From: Dmitry Gutov <dgutov@yandex.ru>
To: rms@gnu.org
Cc: eliz@gnu.org, cpitclaudel@gmail.com, emacs-devel@gnu.org
Subject: Re: pull requests
Date: Mon, 30 Mar 2020 20:49:20 +0300 [thread overview]
Message-ID: <2ddb14d9-2a1f-ccfb-b5ea-ae9fc41c3bd1@yandex.ru> (raw)
In-Reply-To: <E1jIlFq-00023I-VV@fencepost.gnu.org>
On 30.03.2020 06:38, Richard Stallman wrote:
> This is the scenario I pointed at:
>
> Suppose A sends B a URL pointing to a branch with non-installed
> patches. If A doesn't warn B, or if A is too terse and does not make the
> point clear, B will not know it is non-installed. B will only see
> that it is in the standard GNU Emacs repo.
It's hard to optimize for people willing to misunderstand things. At
some point we have to just draw the line.
> > 99% of the users who would be looking at them, would be doing so through
> > the web interface of the force software.
>
> In that scenario, large numbers of users might not go through that interface.
> They might not even know there is a web interface.
>
> > When you were talking about hiding PRs from non-developers, you meant
> > hiding in the web interface, right?
>
> I mean blocking access to them _in the repo_, for all interfaces. If
> you're not logged in as a member of the project, you would not be
> allowed to check out that branch by running git.
I mean... if it's not too hard to implement, that would be okay with me,
as long as the web UI shows the PRs even to unauthenticated users.
The latter is not a hard necessity, of course, but I believe that more
transparency in Emacs's development process, the ongoing discussions,
etc, via the "forge" interface would benefit it a lot. Users will
comment more, follow the development of new features more, and will thus
be encouraged to submit more patches themselves.
> Because it would be hard to hide
> > them in the mailing lists,
>
> The mailing list is a different kind issue. If you abstract away
> the practical differences, you might think it is the same; but those
> practicalities change everything, in this case.
>
> I am not talking about adding security where we have done ok without
> it. My aim is to limit the possible new danger from the change that
> you are asking for.
To be clear, we already have branches in the repo which 200+ people can
push to. If we're not worried about them, are we worried only about
branches created by "unauthenticated" users?
Being able to facilitate that is a challenge in itself (+).
> Keeping uninstalled code in the same repo as the installed code makes
> it too easy to overlook the difference between them.
One way to solve that would be to use a forge software that makes it
easy to have multiple repositories (one per user, even), with fast
"forking" action. Gitlab is not there, alas.
> > But if we manage to support merge requests from contributors without
> > commit access, and do it without external repositories, we could just as
> > well mandate that all such branches have names prefixed with
> > "merge-request/", and that will avoid any confusion.
>
> I am not convinced it would work "just as well." But that idea is
> worth thinking about. we need to think _not only_ about how we would
> intend this facility to be used, but also how to make sure it is not
> misused.
>
> How, in practice, would we ensure that all installation proposals
> have a name starting with 'merge-request/'?
If we manage to solve the problem (+) above, we can include that as a
part of the solution. Maybe the unauthenticated users would send
patchsets over email, and whatever code will be set up to handle that,
could enforce whatever branch naming scheme that we choose.
> How would we find out if many users begin accessing a branch whose
> name begins with 'merge-request/'?
Savannah admins might help with that. Some HTTPS proxy, maybe.
> How would we find out if one is created with a name that doesn't
> start with that prefix?
Is that question different from the previous-previous one?
> Could we arrange that those branches start out accessible only to
> maintainers, then become generally accessible when a maintainer says
> "Make this accessible"?
You seem to be trying to combine the two requirements together now, to
make an even more difficult requirement.
But to answer that question: the forge software, or the Git server
software, or a combination of them, have to support that.
next prev parent reply other threads:[~2020-03-30 17:49 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-22 22:35 ELPA: where is chess developed? Jack Hill
2020-03-23 4:26 ` John Wiegley
2020-03-23 13:50 ` dick.r.chiang
2020-03-23 14:27 ` Mario Lang
2020-03-23 15:12 ` dick.r.chiang
2020-03-24 8:10 ` Philippe Vaucher
2020-03-24 11:38 ` dick.r.chiang
2020-03-24 11:54 ` Philippe Vaucher
2020-03-24 14:12 ` Stefan Monnier
2020-03-24 14:41 ` Stefan Monnier
2020-03-27 2:59 ` pull requests Richard Stallman
2020-03-27 3:49 ` Stefan Monnier
2020-03-28 2:45 ` Richard Stallman
2020-03-28 3:03 ` Stefan Monnier
2020-03-27 7:54 ` Eli Zaretskii
2020-03-27 13:00 ` Clément Pit-Claudel
2020-03-27 13:30 ` Eli Zaretskii
2020-03-27 14:37 ` Clément Pit-Claudel
2020-03-27 15:21 ` Eli Zaretskii
2020-03-27 15:41 ` Dmitry Gutov
2020-03-27 19:16 ` Eli Zaretskii
2020-03-27 19:24 ` Dmitry Gutov
2020-03-27 19:34 ` 조성빈
2020-03-27 19:28 ` Eli Zaretskii
2020-03-27 20:39 ` Dmitry Gutov
2020-03-28 2:46 ` Richard Stallman
2020-03-28 17:14 ` Dmitry Gutov
2020-03-30 3:38 ` Richard Stallman
2020-03-30 4:09 ` Stefan Monnier
2020-03-30 5:58 ` Eli Zaretskii
2020-03-30 12:03 ` Dmitry Gutov
2020-03-30 12:55 ` Yuri Khan
2020-03-30 13:12 ` Eli Zaretskii
2020-03-30 13:50 ` Dmitry Gutov
2020-03-30 14:12 ` Eli Zaretskii
2020-03-30 14:34 ` Dmitry Gutov
2020-03-30 15:36 ` Eli Zaretskii
2020-03-30 15:50 ` Dmitry Gutov
2020-03-30 16:09 ` Eli Zaretskii
2020-03-30 17:06 ` Dmitry Gutov
2020-03-30 17:13 ` Eli Zaretskii
2020-04-02 2:39 ` Richard Stallman
2020-04-17 3:54 ` Dmitry Gutov
2020-03-30 13:43 ` Stefan Monnier
2020-03-30 16:59 ` Dmitry Gutov
2020-03-30 17:20 ` Stefan Monnier
2020-03-30 17:28 ` Dmitry Gutov
2020-03-30 8:25 ` 조성빈
2020-03-30 11:51 ` Dmitry Gutov
2020-03-30 13:04 ` Eli Zaretskii
2020-03-30 17:49 ` Dmitry Gutov [this message]
2020-03-27 16:39 ` Clément Pit-Claudel
2020-03-27 19:21 ` Eli Zaretskii
2020-03-27 14:05 ` Stefan Monnier
2020-03-28 2:46 ` Richard Stallman
2020-03-23 15:58 ` ELPA: where is chess developed? Stefan Monnier
2020-03-23 14:25 ` Mario Lang
-- strict thread matches above, loose matches on Subject: below --
2020-04-17 4:24 pull requests Zach Pearson
2020-04-17 8:11 ` Alex Ott
2020-04-17 16:36 ` Dmitry Gutov
2020-04-21 1:47 ` Richard Stallman
2020-04-21 2:12 ` Po Lu
2020-04-22 3:19 ` Richard Stallman
2020-04-23 3:15 ` Po Lu
2020-04-17 16:38 ` Dmitry Gutov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2ddb14d9-2a1f-ccfb-b5ea-ae9fc41c3bd1@yandex.ru \
--to=dgutov@yandex.ru \
--cc=cpitclaudel@gmail.com \
--cc=eliz@gnu.org \
--cc=emacs-devel@gnu.org \
--cc=rms@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).