From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id UKM6E+hqjWCXggAAgWs5BA (envelope-from ) for ; Sat, 01 May 2021 16:51:20 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id ELPiDuhqjWC6bgAAbx9fmQ (envelope-from ) for ; Sat, 01 May 2021 14:51:20 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id D31EB1CF4A for ; Sat, 1 May 2021 16:51:19 +0200 (CEST) Received: from localhost ([::1]:58978 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lcqxh-0001xu-24 for larch@yhetil.org; Sat, 01 May 2021 10:51:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50316) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lcqxJ-0001x1-Qe for guix-devel@gnu.org; Sat, 01 May 2021 10:50:53 -0400 Received: from ns13.heimat.it ([46.4.214.66]:45214) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lcqxB-0004M4-O5 for guix-devel@gnu.org; Sat, 01 May 2021 10:50:53 -0400 Received: from localhost (ip6-localhost [127.0.0.1]) by ns13.heimat.it (Postfix) with ESMTP id D82D13021B9; Sat, 1 May 2021 14:50:41 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at ns13.heimat.it Received: from ns13.heimat.it ([127.0.0.1]) by localhost (ns13.heimat.it [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bbHrgt2CxRe6; Sat, 1 May 2021 14:50:40 +0000 (UTC) Received: from bourrache.mug.xelera.it (unknown [93.56.171.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by ns13.heimat.it (Postfix) with ESMTPSA id D7FF33021B7; Sat, 1 May 2021 14:50:39 +0000 (UTC) Received: from roquette.mug.biscuolo.net (roquette [10.38.2.14]) by bourrache.mug.xelera.it (Postfix) with SMTP id C9ED5E7E149; Sat, 1 May 2021 16:50:37 +0200 (CEST) Received: (nullmailer pid 14628 invoked by uid 1000); Sat, 01 May 2021 14:50:37 -0000 From: Giovanni Biscuolo To: Pierre Neidhardt Subject: Re: A "cosmetic changes" commit that removes security fixes In-Reply-To: <87fsz7isbv.fsf@ambrevar.xyz> Organization: Xelera.eu References: <5cbbfa9b258fb28beb9288685ccc85b4d015cd8a.camel@zaclys.net> <8735vgkttf.fsf@netris.org> <475c152f2e4bf0b566324223f2f5e3598279b87f.camel@zaclys.net> <87eeext6h4.fsf@nckx> <87lf92h0ei.fsf@gnu.org> <878s518ghz.fsf@systemreboot.net> <87zgxhl0os.fsf@ambrevar.xyz> <20210429141423.qtji4lsuaox7wfdk@thebird.nl> <87fsz7isbv.fsf@ambrevar.xyz> Date: Sat, 01 May 2021 16:50:26 +0200 Message-ID: <877dki7bkd.fsf@biscuolo.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: pass client-ip=46.4.214.66; envelope-from=g@xelera.eu; helo=ns13.heimat.it X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1619880679; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=o+0Zyj4UtI/YtoSl51KcUDTrbfQFzb8OuLb0il6kkZA=; b=HYMJirbrZGWguYnhs6CA1x9d/9VIxnuTeUE5EMzeCSrOaS7fXR5NVi3Rxj19e8RCzU/TFj QjP16O0rkSCI5kzcq9oomOacfMSdgW6ULZviwTWw3VD8VitYzoRsATaSMlfdwLUZ/Jhwns ReRBufUpaAvrIwEH3lQziiA+qPUle8GMAh8QMG898T4MGwrIiAgAcwrCHf7NgxRX8i8NXv ETQ5Eg/VPWBzeQzpBHx1CF7eZio3fwIug6b0LgWRZ/dPpNk0bxGALdUHA0O0llxep/E9Um TLyWWthuP9da0cnGDS1pBemtVneNoQMXWTj4foSwVjGocz+laI3+GkVM/JLT2Q== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1619880679; a=rsa-sha256; cv=none; b=DvDm4hz4Y75x+4wzIKsR7bJBwvSqlJIghGt0V/5/bm2mEuKfjxNTt/9SrVzD8t9LhWnBIh ifv4WwoeA2MqzW1bBo2EDisslJdkmKw3YZPbXaAC1/TAVq4TN+YD084NDFJc9KqQxjQ6sV 8CQ1hhQ3pUvvOckmZA+ZZEbw868p7i7zbPm1lC2o8JwuRbesZKAPRktiugQ7cKOa4/dNHU YdzSkwCVk6qsc+pF93ZZSzQ/rJVF8jPqMnhX8TEn2aDL4mA301LxQeumf0bYD7CcqyJ7qG gZVNTE+6S1gugufeJ+BEVCRBOCfyRktZXPFvhOB7afnymyCsgagyzwjb3yQvHA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -4.56 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: D31EB1CF4A X-Spam-Score: -4.56 X-Migadu-Scanner: scn0.migadu.com X-TUID: YID5IApYy0Jy --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Pierre, Pierre Neidhardt writes: > I haven't really followed the issue, I have, very carefully ;-) > so I couldn't say whether the decision taken by the core maintainers > was right or not. From=20my point of view it was /but/ this is *not* relevant: what's relevant here is that /if/ we trust Guix maintainers (I do) when they give commit access rights to people, whe /have/ to trust them when they revoke those rights. We /should/ disccus /if/ the rules and best practices to have and maintain the commit acces are well documented: please make proposals (patches wellcome :-) ) but please we have to keep trusting Guix maintainers (that is a collective of very competent people). [...] >> I am not a core maintainer, but it should be obvious that core >> maintainers would not take a decision to revoke commit rights lightly. > > I trust that it is the case, but being the devil's advocate, Please don't: =C2=ABWhy the Devil's Advocate Doesn't Help Reach the Truth=C2=BB https://www.gnu.org/philosophy/devils-advocate.html =2D-8<---------------cut here---------------start------------->8--- The devil achieves that by twisting my words: presenting a misleading context in which my words appear to mean something other than what I intended. =2D-8<---------------cut here---------------end--------------->8--- ;-) [...] > Another question one could ask: why just the core maintainers > actually? Shouldn't everyone be involved? Maybe the right answer is > "no" here, and if so, I believe we should explain why in the community > guidelines. Guix is a GNU project and AFAIU GNU project management is well documented: https://www.gnu.org/gnu/gnu-structure.html I don't know if Guix project needs specific =C2=ABGNU Guix structure=C2=BB documentation but /if/ the answer is yes it should complement the official GNU one, not replace it, IMHO. BTW I see Guix contributors with commit access as "package maintanance assistants" delegated by maintainers to make some technical decisions: =2D-8<---------------cut here---------------start------------->8--- The maintainers of a package often recruit others to contribute to its development, and delegate some technical decisions to them. However, the maintainers retain authority over the whole of the package so they can carry out their responsibility to the GNU Project. =2D-8<---------------cut here---------------end--------------->8--- Please we should always consider that GNU maintainers are the persons that carry out the responsibility to the GNU project, not contributors with commit access. Maybe the contributing section of Guix manual should mention it and link the relevant GNU project's documents: do you think it'd be useful? > Lest the community present an image where a few would benefit from > arbitrary privileges. ...or seen from /the other side of the moon/: a few carry out the precious work to be /responsible/ to do a good, practical job of developing and maintaining Guix according to the GNU project's mission and general decision. If you want call it /arbitrary privilege/ but I have a different point of view :-D The "community" (whatever this means) should acknowledge that contributing also means to be responsible toward other users of free software: this needs competence in the specific matter (also domain specific), discipline (i.e. properly documenting changes in commit messages) and commitment to a set of common shared rules (documented in Guix and GNU project manual). [...] > Last, maybe a more important question: if core maintainers are > entrusted to take executive decisions about the community members, > what about executive decisions about the core maintainers themselves? Maintainers are appointed by the GNU project. > Are there such provisions? Example: what if a core maintainers > misbehaves? Can they see there privileges revoked? How? Is this > documented? =C2=ABGNU Software Evaluation=C2=BB https://www.gnu.org/help/evaluation.html#whatmeans Does this answer your question? [...] Happy hacking! Gio' =2D-=20 Giovanni Biscuolo Xelera IT Infrastructures --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJABAEBCgAqFiEERcxjuFJYydVfNLI5030Op87MORIFAmCNarMMHGdAeGVsZXJh LmV1AAoJENN9DqfOzDkS7FQQALImWZcE4PfpVZ/bYpzAu7gPJlyx5oxz9x9D/7ax 5cKFX3+r+9eLUrMMvF8lx4f9HpZcuQBQlALFhTcvNWBQoobFGPgkT/DPFCXmYvbR 7b0atM/41OQm5A2js+GKncYxHtFlBBaZbEixwpnc2DmaAhV2dygcyEK8dyTKmjbq HCLgGS7Zb/IRVyAKZRDP4WyuYJFFodZ4xmrNJQHWp1R9cn9Z6qQin+BaEVJuJHIH YU1cIRAXmYGldPqbLFuQ8OoA1FvjMUlIZOQCt3VQBos+w15poPk9G79Kf/ucUrR3 BmFEAa92Os2R+OcYJF3l+GxEObhTrv0vrIn73bWVX5mKGiR7/U0n04Je9PGWEIwJ V8REDB3TuBBGFcqyWuhg8Lscq/NAHM50zcWeA9I+4ucDAqvKEBr7lxqarFnc8GHL wttiC5HJnXeKbkJ/AQ3HfoeSvqlbq1KqWQNkCFYrDuQUkhCAbxrp94DvqVQteYOH zXXlRcUzprqxUAPNHzC0JtcJy4zLuwcYei9F0P06TXwehZxAlSYr4YWnWfsNng7j FszdtVuK2O+dvChLJLYawugaCozDjEuEbtWwg6Fd0U1ttmmDJ0H/sNCKz2wK5wn+ /5AMZJpDJmJ8i2oXQ4thg6ltXxkJ5NcQj65kHKVGb9g0FKdfHxDZ0B9QzUTkEioF J8d/ =o2Sl -----END PGP SIGNATURE----- --=-=-=--