1 |
Hi, |
2 |
|
3 |
I was the one that (re)trigger this discussion, I thank bircoph for |
4 |
opening this up. |
5 |
|
6 |
First, let me apologize that I did not test the capi USE for long |
7 |
time, as this option is not used for long time by users, I am also |
8 |
apologize of treating bug from anyone (may it be user, developer or |
9 |
even qa) at the same SLA. It took one hour from report to fix |
10 |
including evaluation of the issue and submitting the fix to upstream. |
11 |
The package is non-stable for four months and stable in amd64 for a |
12 |
while without users reporting that because as expected feature is |
13 |
seldom used. Please avoid flaming me for this and address the |
14 |
principal subject at hand as it is important. |
15 |
|
16 |
I would like to suggest a modify our policy with the following |
17 |
exception clause: Package maintainer may decide to keep upstream |
18 |
-Werror as long as he is willing to resolve all issues resulting from |
19 |
-Werror as if it was a blocker bug. |
20 |
|
21 |
The package maintainer decision may be based on the package state and |
22 |
the relationship with upstream, but basically, it is his decision as |
23 |
long as issues are fixed in timely manner, it is his overhead after |
24 |
all. |
25 |
|
26 |
I am maintaining selected packages in which upstream is fully aware of |
27 |
-Werror implications, accepting any patches to resolve issues found by |
28 |
anyone. My judgment as Gentoo developer for these selected packages is |
29 |
to absorb additional overhead in maintaining these packages while |
30 |
helping upstream and users to enjoy higher quality. I've never assumed |
31 |
that an effort individual project is willing to invest is something |
32 |
that overrule by any other project as long as users receives a great |
33 |
service (bugzilla stats are available). |
34 |
|
35 |
I believe that a maintainer in Gentoo is a special role, we not only |
36 |
helping users, but we also help upstream to improve their packages. We |
37 |
are unique as permutations and architectures that are used by Gentoo |
38 |
users are so diverse that we find issues that nobody else finds. In |
39 |
addition to these, we also use latest and greatest toolchains, tools |
40 |
and utilities, this triggers issues at Gentoo even before other |
41 |
distributions. |
42 |
Gentoo non-stable users are a great asset as they are willingly |
43 |
helping to find these issues, with the understanding that their system |
44 |
may break. A good relationship between Gentoo downstream maintainer |
45 |
and upstream actually helps to find fixes long before other |
46 |
distributions are affected. Even when I was in Red Hat, my policy was |
47 |
Gentoo first, as a package that is built in Gentoo without tweaks will |
48 |
be built successfully in all distributions (except of Java maven |
49 |
packages in which we are far behind). |
50 |
|
51 |
Over the years, many Gentoo developers, I included, have built |
52 |
relationship with most active upstreams in my slot to push Gentoo |
53 |
interests into upstream, I invite you to portage tree to see in how |
54 |
many packages we drag patches from one version to another or to |
55 |
evaluate ebuild tweaks. This mutual respect also suggests that if |
56 |
upstream has a -Werror policy, in which every issue as minor as it can |
57 |
be must be taken care of before package is considered to be usable, I |
58 |
as downstream maintainer should help and apply the policy to help |
59 |
upstream to improve its policy. |
60 |
|
61 |
More and more upstream developers are aware of static code analysis |
62 |
benefits, they use every source of information possible, opening |
63 |
coverity to opensource made a great difference, the -Werror is yet |
64 |
another tool to find unexpected issues. The collective mindset was |
65 |
progressed greatly since 2009 where flameeyes opened bug#260867. At |
66 |
least once per 10 years one should re-evaluate his policies, the |
67 |
industry is changing. |
68 |
|
69 |
When upstream policy is to have zero warnings policy, suppressed by |
70 |
explicit suppression (code or compile argument), and when upstream is |
71 |
friendly and actively following the policy of investigating each |
72 |
incident and fix it properly, we can help for selected packages. |
73 |
|
74 |
ARGUMENT: If a package compiled in the past using toolchain X then it |
75 |
must continue to do so with any future toolchain. |
76 |
|
77 |
I do not understand when "build" is the test for runtime, for 30 years |
78 |
I tell my developers and students that "It compiles" and "It works" |
79 |
are two different statements. One should only be thankful for any tool |
80 |
to detect issues hidden within code, stop and re-evaluate when new |
81 |
issues are found. |
82 |
|
83 |
Let's take two recent examples from my queue: |
84 |
|
85 |
bug#665464 in which there was unused return code variable, this made |
86 |
me look into source code of upstream from master back in time until |
87 |
code was introduced to find out when return code was used and why it |
88 |
was removed, reaching to a conclusion that indeed return code should |
89 |
be ignored and submitting a patch to upstream to validate that, |
90 |
upstream confirmed and merged. Imagine what would happen if I would |
91 |
have found that it is a real issue and should be addressed? Both users |
92 |
and upstream would have benefit from finding and fixing the issue. |
93 |
|
94 |
bug#664198 in which -Werror found mismatched memcpy, this was an |
95 |
actual bug that must be fixed. |
96 |
|
97 |
Based on the above we have in recent month one false positive and one |
98 |
positive issues. These issues in most cases found by our non stable |
99 |
user community, either these who are using individual packages as non |
100 |
stable or these that are using a non-stable toolchain. Many of these |
101 |
issues are triggering automation such as the one that Toralf Förster |
102 |
is running that helps to improve Gentoo directly and the entire open |
103 |
source eco-system indirectly. Stable users are seldom affected from |
104 |
-Werror issues as our non stable process usually enables to resolve |
105 |
these issues before stabilization. |
106 |
|
107 |
ARGUMENT: Old packages in tree will not be built with newer toolchain |
108 |
if -Werror is enabled. |
109 |
|
110 |
The role of package maintainer is to make sure that everything in tree |
111 |
is working regardless of -Werror, he has the choice either to remove |
112 |
old incompatible packages or patch them to remove -Werror. |
113 |
|
114 |
There are different reasons why a package will not be built, for |
115 |
example when nothrow destructors were introduced, we must had fixed |
116 |
many packages to meet this new policy to avoid undesired program |
117 |
termination. |
118 |
|
119 |
The policy I take is to leave only recent stable package for each |
120 |
slot, as there usually sufficient time when stabilization is starting |
121 |
and ending. |
122 |
|
123 |
ARGUMENT: -Werror cause even more issues when cross compiling a package |
124 |
|
125 |
When -Werror is carefully maintained by both upstream and downstream, |
126 |
and when cross compile is supported by both upstream and downstream, |
127 |
there is no reason why -Werror have any side effect compared to |
128 |
native. Every issue resulted out of -Werror must be evaluated and |
129 |
resolved per the upstream policy of supporting -Werror. |
130 |
|
131 |
Package maintainer has always the option to remove -Werror if package |
132 |
is causing maintenance overhead which cannot be resolved in decent |
133 |
resources. |
134 |
|
135 |
ARGUMENT: User do not care about helping upstream to improve their packages |
136 |
|
137 |
I believe Gentoo users do care about upstream, Gentoo unstable users |
138 |
are unstable exactly for this purpose. For sure, Gentoo users |
139 |
understand that the more Gentoo patches software the less support they |
140 |
can receive directly from upstream. |
141 |
|
142 |
It is sufficient to perform autoreconf to replace upstream tools to |
143 |
void the warranty of upstream. |
144 |
|
145 |
Users who is using Gentoo are advanced users compared to other |
146 |
distributions and are fully aware of the upstream quality, in many |
147 |
cases they help us to convince upstream to be receptive. |
148 |
|
149 |
ARGUMENT: Maintainer must join toolchain team and test everything with |
150 |
every release candidate of the compiler |
151 |
|
152 |
The Gentoo unstable process is exactly designed for this phase, |
153 |
without joining other project a developer can test his packages with |
154 |
the recent version of dependent packages. |
155 |
|
156 |
ARGUMENT: Any maintainer can add this to his CFLAGS him/herself if |
157 |
s/he wishes so. |
158 |
|
159 |
Unlike binary semi-commercial distributions, Gentoo do not provide an |
160 |
automation infrastructure for developers to use. A Gentoo developer is |
161 |
using his own system and resources to test packages at best effort, |
162 |
delegating the rest of the permutations for unstable users, arch teams |
163 |
and then to stable users. |
164 |
|
165 |
Don't get me wrong, I would love to have an environment provided by |
166 |
infra to allow me to run an ebuild candidate for all architectures and |
167 |
all USE flag combinations in a single batch and to trigger rebuild |
168 |
when every non-stable dependency is introduced or when @system is |
169 |
modified. |
170 |
|
171 |
I am thankful for Toralf Förster efforts to help us be closer to automation. |
172 |
|
173 |
However, enabling the flag only at the architecture in which the |
174 |
developer has access to has a very little value, the -Werror is a life |
175 |
saver when it is causing build failure on environment the developer do |
176 |
not have access to. |
177 |
|
178 |
ARGUMENT: Add -Werror when a specific USE flag is set |
179 |
|
180 |
This USE flag will probably not be enabled for most of users, and |
181 |
enabled only after a damage happened. |
182 |
|
183 |
One can expect automation to enable this flag, however, if we already |
184 |
have automation then automation will assist of resolving the -Werror |
185 |
issues so that issues will not be manifested later in pipeline. |
186 |
|
187 |
We can conditionally patch the package in non-stable and stable, |
188 |
however, any patch is evil and fork us from upstream as I described |
189 |
above. |
190 |
|
191 |
ARGUMENT: You have no idea how much unneccessary pain -Werror caused |
192 |
when gcc started warning on "misleading indentation". |
193 |
|
194 |
Whoever maintain -Werror packages as downstream or upstream has |
195 |
idea... Please avoid these statements. |
196 |
|
197 |
Even misleading indentation may be result of incorrect patch merge or |
198 |
visually undetected branch that is not being executed at the right |
199 |
flow, we are human after all. |
200 |
|
201 |
Based on the above, I would like us to allow maintainer to decide when |
202 |
and if he would like to maintain a package with -Werror based on by |
203 |
statement at the top. |
204 |
|
205 |
Regards, |
206 |
Alon |