream maintainer |
| 45 |
and upstream actually helps to find fixes long before other |
| 46 |
distributions are affected. Even when I was in Red Hat, my policy was |
| 47 |
Gentoo first, as a package that is built in Gentoo without tweaks will |
| 48 |
be built successfully in all distributions (except of Java maven |
| 49 |
packages in which we are far behind). |
| 50 |
|
| 51 |
Over the years, many Gentoo developers, I included, have built |
| 52 |
relationship with most active upstreams in my slot to push Gentoo |
| 53 |
interests into upstream, I invite you to portage tree to see in how |
| 54 |
many packages we drag patches from one version to another or to |
| 55 |
evaluate ebuild tweaks. This mutual respect also suggests that if |
| 56 |
upstream has a -Werror policy, in which every issue as minor as it can |
| 57 |
be must be taken care of before package is considered to be usable, I |
| 58 |
as downstream maintainer should help and apply the policy to help |
| 59 |
upstream to improve its policy. |
| 60 |
|
| 61 |
More and more upstream developers are aware of static code analysis |
| 62 |
benefits, they use every source of information possible, opening |
| 63 |
coverity to opensource made a great difference, the -Werror is yet |
| 64 |
another tool to find unexpected issues. The collective mindset was |
| 65 |
progressed greatly since 2009 where flameeyes opened bug#260867. At |
| 66 |
least once per 10 years one should re-evaluate his policies, the |
| 67 |
industry is changing. |
| 68 |
|
| 69 |
When upstream policy is to have zero warnings policy, suppressed by |
| 70 |
explicit suppression (code or compile argument), and when upstream is |
| 71 |
friendly and actively following the policy of investigating each |
| 72 |
incident and fix it properly, we can help for selected packages. |
| 73 |
|
| 74 |
ARGUMENT: If a package compiled in the past using toolchain X then it |
| 75 |
must continue to do so with any future toolchain. |
| 76 |
|
| 77 |
I do not understand when "build" is the test for runtime, for 30 years |
| 78 |
I tell my developers and students that "It compiles" and "It works" |
| 79 |
are two different statements. One should only be thankful for any tool |
| 80 |
to detect issues hidden within code, stop and re-evaluate when new |
| 81 |
issues are found. |
| 82 |
|
| 83 |
Let's take two recent examples from my queue: |
| 84 |
|
| 85 |
bug#665464 in which there was unused return code variable, this made |
| 86 |
me look into source code of upstream from master back in time until |
| 87 |
code was introduced to find out when return code was used and why it |
| 88 |
was removed, reaching to a conclusion that indeed return code should |
| 89 |
be ignored and submitting a patch to upstream to validate that, |
| 90 |
upstream confirmed and merged. Imagine what would happen if I would |
| 91 |
have found that it is a real issue and should be addressed? Both users |
| 92 |
and upstream would have benefit from finding and fixing the issue. |
| 93 |
|
| 94 |
bug#664198 in which -Werror found mismatched memcpy, this was an |
| 95 |
actual bug that must be fixed. |
| 96 |
|
| 97 |
Based on the above we have in recent month one false positive and one |
| 98 |
positive issues. These issues in most cases found by our non stable |
| 99 |
user community, either these who are using individual packages as non |
| 100 |
stable or these that are using a non-stable toolchain. Many of these |
| 101 |
issues are triggering automation such as the one that Toralf Förster |
| 102 |
is running that helps to improve Gentoo directly and the entire open |
| 103 |
source eco-system indirectly. Stable users are seldom affected from |
| 104 |
-Werror issues as our non stable process usually enables to resolve |
| 105 |
these issues before stabilization. |
| 106 |
|
| 107 |
ARGUMENT: Old packages in tree will not be built with newer toolchain |
| 108 |
if -Werror is enabled. |
| 109 |
|
| 110 |
The role of package maintainer is to make sure that everything in tree |
| 111 |
is working regardless of -Werror, he has the choice either to remove |
| 112 |
old incompatible packages or patch them to remove -Werror. |
| 113 |
|
| 114 |
There are different reasons why a package will not be built, for |
| 115 |
example when nothrow destructors were introduced, we must had fixed |
| 116 |
many packages to meet this new policy to avoid undesired program |
| 117 |
termination. |
| 118 |
|
| 119 |
The policy I take is to leave only recent stable package for each |
| 120 |
slot, as there usually sufficient time when stabilization is starting |
| 121 |
and ending. |
| 122 |
|
| 123 |
ARGUMENT: -Werror cause even more issues when cross compiling a package |
| 124 |
|
| 125 |
When -Werror is carefully maintained by both upstream and downstream, |
| 126 |
and when cross compile is supported by both upstream and downstream, |
| 127 |
there is no reason why -Werror have any side effect compared to |
| 128 |
native. Every issue resulted out of -Werror must be evaluated and |
| 129 |
resolved per the upstream policy of supporting -Werror. |
| 130 |
|
| 131 |
Package maintainer has always the option to remove -Werror if package |
| 132 |
is causing maintenance overhead which cannot be resolved in decent |
| 133 |
resources. |
| 134 |
|
| 135 |
ARGUMENT: User do not care about helping upstream to improve their packages |
| 136 |
|
| 137 |
I believe Gentoo users do care about upstream, Gentoo unstable users |
| 138 |
are unstable exactly for this purpose. For sure, Gentoo users |
| 139 |
understand that the more Gentoo patches software the less support they |
| 140 |
can receive directly from upstream. |
| 141 |
|
| 142 |
It is sufficient to perform autoreconf to replace upstream tools to |
| 143 |
void the warranty of upstream. |
| 144 |
|
| 145 |
Users who is using Gentoo are advanced users compared to other |
| 146 |
distributions and are fully aware of the upstream quality, in many |
| 147 |
cases they help us to convince upstream to be receptive. |
| 148 |
|
| 149 |
ARGUMENT: Maintainer must join toolchain team and test everything with |
| 150 |
every release candidate of the compiler |
| 151 |
|
| 152 |
The Gentoo unstable process is exactly designed for this phase, |
| 153 |
without joining other project a developer can test his packages with |
| 154 |
the recent version of dependent packages. |
| 155 |
|
| 156 |
ARGUMENT: Any maintainer can add this to his CFLAGS him/herself if |
| 157 |
s/he wishes so. |
| 158 |
|
| 159 |
Unlike binary semi-commercial distributions, Gentoo do not provide an |
| 160 |
automation infrastructure for developers to use. A Gentoo developer is |
| 161 |
using his own system and resources to test packages at best effort, |
| 162 |
delegating the rest of the permutations for unstable users, arch teams |
| 163 |
and then to stable users. |
| 164 |
|
| 165 |
Don't get me wrong, I would love to have an environment provided by |
| 166 |
infra to allow me to run an ebuild candidate for all architectures and |
| 167 |
all USE flag combinations in a single batch and to trigger rebuild |
| 168 |
when every non-stable dependency is introduced or when @system is |
| 169 |
modified. |
| 170 |
|
| 171 |
I am thankful for Toralf Förster efforts to help us be closer to automation. |
| 172 |
|
| 173 |
However, enabling the flag only at the architecture in which the |
| 174 |
developer has access to has a very little value, the -Werror is a life |
| 175 |
saver when it is causing build failure on environment the developer do |
| 176 |
not have access to. |
| 177 |
|
| 178 |
ARGUMENT: Add -Werror when a specific USE flag is set |
| 179 |
|
| 180 |
This USE flag will probably not be enabled for most of users, and |
| 181 |
enabled only after a damage happened. |
| 182 |
|
| 183 |
One can expect automation to enable this flag, however, if we already |
| 184 |
have automation then automation will assist of resolving the -Werror |
| 185 |
issues so that issues will not be manifested later in pipeline. |
| 186 |
|
| 187 |
We can conditionally patch the package in non-stable and stable, |
| 188 |
however, any patch is evil and fork us from upstream as I described |
| 189 |
above. |
| 190 |
|
| 191 |
ARGUMENT: You have no idea how much unneccessary pain -Werror caused |
| 192 |
when gcc started warning on "misleading indentation". |
| 193 |
|
| 194 |
Whoever maintain -Werror packages as downstream or upstream has |
| 195 |
idea... Please avoid these statements. |
| 196 |
|
| 197 |
Even misleading indentation may be result of incorrect patch merge or |
| 198 |
visually undetected branch that is not being executed at the right |
| 199 |
flow, we are human after all. |
| 200 |
|
| 201 |
Based on the above, I would like us to allow maintainer to decide when |
| 202 |
and if he would like to maintain a package with -Werror based on by |
| 203 |
statement at the top. |
| 204 |
|
| 205 |
Regards, |
| 206 |
Alon |
Archives