From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:bcc0::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id wKRECykVh2CZXQAAgWs5BA (envelope-from ) for ; Mon, 26 Apr 2021 21:31:53 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id GAfpBikVh2CqBAAAB5/wlQ (envelope-from ) for ; Mon, 26 Apr 2021 19:31:53 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id CA1B1156AB for ; Mon, 26 Apr 2021 21:31:52 +0200 (CEST) Received: from localhost ([::1]:37752 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lb6xT-0006Z9-Ur for larch@yhetil.org; Mon, 26 Apr 2021 15:31:51 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:53348) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lb6xI-0006YP-76 for guix-devel@gnu.org; Mon, 26 Apr 2021 15:31:40 -0400 Received: from mail.zaclys.net ([178.33.93.72]:33589) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lb6xF-0006BN-6T for guix-devel@gnu.org; Mon, 26 Apr 2021 15:31:39 -0400 Received: from guix-xps.local (lsl43-1_migr-78-195-19-20.fbx.proxad.net [78.195.19.20] (may be forged)) (authenticated bits=0) by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 13QJVTWC044519 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 26 Apr 2021 21:31:29 +0200 DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 13QJVTWC044519 Authentication-Results: mail.zaclys.net; spf=fail smtp.mailfrom=lle-bout@zaclys.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net; s=default; t=1619465490; bh=nujLMCqbyE3kVWQ+YRdVVRX0M1n6BS0y202o1FgfaAE=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=NoFPdTSdKhBl3MKxrgLXWxGTB+dcw0+wVaKTZ4S5BaaiaZoqm78jXDCYf9KmRMeIL sP8w0Erk2Ln08fpV1IVbBxKQ270w/9rgP2NFcJSmeyzUgqjgd1GXCwCoxMA6luaH3R 1J39XFmBN9a5aN3GvVtK6+V+LhlfJxwsLoXT+/C0= Message-ID: <3b57b80c25b48c1c1377bfc076ac4dc9b38ebb39.camel@zaclys.net> Subject: Re: A "cosmetic changes" commit that removes security fixes From: =?ISO-8859-1?Q?L=E9o?= Le Bouter To: Leo Famulari Cc: Maxim Cournoyer , Mark H Weaver , Raghav Gururajan , Guix Devel , Leo Prikler , Sou Bunnbu Date: Mon, 26 Apr 2021 21:31:18 +0200 In-Reply-To: References: <87tunz11mf.fsf@netris.org> <87r1j30xmo.fsf@netris.org> <87czumypz3.fsf@netris.org> <87o8e4zy5k.fsf@gmail.com> <5cbbfa9b258fb28beb9288685ccc85b4d015cd8a.camel@zaclys.net> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-nsBW+ORAOxip2GZqsecF" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 Received-SPF: pass client-ip=178.33.93.72; envelope-from=lle-bout@zaclys.net; helo=mail.zaclys.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1619465512; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=nujLMCqbyE3kVWQ+YRdVVRX0M1n6BS0y202o1FgfaAE=; b=p+DlVb6RoQQtX2n20X64Jax8LjJN7xGrmI8V36jHMOuqK/V6VFDOArhTGaFNLO9n6JEvZx N7yNFJnYq1ArLAHTVzoOWfkwVUk216whBxZqr1V8NsHtLV2pFvt0l4UujnRut3CBcH26TL s8V1SJ6ejF3Widtai8beL8Et09LdQmNH+uhgqlqM/SSo4ICcbI76S9ZZVcU2im93Sf8mi3 rGHgbXhhQUcfNoyoNXYrxCbWKiX5iXQRZPkkNub5VE4nVzJpmfY38cJAjx7GYCuXR4qcCk fYvw1Zokdbr1ADIG3XO92o0qJPcLeqzO2lkhVX/CpBSIYA3NIRLUdK+aLdF6qg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1619465512; a=rsa-sha256; cv=none; b=XxsRWwL6c7P5ijeV0yfenl5qsbznUvTNdDaWh4mcTMMyYKG1XVKZuD19YlDE53WJASX3ar 6WJuWS3NgWgaX0pAZXD/Zoi6MwHGDLchZ+XWgVkcJItRkPulOaChxtD246lqnGm0yCx+I7 8y2FZazNYfB22dbo9cFWVj8YDqssPyTe2TZaVi2d4d/nNYN1CUH9PMR5i2NAKA5zBdb3hW TtGTj8PByBZc6hUkzca1PtGRTA243TUfZc76mWn1ahhMjFgduGv9ReBc18nvNacrSGJ2XU YCfQtFOzfCe39RcZWa+hoS8vQW+ryd69TwnCVToj4jO1k1l0xSOXbaOL645s2Q== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=zaclys.net header.s=default header.b=NoFPdTSd; dmarc=pass (policy=reject) header.from=zaclys.net; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -3.75 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=zaclys.net header.s=default header.b=NoFPdTSd; dmarc=pass (policy=reject) header.from=zaclys.net; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: CA1B1156AB X-Spam-Score: -3.75 X-Migadu-Scanner: scn0.migadu.com X-TUID: ZOhX7kpN4kAV --=-nsBW+ORAOxip2GZqsecF Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, 2021-04-23 at 15:18 -0400, Leo Famulari wrote: > I have to agree with everybody in this thead. >=20 > The commits in question were problematic (especially on core-updates, > which is not a "WIP" branch and thus cannot be rewritten to fix past > problems). I'm not confident that the security fixes would have been > reinstated on core-updates if Mark had not asked about them. >=20 > L=C3=A9o and Raghav, you need to keep learning our workflow around > security > updates. It's not okay to remove security patches and later update a > package to a fixed version in a different commit. `git rebase` is the > tool to learn for cases like this one. I do not think here that Raghav and myself should somehow be framed as people having to learn more and that would be the reason for these issues. To talk about myself, I think the main difference here is that Mark and myself consider different things to have value when contributing to GNU Guix. Mark tends to consider the technicality of contributing to GNU Guix, that the code be well tested, that every change be made in a very rigorous way. I tend to also consider these things but also consider other things like how people feel when they contribute to GNU Guix, do they feel discouraged or rewarded by their contributions, I find that it can be tiring and very discouraging to respond back and forth to many many review comments, and at some point, even if things have some rough edges, I tend to prefer rewarding a contributor for their work than insist the commit history should be perfect or something. I also stopped upholding myself to high rigorous standards at all times, also because I think it is not good for my mental health. I tend to move the responsability of rigorous testing into tools, I think putting testing/checking into tools is at the same time good for mental health and inclusive because it means also everyone can check their own changes and correct errors. Having tools to check things is less stressful for everyone, I discovered that aspect after I learned Rust and I think it really is the way to go. I think there is an aspect of contribution where people feel stressed and doubt themselves and that's what keeps them away from contribution, if we have tools then those problems tend to disappear because the tool acts as a stopgap, the tool can also be collectively improved as soon as more best practices are discovered by the community. Rust does this with clippy lint rules, the borrow checker and the very well made error/warning reporting of the compiler. I think relying more on tools even if we never can do so fully and less on individual accountability is better here. >=20 > However, Mark, you have way more experience, and you need to handle > these things differently. If you don't trust certain Guix > contributors, > take it up with the maintainers =E2=80=94 in private. The style of > communication > you used here is ineffective and will dissuade people from > contributing > to Guix. Do you want L=C3=A9o and Raghav to learn and improve? Or do you > want > them to leave? Remember that we all begin as beginners. L=C3=A9o --=-nsBW+ORAOxip2GZqsecF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmCHFQYACgkQRaix6GvN EKYTXRAAikYEJa7LS45dzm047iyctetdQPrn39850jYpzthG0UYARDc4/okezPP6 byzB2TK25cAmX4NdITFAvO3iQgp0W+kHVl9R3dHC/d+xstwTo8rG9eSYQj2y9hOx sz1AbbL+StUjupHoNZCD7veg8nZG1Aija6+SKfPCGAc3Oa1S23ExTJlf+b+YVrZm nl9Osztcq+/1x1dENIdutktyCh9AFnC5H9Fnd9xgNontefFqpzWWnZbaH0q08BBR e5ITLqhCMwbMbHFgyf0uiWrGFMw/GtUNPifU4qLglVpKPpSh2USwrekLmqNNLAnv xgitPNjQfKWSLoi4EoSIXmdNm/HgJ1VgUU0FhVpXJugeFyr7b21DiM2iZiXjh5sp ETVBxZWC1zbMDkfMCCcjR5lx/SuFwU6ob+ZDMmtgP/kYZoLGj7gq4PD1rnGtGakn UUaX3kVS8psY1UaSXlo80trPOuslLhLhQjRhoVaYLWdiFyRWV3lD0ETQeevMjw6Z ZXMr4r2Wt/0VDqSgZ0iO5MGPdJtcxXL5StbUomHm5xeQFoeX+6ScrXSH6mtKkwRw RTu9MYAQx5B5OsjOVh/M0EuF7bwfBGQ2J0ZLfTT1clxnceFXj+5g6XMQMmirz5Vg uCrRdjbZaT5g3lh17wnE5GYR7t9ZHE5szrlhcp/faVAox0TFqIA= =Inll -----END PGP SIGNATURE----- --=-nsBW+ORAOxip2GZqsecF--