1 |
On 2019-02-05 11:41 a.m., Andrew Savchenko wrote: |
2 |
> On Mon, 04 Feb 2019 18:38:51 +0100 Michał Górny wrote: |
3 |
>> Hello, |
4 |
>> |
5 |
>> After some initial discussion on the GURU user repository, I'd like to |
6 |
>> start bike... I mean, brainstorming v2 of the idea. This time it's more |
7 |
>> like Sunrise but with some automation in mind. |
8 |
>> |
9 |
>> Let's go with two layers like Sunrise -- one private working branch, |
10 |
>> and another public that's exposed to users. Commits are merged from |
11 |
>> private to public after some kind of review. I suppose to avoid |
12 |
>> depgraph misshots etc. we'd want to move commits incrementally, i.e. |
13 |
>> public is only doing fast-forward merges from dev. |
14 |
>> |
15 |
>> Now, reviews are normally done on commit ranges; by default, from |
16 |
>> current state of public to current state of dev. When such a range is |
17 |
>> reviewed, every commit belonging to it gains reputation. When a range |
18 |
>> of commits gets reputation of 3, it is merged to public. |
19 |
>> |
20 |
>> Reviews can be done by devs or privileges users. Review by dev gives 3 |
21 |
>> rep points, and by privileged user gives 1 rep point. Therefore, |
22 |
>> a commit is merged if it's either reviewed by dev or 3 privileged users. |
23 |
>> |
24 |
>> |
25 |
>> Users gain reviewing privilege also via reputation points. If a commit |
26 |
>> range including user's commit gets merged to master, user gets 1 rep |
27 |
>> point (independently of number of commits in the range). When user gets |
28 |
>> 5 rep points, he can start reviewing stuff. |
29 |
>> |
30 |
>> Finally, besides positive approval we have option of flagging. You can |
31 |
>> flag commits, e.g. for malicious code, vandalism, etc. If a commit is |
32 |
>> flagged, merging it is blocked until a dev resolves the flag. |
33 |
>> Furthermore, devs can issue bans to users responsible for the bad stuff. |
34 |
>> |
35 |
>> That's my idea, roughly. The main points are: |
36 |
>> |
37 |
>> - stuff is reviewed before publishing to users, |
38 |
>> |
39 |
>> - people are encouraged to review stuff, as previous unreviewed commits |
40 |
>> are going to block their own, |
41 |
>> |
42 |
>> - initially reviews are done by devs but as users gain reputation, they |
43 |
>> start being able to review ebuilds committed by others, |
44 |
>> |
45 |
>> - flagging gives extra protection against mistakes. |
46 |
>> |
47 |
>> Your updated thoughts? |
48 |
> |
49 |
> How is it different from the sunrise overlay? We had very similar |
50 |
> unreviewed/reviewed split model there. And you buried that project |
51 |
> yourself ~2.5 years ago because it was stinking already. |
52 |
> |
53 |
> Furthermore such project will distort already thin resources from |
54 |
> proxy maint and GH PR reviewers. |
55 |
> |
56 |
> So I see no practical point in resurrecting sunrise under another |
57 |
> name and a slightly different policy. So please NO. |
58 |
> |
59 |
> Best regards, |
60 |
> Andrew Savchenko |
61 |
> |
62 |
|
63 |
The primary difference I see between this new proposal and Sunrise is |
64 |
that it isn't going to hinge on what ended up being a single gentoo |
65 |
developer handling all of the publishing reviews, and there won't be a |
66 |
review-before-initial-commit either. |
67 |
|
68 |
I'm not sure if it will pull away from proxy-maint or GH PR's either, |
69 |
but rather re-focus those two projects to allowing user-contributions |
70 |
to existing gentoo-repo packages while this new project will be for |
71 |
new packages. If anything I think it may reduce the effort necessary |
72 |
to keep up with those projects since new packages won't need to be |
73 |
maintained there.* |
74 |
|
75 |
Whether or not these differences are sufficient to empower us to make |
76 |
this repo, I don't know -- Sunrise was started back when overlays were |
77 |
few and not nearly as simple to create. The idea of having everyone |
78 |
commit to one place rather than each having their own could be better |
79 |
in theory, but if users prefer to just run their own like they do now |
80 |
then this project's going to be a bit of a waste... |
81 |
|
82 |
|
83 |
* we could very well have an issue, just like we did with Sunrise, |
84 |
where a dev moving the package to gentoo repo and 'taking over' from |
85 |
the users that previously 'owned' it in GURU ends up causing some |
86 |
conflict. I don't recall if policy was ever sorted on that since iirc |
87 |
we can have the same issue with proxy-maint too? |