| 1 |
On 2019-02-05 11:41 a.m., Andrew Savchenko wrote: |
| 2 |
> On Mon, 04 Feb 2019 18:38:51 +0100 Michał Górny wrote: |
| 3 |
>> Hello, |
| 4 |
>> |
| 5 |
>> After some initial discussion on the GURU user repository, I'd like to |
| 6 |
>> start bike... I mean, brainstorming v2 of the idea. This time it's more |
| 7 |
>> like Sunrise but with some automation in mind. |
| 8 |
>> |
| 9 |
>> Let's go with two layers like Sunrise -- one private working branch, |
| 10 |
>> and another public that's exposed to users. Commits are merged from |
| 11 |
>> private to public after some kind of review. I suppose to avoid |
| 12 |
>> depgraph misshots etc. we'd want to move commits incrementally, i.e. |
| 13 |
>> public is only doing fast-forward merges from dev. |
| 14 |
>> |
| 15 |
>> Now, reviews are normally done on commit ranges; by default, from |
| 16 |
>> current state of public to current state of dev. When such a range is |
| 17 |
>> reviewed, every commit belonging to it gains reputation. When a range |
| 18 |
>> of commits gets reputation of 3, it is merged to public. |
| 19 |
>> |
| 20 |
>> Reviews can be done by devs or privileges users. Review by dev gives 3 |
| 21 |
>> rep points, and by privileged user gives 1 rep point. Therefore, |
| 22 |
>> a commit is merged if it's either reviewed by dev or 3 privileged users. |
| 23 |
>> |
| 24 |
>> |
| 25 |
>> Users gain reviewing privilege also via reputation points. If a commit |
| 26 |
>> range including user's commit gets merged to master, user gets 1 rep |
| 27 |
>> point (independently of number of commits in the range). When user gets |
| 28 |
>> 5 rep points, he can start reviewing stuff. |
| 29 |
>> |
| 30 |
>> Finally, besides positive approval we have option of flagging. You can |
| 31 |
>> flag commits, e.g. for malicious code, vandalism, etc. If a commit is |
| 32 |
>> flagged, merging it is blocked until a dev resolves the flag. |
| 33 |
>> Furthermore, devs can issue bans to users responsible for the bad stuff. |
| 34 |
>> |
| 35 |
>> That's my idea, roughly. The main points are: |
| 36 |
>> |
| 37 |
>> - stuff is reviewed before publishing to users, |
| 38 |
>> |
| 39 |
>> - people are encouraged to review stuff, as previous unreviewed commits |
| 40 |
>> are going to block their own, |
| 41 |
>> |
| 42 |
>> - initially reviews are done by devs but as users gain reputation, they |
| 43 |
>> start being able to review ebuilds committed by others, |
| 44 |
>> |
| 45 |
>> - flagging gives extra protection against mistakes. |
| 46 |
>> |
| 47 |
>> Your updated thoughts? |
| 48 |
> |
| 49 |
> How is it different from the sunrise overlay? We had very similar |
| 50 |
> unreviewed/reviewed split model there. And you buried that project |
| 51 |
> yourself ~2.5 years ago because it was stinking already. |
| 52 |
> |
| 53 |
> Furthermore such project will distort already thin resources from |
| 54 |
> proxy maint and GH PR reviewers. |
| 55 |
> |
| 56 |
> So I see no practical point in resurrecting sunrise under another |
| 57 |
> name and a slightly different policy. So please NO. |
| 58 |
> |
| 59 |
> Best regards, |
| 60 |
> Andrew Savchenko |
| 61 |
> |
| 62 |
|
| 63 |
The primary difference I see between this new proposal and Sunrise is |
| 64 |
that it isn't going to hinge on what ended up being a single gentoo |
| 65 |
developer handling all of the publishing reviews, and there won't be a |
| 66 |
review-before-initial-commit either. |
| 67 |
|
| 68 |
I'm not sure if it will pull away from proxy-maint or GH PR's either, |
| 69 |
but rather re-focus those two projects to allowing user-contributions |
| 70 |
to existing gentoo-repo packages while this new project will be for |
| 71 |
new packages. If anything I think it may reduce the effort necessary |
| 72 |
to keep up with those projects since new packages won't need to be |
| 73 |
maintained there.* |
| 74 |
|
| 75 |
Whether or not these differences are sufficient to empower us to make |
| 76 |
this repo, I don't know -- Sunrise was started back when overlays were |
| 77 |
few and not nearly as simple to create. The idea of having everyone |
| 78 |
commit to one place rather than each having their own could be better |
| 79 |
in theory, but if users prefer to just run their own like they do now |
| 80 |
then this project's going to be a bit of a waste... |
| 81 |
|
| 82 |
|
| 83 |
* we could very well have an issue, just like we did with Sunrise, |
| 84 |
where a dev moving the package to gentoo repo and 'taking over' from |
| 85 |
the users that previously 'owned' it in GURU ends up causing some |
| 86 |
conflict. I don't recall if policy was ever sorted on that since iirc |
| 87 |
we can have the same issue with proxy-maint too? |
Archives