1 |
On Fri, Jul 22, 2022 at 06:32:42PM +0000, Robin H. Johnson wrote: |
2 |
> On Fri, Jul 22, 2022 at 02:56:33PM +0300, Joonas Niilola wrote: |
3 |
> > Cross-posting to gentoo-dev and -project lists due to technical and |
4 |
> > non-technical nature. Reply-to is set to -project. |
5 |
> ... |
6 |
> > 1st RFC: "Trusted contributor model" |
7 |
> > |
8 |
> > I'm proposing us to giving special commit access to our well-reputable |
9 |
> > contributors (mostly proxied maintainers). They'd have access _only_ to |
10 |
> > their maintained package in git-tree. To understand what I mean, check |
11 |
> > git shortlog -s -n net-im/telegram-desktop-bin/ |
12 |
> > git shortlog -s -n net-im/signal-desktop-bin/ |
13 |
> Conceptually, yes, I think this is a good improvement. I'd like upstream |
14 |
> to be included as well in this set, for upstreams that know their own |
15 |
> package much better than us. |
16 |
> |
17 |
> > On the technical side I'm not sure how to achieve this, but I know it |
18 |
> > can be done. For example the sync-repos are compiled like this all the |
19 |
> > time. If this proposal gains support, I'm willing to start figuring it |
20 |
> > out more in-depth. |
21 |
> Technically, I've got some implementation problems. |
22 |
> |
23 |
> We *can* write a simple gitolite ACL that limits scope to a directory or |
24 |
> file, e.g. CAT/PN/ |
25 |
> |
26 |
> BUT, we can't write a simple gitolite ACL that limits the content within |
27 |
> profiles/package.mask or other files in profiles/ (we can write hooks |
28 |
> that might be able to do this, but that still requires the challenge of |
29 |
> validation inside the file). |
30 |
|
31 |
I'm not sure this kind of ACL would be necessary. These kinds of |
32 |
changes are rare, and even if trusted contributors can't make them, |
33 |
the load would still be significantly decreased for the developers |
34 |
that proxy commits. |
35 |
|
36 |
> I'd EXPECT a contributor to WANT to package.mask a cutting edge version |
37 |
> so it has time to bake and get well-tested, but if they can't do both |
38 |
> parts of the commit themselves, this process is likely problematic. |
39 |
> |
40 |
> > 2nd RFC: Recruiting proven contributors without a mentor |
41 |
> > |
42 |
> > I'm aware recruiters don't really need to ask a permission here, but I |
43 |
> > believe it's great to gauge the general feelings about this beforehand. |
44 |
> > What would you say if recruiters started more actively approaching |
45 |
> > potential developers? |
46 |
> ... |
47 |
> > But seeing the general lack of interest towards mentoring, maybe this is |
48 |
> > something we _need_ to do in near future. |
49 |
> Yes, let's make it possible to join by the quiz, and the recruiting |
50 |
> only, mentors can be optional. |
51 |
> |
52 |
> But in parallel: |
53 |
> |
54 |
> It's been ~7 years since I last mentored somebody, mostly for reasons of |
55 |
> time with having young kids. |
56 |
> |
57 |
> How do we make the mentorship process more lightweight? |
58 |
> (and possibly the quiz process, I haven't seen how the quiz has changed |
59 |
> since I last mentored) |
60 |
> |
61 |
> Let's start with a potential intersection of your two ideas: |
62 |
> (these numbers are arbitrary, but try to reflect what I see some of the |
63 |
> trusted contributors doing) |
64 |
> - 9 good submissions (patches or PRs) over a 3 month period [must be at least 3/month] |
65 |
> - will get you an invite from recruiters to join |
66 |
> - either without a mentor, or a lightweight mentor |
67 |
> |
68 |
> -- |
69 |
> Robin Hugh Johnson |
70 |
> Gentoo Linux: Dev, Infra Lead, Foundation Treasurer |
71 |
> E-Mail : robbat2@g.o |
72 |
> GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 |
73 |
> GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 |