* [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation @ 2021-05-27 12:32 Ludovic Courtès 2021-05-27 12:35 ` [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section Ludovic Courtès ` (2 more replies) 0 siblings, 3 replies; 28+ messages in thread From: Ludovic Courtès @ 2021-05-27 12:32 UTC (permalink / raw) To: 48696; +Cc: Ludovic Courtès Hello Guix! Attached is an attempt to: 1. Structure the “Commit Access” section of the manual; 2. Document how to address committers’ mistakes, when to revert commits; 3. Explain under what circumstances maintainers may revoke commit rights. It essentially codifies unwritten rules, but as always, I think it’s better to be explicit about the rules and community expectations. Let me know what you think! I propose to leave a comment period of at least one week, possibly iterating with new versions. Ludo’. Ludovic Courtès (3): doc: Structure the "Commit Access" section. doc: Add "Addressing Mistakes" section. doc: Explain more reasons for commit revocation. doc/contributing.texi | 114 ++++++++++++++++++++++++++++++++++-------- 1 file changed, 93 insertions(+), 21 deletions(-) -- 2.31.1 ^ permalink raw reply [flat|nested] 28+ messages in thread
* [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section. 2021-05-27 12:32 [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation Ludovic Courtès @ 2021-05-27 12:35 ` Ludovic Courtès 2021-05-27 12:35 ` [bug#48696] [PATCH 2/3] doc: Add "Addressing Mistakes" section Ludovic Courtès ` (3 more replies) 2021-05-27 14:16 ` [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation Leo Famulari 2021-05-30 12:49 ` Tobias Geerinckx-Rice via Guix-patches via 2 siblings, 4 replies; 28+ messages in thread From: Ludovic Courtès @ 2021-05-27 12:35 UTC (permalink / raw) To: 48696; +Cc: Ludovic Courtès * doc/contributing.texi (Commit Access): Add introduction and section heading. Separate OpenPGP setup from commit policy. --- doc/contributing.texi | 59 ++++++++++++++++++++++++++++--------------- 1 file changed, 38 insertions(+), 21 deletions(-) diff --git a/doc/contributing.texi b/doc/contributing.texi index cfcae22502..7dc912b4de 100644 --- a/doc/contributing.texi +++ b/doc/contributing.texi @@ -1258,8 +1258,19 @@ this nifty tool! @section Commit Access @cindex commit access, for developers -For frequent contributors, having write access to the repository is -convenient. When you deem it necessary, consider applying for commit +Everyone can contribute to Guix without having commit access +(@pxref{Submitting Patches}). However, for frequent contributors, +having write access to the repository can be convenient. Commit access +should not be thought of as a ``badge of honor'' but rather as a +responsibility a contributor is willing to take to help the project. + +The following sections explain how to get commit access, how to be ready +to push commits, and the policies and community expectations for commits +pushed upstream. + +@subsection Applying for Commit Access + +When you deem it necessary, consider applying for commit access by following these steps: @enumerate @@ -1331,6 +1342,27 @@ review and merging system, which, as a consequence, may lead us to have fewer people with commit access to the main repository. Stay tuned! @end quotation +All commits that are pushed to the central repository on Savannah must +be signed with an OpenPGP key, and the public key should be uploaded to +your user account on Savannah and to public key servers, such as +@code{keys.openpgp.org}. To configure Git to automatically sign +commits, run: + +@example +git config commit.gpgsign true +git config user.signingkey CABBA6EA1DC0FF33 +@end example + +You can prevent yourself from accidentally pushing unsigned commits to +Savannah by using the pre-push Git hook called located at +@file{etc/git/pre-push}: + +@example +cp etc/git/pre-push .git/hooks/pre-push +@end example + +@subsection Commit Policy + If you get commit access, please make sure to follow the policy below (discussions of the policy can take place on @email{guix-devel@@gnu.org}). @@ -1349,25 +1381,6 @@ mailing list for commit notifications (@email{guix-commits@@gnu.org}), so people can notice. Before pushing your changes, make sure to run @code{git pull --rebase}. -All commits that are pushed to the central repository on Savannah must -be signed with an OpenPGP key, and the public key should be uploaded to -your user account on Savannah and to public key servers, such as -@code{keys.openpgp.org}. To configure Git to automatically sign -commits, run: - -@example -git config commit.gpgsign true -git config user.signingkey CABBA6EA1DC0FF33 -@end example - -You can prevent yourself from accidentally pushing unsigned commits to -Savannah by using the pre-push Git hook called located at -@file{etc/git/pre-push}: - -@example -cp etc/git/pre-push .git/hooks/pre-push -@end example - When pushing a commit on behalf of somebody else, please add a @code{Signed-off-by} line at the end of the commit log message---e.g., with @command{git am --signoff}. This improves tracking of who did @@ -1389,12 +1402,16 @@ you're confident, it's OK to commit. That last part is subject to being adjusted, allowing individuals to commit directly on non-controversial changes on parts they’re familiar with. +@subsection Commit Revocation + In order to reduce the possibility of mistakes, committers will have their Savannah account removed from the Guix Savannah project and their key removed from @file{.guix-authorizations} after 12 months of inactivity; they can ask to regain commit access by emailing the maintainers, without going through the vouching process. +@subsection Helping Out + One last thing: the project keeps moving forward because committers not only push their own awesome changes, but also offer some of their time @emph{reviewing} and pushing other people's changes. As a committer, -- 2.31.1 ^ permalink raw reply related [flat|nested] 28+ messages in thread
* [bug#48696] [PATCH 2/3] doc: Add "Addressing Mistakes" section. 2021-05-27 12:35 ` [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section Ludovic Courtès @ 2021-05-27 12:35 ` Ludovic Courtès 2021-05-27 19:19 ` Christopher Baines 2021-05-27 12:35 ` [bug#48696] [PATCH 3/3] doc: Explain more reasons for commit revocation Ludovic Courtès ` (2 subsequent siblings) 3 siblings, 1 reply; 28+ messages in thread From: Ludovic Courtès @ 2021-05-27 12:35 UTC (permalink / raw) To: 48696; +Cc: Ludovic Courtès * doc/contributing.texi (Addressing Mistakes): New section. --- doc/contributing.texi | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/doc/contributing.texi b/doc/contributing.texi index 7dc912b4de..8308551261 100644 --- a/doc/contributing.texi +++ b/doc/contributing.texi @@ -1402,6 +1402,40 @@ you're confident, it's OK to commit. That last part is subject to being adjusted, allowing individuals to commit directly on non-controversial changes on parts they’re familiar with. +@subsection Addressing Mistakes + +We all make mistakes. We expect peer review (@pxref{Submitting +Patches}) and tools such as @command{guix lint} (@pxref{Invoking guix +lint}) and the test suite (@pxref{Running the Test Suite}) to catch +issues before they are pushed; yet, mistakes might go through---that +happens to both newcomers and old-timers, and there is nothing to be +ashamed of when it happens. As a community, we expect committers to +recognize and address mistakes as soon as possible. + +Some mistakes can directly affect all users---for instance because they +make @command{guix pull} fail or break core functionality, because they +break major packages (at build time or run time), or because they +introduce known security vulnerabilities. + +@cindex reverting commits +The person who pushed the faulty commit(s) should be at the forefront to +address such an issue in a timely fashion: by pushing a followup commit +to fix it (if possible), or by reverting it to leave time to come up +with a proper fix, and by communicating with other developers about the +problem. + +If the committer is unavailable to address the issue in time, other +committers are entitled to revert the offending commit(s), explaining in +the commit log and on the mailing list what the problem was, with the +goal of leaving time to the original committer and author(s) to propose +a way forward. + +The Guix project values friendly cooperation and a constant effort to +focus on the way forward when issues arise. Committers should lead by +example, notably as a way to encourage contributors and contributors to +be. Blame as well as defensiveness do not have their place in Guix when +addressing genuine mistakes. + @subsection Commit Revocation In order to reduce the possibility of mistakes, committers will have -- 2.31.1 ^ permalink raw reply related [flat|nested] 28+ messages in thread
* [bug#48696] [PATCH 2/3] doc: Add "Addressing Mistakes" section. 2021-05-27 12:35 ` [bug#48696] [PATCH 2/3] doc: Add "Addressing Mistakes" section Ludovic Courtès @ 2021-05-27 19:19 ` Christopher Baines 2021-05-29 10:22 ` Ludovic Courtès 0 siblings, 1 reply; 28+ messages in thread From: Christopher Baines @ 2021-05-27 19:19 UTC (permalink / raw) To: Ludovic Courtès; +Cc: 48696 [-- Attachment #1: Type: text/plain, Size: 3790 bytes --] Ludovic Courtès <ludo@gnu.org> writes: > * doc/contributing.texi (Addressing Mistakes): New section. > --- > doc/contributing.texi | 34 ++++++++++++++++++++++++++++++++++ > 1 file changed, 34 insertions(+) > > diff --git a/doc/contributing.texi b/doc/contributing.texi > index 7dc912b4de..8308551261 100644 > --- a/doc/contributing.texi > +++ b/doc/contributing.texi > @@ -1402,6 +1402,40 @@ you're confident, it's OK to commit. > That last part is subject to being adjusted, allowing individuals to commit > directly on non-controversial changes on parts they’re familiar with. > > +@subsection Addressing Mistakes > + > +We all make mistakes. We expect peer review (@pxref{Submitting > +Patches}) and tools such as @command{guix lint} (@pxref{Invoking guix > +lint}) and the test suite (@pxref{Running the Test Suite}) to catch > +issues before they are pushed; yet, mistakes might go through---that > +happens to both newcomers and old-timers, and there is nothing to be > +ashamed of when it happens. As a community, we expect committers to > +recognize and address mistakes as soon as possible. > + > +Some mistakes can directly affect all users---for instance because they > +make @command{guix pull} fail or break core functionality, because they > +break major packages (at build time or run time), or because they > +introduce known security vulnerabilities. > + > +@cindex reverting commits > +The person who pushed the faulty commit(s) should be at the forefront to > +address such an issue in a timely fashion: by pushing a followup commit > +to fix it (if possible), or by reverting it to leave time to come up > +with a proper fix, and by communicating with other developers about the > +problem. > + > +If the committer is unavailable to address the issue in time, other > +committers are entitled to revert the offending commit(s), explaining in > +the commit log and on the mailing list what the problem was, with the > +goal of leaving time to the original committer and author(s) to propose > +a way forward. > + > +The Guix project values friendly cooperation and a constant effort to > +focus on the way forward when issues arise. Committers should lead by > +example, notably as a way to encourage contributors and contributors to > +be. Blame as well as defensiveness do not have their place in Guix when > +addressing genuine mistakes. I too would like to see less blame, but one factor is how things are framed and the language used. On the language here, "mistake" is a word I would generally avoid if the aim is avoid blaming someone, since mistakes are made by a person or set of people. I'd prefer a term like "problem", since I don't perceieve that as directly linked to a person or set of people. On the bit about the "person who pushed the faulty commits" (so, person to blame...) I'd much prefer an emphisis on group responsibility to mitigate the impact of problems quickly, and understand the factors that led to that problems in the first place. That avoids assigning blame, rather than the process pushing responsibility to the person to blame ("person who pushed the faulty commit(s)"). On this same thread, I'd like to see less blaming in the form of asking people to "explain". When there's a problem, and you ask someone to explain, I would interpret that as "I'm blaming you for this, please give your account of how the mistake was made", to which the person can either answer explaining the details as to why they are to blame, or can disagree with the implicit assertion that they are to blame. To avoid assigning blame, one can just ask someone to "describe" what happened, which I wouldn't interpret as being loaded with the same implicit assertion. [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 987 bytes --] ^ permalink raw reply [flat|nested] 28+ messages in thread
* [bug#48696] [PATCH 2/3] doc: Add "Addressing Mistakes" section. 2021-05-27 19:19 ` Christopher Baines @ 2021-05-29 10:22 ` Ludovic Courtès 2021-05-30 10:29 ` Christopher Baines 0 siblings, 1 reply; 28+ messages in thread From: Ludovic Courtès @ 2021-05-29 10:22 UTC (permalink / raw) To: Christopher Baines; +Cc: 48696 Hi Chris, Christopher Baines <mail@cbaines.net> skribis: > Ludovic Courtès <ludo@gnu.org> writes: [...] >> +The Guix project values friendly cooperation and a constant effort to >> +focus on the way forward when issues arise. Committers should lead by >> +example, notably as a way to encourage contributors and contributors to >> +be. Blame as well as defensiveness do not have their place in Guix when >> +addressing genuine mistakes. > > I too would like to see less blame, but one factor is how things are > framed and the language used. Point taken! > On the language here, "mistake" is a word I would generally avoid if the > aim is avoid blaming someone, since mistakes are made by a person or set > of people. I'd prefer a term like "problem", since I don't perceieve > that as directly linked to a person or set of people. > > On the bit about the "person who pushed the faulty commits" (so, person > to blame...) I'd much prefer an emphisis on group responsibility to > mitigate the impact of problems quickly, and understand the factors that > led to that problems in the first place. That avoids assigning blame, > rather than the process pushing responsibility to the person to blame > ("person who pushed the faulty commit(s)"). I get what you say and very much like the idea of focusing on group responsibility. There’s blame, and there’s accountability. I see group responsibility in setting up processes and carrying out proper peer review to avoid problems. I see accountability when it comes to commits actually pushed—in the end, it’s one person running ‘git push’. In my view, “mistake” can be a way to name a “problem” that someone created and is accountable for (Jelle wrote a nice message on this topic a while back). This is getting a bit philosophical though, and I’m not sure my understanding of English is good enough to go any further. :-) I think you have a point though. Could you propose different wording for this section? (My goal for this section was to (1) spell out circumstances that may lead to reverts, (2) explain the implications of committer accountability, and (3) define our community standards in terms of focusing on addressing issues and not on blaming individuals.) > On this same thread, I'd like to see less blaming in the form of asking > people to "explain". When there's a problem, and you ask someone to > explain, I would interpret that as "I'm blaming you for this, please > give your account of how the mistake was made", to which the person can > either answer explaining the details as to why they are to blame, or can > disagree with the implicit assertion that they are to blame. To avoid > assigning blame, one can just ask someone to "describe" what happened, > which I wouldn't interpret as being loaded with the same implicit > assertion. I agree with what you write in general, though my understanding is that you’re not referring to the text in this patch, right? Thanks for your feedback, Ludo’. ^ permalink raw reply [flat|nested] 28+ messages in thread
* [bug#48696] [PATCH 2/3] doc: Add "Addressing Mistakes" section. 2021-05-29 10:22 ` Ludovic Courtès @ 2021-05-30 10:29 ` Christopher Baines 2021-06-02 9:22 ` [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation Ludovic Courtès 0 siblings, 1 reply; 28+ messages in thread From: Christopher Baines @ 2021-05-30 10:29 UTC (permalink / raw) To: Ludovic Courtès; +Cc: 48696 [-- Attachment #1: Type: text/plain, Size: 5758 bytes --] Ludovic Courtès <ludo@gnu.org> writes: > Hi Chris, > > Christopher Baines <mail@cbaines.net> skribis: > >> Ludovic Courtès <ludo@gnu.org> writes: > > [...] > >>> +The Guix project values friendly cooperation and a constant effort to >>> +focus on the way forward when issues arise. Committers should lead by >>> +example, notably as a way to encourage contributors and contributors to >>> +be. Blame as well as defensiveness do not have their place in Guix when >>> +addressing genuine mistakes. >> >> I too would like to see less blame, but one factor is how things are >> framed and the language used. > > Point taken! > >> On the language here, "mistake" is a word I would generally avoid if the >> aim is avoid blaming someone, since mistakes are made by a person or set >> of people. I'd prefer a term like "problem", since I don't perceieve >> that as directly linked to a person or set of people. >> >> On the bit about the "person who pushed the faulty commits" (so, person >> to blame...) I'd much prefer an emphisis on group responsibility to >> mitigate the impact of problems quickly, and understand the factors that >> led to that problems in the first place. That avoids assigning blame, >> rather than the process pushing responsibility to the person to blame >> ("person who pushed the faulty commit(s)"). > > I get what you say and very much like the idea of focusing on group > responsibility. > > There’s blame, and there’s accountability. I see group responsibility > in setting up processes and carrying out proper peer review to avoid > problems. I see accountability when it comes to commits actually > pushed—in the end, it’s one person running ‘git push’. In my view, > “mistake” can be a way to name a “problem” that someone created and is > accountable for (Jelle wrote a nice message on this topic a while back). > This is getting a bit philosophical though, and I’m not sure my > understanding of English is good enough to go any further. :-) I guess part of what I'm getting at here is using language and the perspective to try and delay that inference about individual accountability, until the discussion around a problem has reached a clear conclusion about what happened. In doing so, opportunity is left open to actually consider the full situation, rather than immediately narrowing it down to what a particular individual or group did or didn't do. > I think you have a point though. Could you propose different wording > for this section? > > (My goal for this section was to (1) spell out circumstances that may > lead to reverts, (2) explain the implications of committer > accountability, and (3) define our community standards in terms of > focusing on addressing issues and not on blaming individuals.) What I would like to see is more like this: Problems happen, while minimising there occurrence is important, it's also important to respond to problems in a useful way. There are two priorities, mitigating the impact and understanding what happened in order to reduce the chance of similar incidents in the future. The responsibility for both these things primarily lies with those involved, but like everything this is a group effort. When working to mitigate the impact of a problem, obviously the response is very much dependent on the situation. If it's possible to fix things that are broken, that's preferable. If that's infeasible, then promptly reverting changes to return to a working state is justified (as with any commit, note why the change is being made in the commit message). Once the problem has been dealt with to some extent, then it's the responsibility of those involved to make sure the situation is understood. If you are working to understand what happened, focus on gathering information and avoid assigning any blame. Do ask those involved to describe what has happened, don't ask them to explain the situation, even if you think they have something to explain, as this implicitly blames them, which is unhelpful. Accountability comes from a consensus about the problem, learning from it and improving processes so that it's less likely to reoccur. I'm not sure how much needs saying about reverts, but I did include something. For committer accountability, that's where I'm talking about the "responsibilities of those involved". I guess that's a little vague, but what I'm trying to do there is trying to capture the group of relevant people, for example, the person who proposed the breaking change, the committer who pushed it, and the other person that reverted it. In terms of trying to focus on addressing issues and not blaming individuals, I think just avoiding language that implicitly blames people would be a big step forward. Whether that's enough, I'm unsure. >> On this same thread, I'd like to see less blaming in the form of asking >> people to "explain". When there's a problem, and you ask someone to >> explain, I would interpret that as "I'm blaming you for this, please >> give your account of how the mistake was made", to which the person can >> either answer explaining the details as to why they are to blame, or can >> disagree with the implicit assertion that they are to blame. To avoid >> assigning blame, one can just ask someone to "describe" what happened, >> which I wouldn't interpret as being loaded with the same implicit >> assertion. > > I agree with what you write in general, though my understanding is that > you’re not referring to the text in this patch, right? Yeah, although I think something to this effect might be worth including. [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 987 bytes --] ^ permalink raw reply [flat|nested] 28+ messages in thread
* [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation 2021-05-30 10:29 ` Christopher Baines @ 2021-06-02 9:22 ` Ludovic Courtès 2021-06-08 14:02 ` Christopher Baines 0 siblings, 1 reply; 28+ messages in thread From: Ludovic Courtès @ 2021-06-02 9:22 UTC (permalink / raw) To: Christopher Baines; +Cc: 48696 Hi Chris, Christopher Baines <mail@cbaines.net> skribis: > Ludovic Courtès <ludo@gnu.org> writes: [...] >> I think you have a point though. Could you propose different wording >> for this section? >> >> (My goal for this section was to (1) spell out circumstances that may >> lead to reverts, (2) explain the implications of committer >> accountability, and (3) define our community standards in terms of >> focusing on addressing issues and not on blaming individuals.) > > What I would like to see is more like this: > > Problems happen, while minimising there occurrence is important, it's > also important to respond to problems in a useful way. There are two > priorities, mitigating the impact and understanding what happened in > order to reduce the chance of similar incidents in the future. The > responsibility for both these things primarily lies with those > involved, but like everything this is a group effort. > > When working to mitigate the impact of a problem, obviously the > response is very much dependent on the situation. If it's possible to > fix things that are broken, that's preferable. If that's infeasible, > then promptly reverting changes to return to a working state is > justified (as with any commit, note why the change is being made in > the commit message). > > Once the problem has been dealt with to some extent, then it's the > responsibility of those involved to make sure the situation is > understood. If you are working to understand what happened, focus on > gathering information and avoid assigning any blame. Do ask those > involved to describe what has happened, don't ask them to explain the > situation, even if you think they have something to explain, as this > implicitly blames them, which is unhelpful. Accountability comes from > a consensus about the problem, learning from it and improving > processes so that it's less likely to reoccur. > > I'm not sure how much needs saying about reverts, but I did include > something. > > For committer accountability, that's where I'm talking about the > "responsibilities of those involved". I guess that's a little vague, but > what I'm trying to do there is trying to capture the group of relevant > people, for example, the person who proposed the breaking change, the > committer who pushed it, and the other person that reverted it. > > In terms of trying to focus on addressing issues and not blaming > individuals, I think just avoiding language that implicitly blames > people would be a big step forward. Whether that's enough, I'm unsure. OK. I like what you wrote; I think it addresses #3 and a bit of #2 above, but I find a bit too abstract, not sufficiently hands-on (when can commits be reverted? what’s the timeframe? who’s involved?), and lacking examples. “Problems happen” sounds unspecific to me (it reminds me of Forest Gump :-)) and I’m uncomfortable with the passive voice that tends to erase individuals. @subsection Addressing Issues Peer review (@pxref{Submitting Patches}) and tools such as @command{guix lint} (@pxref{Invoking guix lint}) and the test suite (@pxref{Running the Test Suite}) should catch issues before they are pushed. Yet, commits that ``break'' functionality might occasionally go through. When that happens, there are two priorities: mitigating the impact, and understanding what happened to reduce the chance of similar incidents in the future. The responsibility for both these things primarily lies with those involved, but like everything this is a group effort. Some issues can directly affect all users---for instance because they make @command{guix pull} fail or break core functionality, because they break major packages (at build time or run time), or because they introduce known security vulnerabilities. @cindex reverting commits The people involved in authoring, reviewing, and pushing such commit(s) should be at the forefront to mitigate their impact in a timely fashion: by pushing a followup commit to fix it (if possible), or by reverting it to leave time to come up with a proper fix, and by communicating with other developers about the problem. If these persons are unavailable to address the issue in time, other committers are entitled to revert the commit(s), explaining in the commit log and on the mailing list what the problem was, with the goal of leaving time to the original committer, reviewer(s), and author(s) to propose a way forward. Once the problem has been dealt with, it is the responsibility of those involved to make sure the situation is understood. If you are working to understand what happened, focus on gathering information and avoid assigning any blame. Do ask those involved to describe what happened, do not ask them to explain the situation---this would implicitly blame them, which is unhelpful. Accountability comes from a consensus about the problem, learning from it and improving processes so that it's less likely to reoccur. There’s still “the people involved”, “these persons”, and “such commits” (I removed “faulty”), because I couldn’t think of a way of avoiding these without making the text too abstract or dismissing the idea entirely (the idea that if I push a breaking change, others can expect me to be spend time “mitigating the effort”). Also, I think it’s useful to distinguish between “I revert my commit” and “someone reverts my commit” due to their different social and emotional implications (our goal is precisely to suggest that these implications are out of place in this group effort that Guix is, but we can’t deny that they preexist). WDYT? Thanks for taking the time to work on it! Ludo’. ^ permalink raw reply [flat|nested] 28+ messages in thread
* [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation 2021-06-02 9:22 ` [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation Ludovic Courtès @ 2021-06-08 14:02 ` Christopher Baines 2021-06-11 14:05 ` Ludovic Courtès 0 siblings, 1 reply; 28+ messages in thread From: Christopher Baines @ 2021-06-08 14:02 UTC (permalink / raw) To: Ludovic Courtès; +Cc: 48696 [-- Attachment #1: Type: text/plain, Size: 6374 bytes --] Ludovic Courtès <ludo@gnu.org> writes: > Hi Chris, > > Christopher Baines <mail@cbaines.net> skribis: > >> Ludovic Courtès <ludo@gnu.org> writes: > > [...] > >>> I think you have a point though. Could you propose different wording >>> for this section? >>> >>> (My goal for this section was to (1) spell out circumstances that may >>> lead to reverts, (2) explain the implications of committer >>> accountability, and (3) define our community standards in terms of >>> focusing on addressing issues and not on blaming individuals.) >> >> What I would like to see is more like this: >> >> Problems happen, while minimising there occurrence is important, it's >> also important to respond to problems in a useful way. There are two >> priorities, mitigating the impact and understanding what happened in >> order to reduce the chance of similar incidents in the future. The >> responsibility for both these things primarily lies with those >> involved, but like everything this is a group effort. >> >> When working to mitigate the impact of a problem, obviously the >> response is very much dependent on the situation. If it's possible to >> fix things that are broken, that's preferable. If that's infeasible, >> then promptly reverting changes to return to a working state is >> justified (as with any commit, note why the change is being made in >> the commit message). >> >> Once the problem has been dealt with to some extent, then it's the >> responsibility of those involved to make sure the situation is >> understood. If you are working to understand what happened, focus on >> gathering information and avoid assigning any blame. Do ask those >> involved to describe what has happened, don't ask them to explain the >> situation, even if you think they have something to explain, as this >> implicitly blames them, which is unhelpful. Accountability comes from >> a consensus about the problem, learning from it and improving >> processes so that it's less likely to reoccur. >> >> I'm not sure how much needs saying about reverts, but I did include >> something. >> >> For committer accountability, that's where I'm talking about the >> "responsibilities of those involved". I guess that's a little vague, but >> what I'm trying to do there is trying to capture the group of relevant >> people, for example, the person who proposed the breaking change, the >> committer who pushed it, and the other person that reverted it. >> >> In terms of trying to focus on addressing issues and not blaming >> individuals, I think just avoiding language that implicitly blames >> people would be a big step forward. Whether that's enough, I'm unsure. > > OK. > > I like what you wrote; I think it addresses #3 and a bit of #2 above, > but I find a bit too abstract, not sufficiently hands-on (when can > commits be reverted? what’s the timeframe? who’s involved?), and lacking > examples. “Problems happen” sounds unspecific to me (it reminds me of > Forest Gump :-)) and I’m uncomfortable with the passive voice that tends > to erase individuals. > > @subsection Addressing Issues > > Peer review (@pxref{Submitting Patches}) and tools such as > @command{guix lint} (@pxref{Invoking guix lint}) and the test suite > (@pxref{Running the Test Suite}) should catch issues before they are > pushed. Yet, commits that ``break'' functionality might occasionally > go through. When that happens, there are two priorities: mitigating > the impact, and understanding what happened to reduce the chance of > similar incidents in the future. The responsibility for both these > things primarily lies with those involved, but like everything this is > a group effort. > > Some issues can directly affect all users---for instance because they > make @command{guix pull} fail or break core functionality, because they > break major packages (at build time or run time), or because they > introduce known security vulnerabilities. I'm not sure what this paragraph is getting at? In any case, for security vulnerabilities, to affect all users they would also have to occur in major packages. > @cindex reverting commits > The people involved in authoring, reviewing, and pushing such > commit(s) should be at the forefront to mitigate their impact in a > timely fashion: by pushing a followup commit to fix it (if possible), > or by reverting it to leave time to come up with a proper fix, and by > communicating with other developers about the problem. > > If these persons are unavailable to address the issue in time, other > committers are entitled to revert the commit(s), explaining in the > commit log and on the mailing list what the problem was, with the goal > of leaving time to the original committer, reviewer(s), and author(s) > to propose a way forward. > > Once the problem has been dealt with, it is the responsibility of > those involved to make sure the situation is understood. If you are > working to understand what happened, focus on gathering information > and avoid assigning any blame. Do ask those involved to describe what > happened, do not ask them to explain the situation---this would > implicitly blame them, which is unhelpful. Accountability comes from > a consensus about the problem, learning from it and improving > processes so that it's less likely to reoccur. > > There’s still “the people involved”, “these persons”, and “such commits” > (I removed “faulty”), because I couldn’t think of a way of avoiding > these without making the text too abstract or dismissing the idea > entirely (the idea that if I push a breaking change, others can expect > me to be spend time “mitigating the effort”). > > Also, I think it’s useful to distinguish between “I revert my commit” > and “someone reverts my commit” due to their different social and > emotional implications (our goal is precisely to suggest that these > implications are out of place in this group effort that Guix is, but we > can’t deny that they preexist). > > WDYT? I think the above text looks good. As noted above, I'm unsure about the second paragraph, but that's not a big issue. [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 987 bytes --] ^ permalink raw reply [flat|nested] 28+ messages in thread
* [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation 2021-06-08 14:02 ` Christopher Baines @ 2021-06-11 14:05 ` Ludovic Courtès 2021-06-13 10:15 ` [bug#48696] [PATCH v2 0/4] " Ludovic Courtès 0 siblings, 1 reply; 28+ messages in thread From: Ludovic Courtès @ 2021-06-11 14:05 UTC (permalink / raw) To: Christopher Baines; +Cc: 48696 Hi Chris, Christopher Baines <mail@cbaines.net> skribis: > Ludovic Courtès <ludo@gnu.org> writes: [...] >> @subsection Addressing Issues >> >> Peer review (@pxref{Submitting Patches}) and tools such as >> @command{guix lint} (@pxref{Invoking guix lint}) and the test suite >> (@pxref{Running the Test Suite}) should catch issues before they are >> pushed. Yet, commits that ``break'' functionality might occasionally >> go through. When that happens, there are two priorities: mitigating >> the impact, and understanding what happened to reduce the chance of >> similar incidents in the future. The responsibility for both these >> things primarily lies with those involved, but like everything this is >> a group effort. >> >> Some issues can directly affect all users---for instance because they >> make @command{guix pull} fail or break core functionality, because they >> break major packages (at build time or run time), or because they >> introduce known security vulnerabilities. > > I'm not sure what this paragraph is getting at? It’s supposed to be provide concrete guidance to a committer wondering whether they can/should/are entitled to revert a given commit. > In any case, for security vulnerabilities, to affect all users they > would also have to occur in major packages. Agreed. The word “known” is important here: if I remove *-CVE-*.patch, or if I downgrade a package, I’m likely introducing a “known” vulnerability; if I’m adding a new package that later happens to be vulnerable, it’s not a “known” vulnerability (it’s just routine ;-)). > I think the above text looks good. As noted above, I'm unsure about the > second paragraph, but that's not a big issue. OK, thanks for taking the time to discuss it. I’ll send a v2 so everyone gets a chance to chime in. Ludo’. ^ permalink raw reply [flat|nested] 28+ messages in thread
* [bug#48696] [PATCH v2 0/4] Documenting commit reverts and revocation 2021-06-11 14:05 ` Ludovic Courtès @ 2021-06-13 10:15 ` Ludovic Courtès 2021-06-13 10:15 ` [bug#48696] [PATCH v2 1/4] doc: Structure the "Commit Access" section Ludovic Courtès ` (4 more replies) 0 siblings, 5 replies; 28+ messages in thread From: Ludovic Courtès @ 2021-06-13 10:15 UTC (permalink / raw) To: 48696; +Cc: Ludovic Courtès Hi! Changes since the initial version: 1. “Addressing Mistakes” section replaced by “Addressing Issues” following suggestions by Chris Baines at <https://issues.guix.gnu.org/48696#17>. 2. Fix typo and clarify Git commit signing instructions as reported by Julien and Maxime (these were in pre-existing text). If there are no objections, I’d like to push within a couple of days. Thanks, Ludo’. Ludovic Courtès (4): doc: Structure the "Commit Access" section. doc: Add "Addressing Issues" section. doc: Explain more reasons for commit revocation. doc: Clarify Git commit signing; fix typo. doc/contributing.texi | 121 ++++++++++++++++++++++++++++++++++-------- 1 file changed, 100 insertions(+), 21 deletions(-) -- 2.32.0 ^ permalink raw reply [flat|nested] 28+ messages in thread
* [bug#48696] [PATCH v2 1/4] doc: Structure the "Commit Access" section. 2021-06-13 10:15 ` [bug#48696] [PATCH v2 0/4] " Ludovic Courtès @ 2021-06-13 10:15 ` Ludovic Courtès 2021-06-13 11:50 ` Xinglu Chen 2021-06-13 10:15 ` [bug#48696] [PATCH v2 2/4] doc: Add "Addressing Issues" section Ludovic Courtès ` (3 subsequent siblings) 4 siblings, 1 reply; 28+ messages in thread From: Ludovic Courtès @ 2021-06-13 10:15 UTC (permalink / raw) To: 48696; +Cc: Ludovic Courtès * doc/contributing.texi (Commit Access): Add introduction and section heading. Separate OpenPGP setup from commit policy. --- doc/contributing.texi | 59 ++++++++++++++++++++++++++++--------------- 1 file changed, 38 insertions(+), 21 deletions(-) diff --git a/doc/contributing.texi b/doc/contributing.texi index d67e632520..4ab489173b 100644 --- a/doc/contributing.texi +++ b/doc/contributing.texi @@ -1275,8 +1275,19 @@ this nifty tool! @section Commit Access @cindex commit access, for developers -For frequent contributors, having write access to the repository is -convenient. When you deem it necessary, consider applying for commit +Everyone can contribute to Guix without having commit access +(@pxref{Submitting Patches}). However, for frequent contributors, +having write access to the repository can be convenient. Commit access +should not be thought of as a ``badge of honor'' but rather as a +responsibility a contributor is willing to take to help the project. + +The following sections explain how to get commit access, how to be ready +to push commits, and the policies and community expectations for commits +pushed upstream. + +@subsection Applying for Commit Access + +When you deem it necessary, consider applying for commit access by following these steps: @enumerate @@ -1348,6 +1359,27 @@ review and merging system, which, as a consequence, may lead us to have fewer people with commit access to the main repository. Stay tuned! @end quotation +All commits that are pushed to the central repository on Savannah must +be signed with an OpenPGP key, and the public key should be uploaded to +your user account on Savannah and to public key servers, such as +@code{keys.openpgp.org}. To configure Git to automatically sign +commits, run: + +@example +git config commit.gpgsign true +git config user.signingkey CABBA6EA1DC0FF33 +@end example + +You can prevent yourself from accidentally pushing unsigned commits to +Savannah by using the pre-push Git hook called located at +@file{etc/git/pre-push}: + +@example +cp etc/git/pre-push .git/hooks/pre-push +@end example + +@subsection Commit Policy + If you get commit access, please make sure to follow the policy below (discussions of the policy can take place on @email{guix-devel@@gnu.org}). @@ -1366,25 +1398,6 @@ mailing list for commit notifications (@email{guix-commits@@gnu.org}), so people can notice. Before pushing your changes, make sure to run @code{git pull --rebase}. -All commits that are pushed to the central repository on Savannah must -be signed with an OpenPGP key, and the public key should be uploaded to -your user account on Savannah and to public key servers, such as -@code{keys.openpgp.org}. To configure Git to automatically sign -commits, run: - -@example -git config commit.gpgsign true -git config user.signingkey CABBA6EA1DC0FF33 -@end example - -You can prevent yourself from accidentally pushing unsigned commits to -Savannah by using the pre-push Git hook called located at -@file{etc/git/pre-push}: - -@example -cp etc/git/pre-push .git/hooks/pre-push -@end example - When pushing a commit on behalf of somebody else, please add a @code{Signed-off-by} line at the end of the commit log message---e.g., with @command{git am --signoff}. This improves tracking of who did @@ -1406,12 +1419,16 @@ you're confident, it's OK to commit. That last part is subject to being adjusted, allowing individuals to commit directly on non-controversial changes on parts they’re familiar with. +@subsection Commit Revocation + In order to reduce the possibility of mistakes, committers will have their Savannah account removed from the Guix Savannah project and their key removed from @file{.guix-authorizations} after 12 months of inactivity; they can ask to regain commit access by emailing the maintainers, without going through the vouching process. +@subsection Helping Out + One last thing: the project keeps moving forward because committers not only push their own awesome changes, but also offer some of their time @emph{reviewing} and pushing other people's changes. As a committer, -- 2.32.0 ^ permalink raw reply related [flat|nested] 28+ messages in thread
* [bug#48696] [PATCH v2 1/4] doc: Structure the "Commit Access" section. 2021-06-13 10:15 ` [bug#48696] [PATCH v2 1/4] doc: Structure the "Commit Access" section Ludovic Courtès @ 2021-06-13 11:50 ` Xinglu Chen 2021-06-13 11:56 ` Xinglu Chen 0 siblings, 1 reply; 28+ messages in thread From: Xinglu Chen @ 2021-06-13 11:50 UTC (permalink / raw) To: Ludovic Courtès, 48696; +Cc: Ludovic Courtès [-- Attachment #1: Type: text/plain, Size: 2288 bytes --] On Sun, Jun 13 2021, Ludovic Courtès wrote: > * doc/contributing.texi (Commit Access): Add introduction and section > heading. Separate OpenPGP setup from commit policy. > --- > doc/contributing.texi | 59 ++++++++++++++++++++++++++++--------------- > 1 file changed, 38 insertions(+), 21 deletions(-) > > diff --git a/doc/contributing.texi b/doc/contributing.texi > index d67e632520..4ab489173b 100644 > --- a/doc/contributing.texi > +++ b/doc/contributing.texi > @@ -1275,8 +1275,19 @@ this nifty tool! > @section Commit Access > > @cindex commit access, for developers > -For frequent contributors, having write access to the repository is > -convenient. When you deem it necessary, consider applying for commit > +Everyone can contribute to Guix without having commit access > +(@pxref{Submitting Patches}). However, for frequent contributors, > +having write access to the repository can be convenient. Commit access > +should not be thought of as a ``badge of honor'' but rather as a > +responsibility a contributor is willing to take to help the project. > + > +The following sections explain how to get commit access, how to be ready > +to push commits, and the policies and community expectations for commits > +pushed upstream. > + > +@subsection Applying for Commit Access > + > +When you deem it necessary, consider applying for commit > access by following these steps: > > @enumerate > @@ -1348,6 +1359,27 @@ review and merging system, which, as a consequence, may lead us to have > fewer people with commit access to the main repository. Stay tuned! > @end quotation > > +All commits that are pushed to the central repository on Savannah must > +be signed with an OpenPGP key, and the public key should be uploaded to > +your user account on Savannah and to public key servers, such as > +@code{keys.openpgp.org}. To configure Git to automatically sign > +commits, run: > + > +@example > +git config commit.gpgsign true > +git config user.signingkey CABBA6EA1DC0FF33 > +@end example > + > +You can prevent yourself from accidentally pushing unsigned commits to > +Savannah by using the pre-push Git hook called located at > +@file{etc/git/pre-push}: I think you forgot to remove “called” :) [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 861 bytes --] ^ permalink raw reply [flat|nested] 28+ messages in thread
* [bug#48696] [PATCH v2 1/4] doc: Structure the "Commit Access" section. 2021-06-13 11:50 ` Xinglu Chen @ 2021-06-13 11:56 ` Xinglu Chen 0 siblings, 0 replies; 28+ messages in thread From: Xinglu Chen @ 2021-06-13 11:56 UTC (permalink / raw) To: Ludovic Courtès, 48696; +Cc: Ludovic Courtès [-- Attachment #1: Type: text/plain, Size: 2426 bytes --] On Sun, Jun 13 2021, Xinglu Chen wrote: > On Sun, Jun 13 2021, Ludovic Courtès wrote: > >> * doc/contributing.texi (Commit Access): Add introduction and section >> heading. Separate OpenPGP setup from commit policy. >> --- >> doc/contributing.texi | 59 ++++++++++++++++++++++++++++--------------- >> 1 file changed, 38 insertions(+), 21 deletions(-) >> >> diff --git a/doc/contributing.texi b/doc/contributing.texi >> index d67e632520..4ab489173b 100644 >> --- a/doc/contributing.texi >> +++ b/doc/contributing.texi >> @@ -1275,8 +1275,19 @@ this nifty tool! >> @section Commit Access >> >> @cindex commit access, for developers >> -For frequent contributors, having write access to the repository is >> -convenient. When you deem it necessary, consider applying for commit >> +Everyone can contribute to Guix without having commit access >> +(@pxref{Submitting Patches}). However, for frequent contributors, >> +having write access to the repository can be convenient. Commit access >> +should not be thought of as a ``badge of honor'' but rather as a >> +responsibility a contributor is willing to take to help the project. >> + >> +The following sections explain how to get commit access, how to be ready >> +to push commits, and the policies and community expectations for commits >> +pushed upstream. >> + >> +@subsection Applying for Commit Access >> + >> +When you deem it necessary, consider applying for commit >> access by following these steps: >> >> @enumerate >> @@ -1348,6 +1359,27 @@ review and merging system, which, as a consequence, may lead us to have >> fewer people with commit access to the main repository. Stay tuned! >> @end quotation >> >> +All commits that are pushed to the central repository on Savannah must >> +be signed with an OpenPGP key, and the public key should be uploaded to >> +your user account on Savannah and to public key servers, such as >> +@code{keys.openpgp.org}. To configure Git to automatically sign >> +commits, run: >> + >> +@example >> +git config commit.gpgsign true >> +git config user.signingkey CABBA6EA1DC0FF33 >> +@end example >> + >> +You can prevent yourself from accidentally pushing unsigned commits to >> +Savannah by using the pre-push Git hook called located at >> +@file{etc/git/pre-push}: > > I think you forgot to remove “called” :) Oh, I see that you fixed it in 4/4... [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 861 bytes --] ^ permalink raw reply [flat|nested] 28+ messages in thread
* [bug#48696] [PATCH v2 2/4] doc: Add "Addressing Issues" section. 2021-06-13 10:15 ` [bug#48696] [PATCH v2 0/4] " Ludovic Courtès 2021-06-13 10:15 ` [bug#48696] [PATCH v2 1/4] doc: Structure the "Commit Access" section Ludovic Courtès @ 2021-06-13 10:15 ` Ludovic Courtès 2021-06-13 10:15 ` [bug#48696] [PATCH v2 3/4] doc: Explain more reasons for commit revocation Ludovic Courtès ` (2 subsequent siblings) 4 siblings, 0 replies; 28+ messages in thread From: Ludovic Courtès @ 2021-06-13 10:15 UTC (permalink / raw) To: 48696; +Cc: Ludovic Courtès, Christopher Baines * doc/contributing.texi (Addressing Mistakes): New section. Co-authored-by: Christopher Baines <mail@cbaines.net> --- doc/contributing.texi | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/doc/contributing.texi b/doc/contributing.texi index 4ab489173b..00962be11e 100644 --- a/doc/contributing.texi +++ b/doc/contributing.texi @@ -1419,6 +1419,45 @@ you're confident, it's OK to commit. That last part is subject to being adjusted, allowing individuals to commit directly on non-controversial changes on parts they’re familiar with. +@subsection Addressing Issues + +Peer review (@pxref{Submitting Patches}) and tools such as +@command{guix lint} (@pxref{Invoking guix lint}) and the test suite +(@pxref{Running the Test Suite}) should catch issues before they are +pushed. Yet, commits that ``break'' functionality might occasionally +go through. When that happens, there are two priorities: mitigating +the impact, and understanding what happened to reduce the chance of +similar incidents in the future. The responsibility for both these +things primarily lies with those involved, but like everything this is +a group effort. + +Some issues can directly affect all users---for instance because they +make @command{guix pull} fail or break core functionality, because they +break major packages (at build time or run time), or because they +introduce known security vulnerabilities. + +@cindex reverting commits +The people involved in authoring, reviewing, and pushing such +commit(s) should be at the forefront to mitigate their impact in a +timely fashion: by pushing a followup commit to fix it (if possible), +or by reverting it to leave time to come up with a proper fix, and by +communicating with other developers about the problem. + +If these persons are unavailable to address the issue in time, other +committers are entitled to revert the commit(s), explaining in the +commit log and on the mailing list what the problem was, with the goal +of leaving time to the original committer, reviewer(s), and author(s) +to propose a way forward. + +Once the problem has been dealt with, it is the responsibility of +those involved to make sure the situation is understood. If you are +working to understand what happened, focus on gathering information +and avoid assigning any blame. Do ask those involved to describe what +happened, do not ask them to explain the situation---this would +implicitly blame them, which is unhelpful. Accountability comes from +a consensus about the problem, learning from it and improving +processes so that it's less likely to reoccur. + @subsection Commit Revocation In order to reduce the possibility of mistakes, committers will have -- 2.32.0 ^ permalink raw reply related [flat|nested] 28+ messages in thread
* [bug#48696] [PATCH v2 3/4] doc: Explain more reasons for commit revocation. 2021-06-13 10:15 ` [bug#48696] [PATCH v2 0/4] " Ludovic Courtès 2021-06-13 10:15 ` [bug#48696] [PATCH v2 1/4] doc: Structure the "Commit Access" section Ludovic Courtès 2021-06-13 10:15 ` [bug#48696] [PATCH v2 2/4] doc: Add "Addressing Issues" section Ludovic Courtès @ 2021-06-13 10:15 ` Ludovic Courtès 2021-06-13 10:15 ` [bug#48696] [PATCH v2 4/4] doc: Clarify Git commit signing; fix typo Ludovic Courtès 2021-06-18 12:37 ` bug#48696: [PATCH 0/3] Documenting commit reverts and revocation Ludovic Courtès 4 siblings, 0 replies; 28+ messages in thread From: Ludovic Courtès @ 2021-06-13 10:15 UTC (permalink / raw) To: 48696; +Cc: Ludovic Courtès * doc/contributing.texi (Commit Revocation): Expound. --- doc/contributing.texi | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/doc/contributing.texi b/doc/contributing.texi index 00962be11e..5e59278534 100644 --- a/doc/contributing.texi +++ b/doc/contributing.texi @@ -1466,6 +1466,27 @@ key removed from @file{.guix-authorizations} after 12 months of inactivity; they can ask to regain commit access by emailing the maintainers, without going through the vouching process. +Maintainers@footnote{See @uref{https://guix.gnu.org/en/about} for the +current list of maintainers. You can email them privately at +@email{guix-maintainers@@gnu.org}.} may also revoke an individual's +commit rights, as a last resort, if cooperation with the rest of the +community has caused too much friction---even within the bounds of the +project's code of conduct (@pxref{Contributing}). They would only do so +after public or private discussion with the individual and a clear +notice. Examples of behavior that hinders cooperation and could lead to +such a decision include: + +@itemize +@item repeated violation of the commit policy stated above; +@item repeated failure to take peer criticism into account; +@item breaching trust through a series of grave incidents. +@end itemize + +When maintainers resort to such a decision, they notify developers on +@email{guix-devel@@gnu.org}; inquiries may be sent to +@email{guix-maintainers@@gnu.org}. Depending on the situation, the +individual may still be welcome to contribute. + @subsection Helping Out One last thing: the project keeps moving forward because committers not -- 2.32.0 ^ permalink raw reply related [flat|nested] 28+ messages in thread
* [bug#48696] [PATCH v2 4/4] doc: Clarify Git commit signing; fix typo. 2021-06-13 10:15 ` [bug#48696] [PATCH v2 0/4] " Ludovic Courtès ` (2 preceding siblings ...) 2021-06-13 10:15 ` [bug#48696] [PATCH v2 3/4] doc: Explain more reasons for commit revocation Ludovic Courtès @ 2021-06-13 10:15 ` Ludovic Courtès 2021-06-18 12:37 ` bug#48696: [PATCH 0/3] Documenting commit reverts and revocation Ludovic Courtès 4 siblings, 0 replies; 28+ messages in thread From: Ludovic Courtès @ 2021-06-13 10:15 UTC (permalink / raw) To: 48696; +Cc: Ludovic Courtès Suggested by Maxime Devos <maximedevos@telenet.be> and Julien Lepiller <julien@lepiller.eu>. * doc/contributing.texi (Commit Access): Clarify Git commit signing setup and fix typo. --- doc/contributing.texi | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/contributing.texi b/doc/contributing.texi index 5e59278534..a8bc279936 100644 --- a/doc/contributing.texi +++ b/doc/contributing.texi @@ -1367,11 +1367,13 @@ commits, run: @example git config commit.gpgsign true + +# Substitute the fingerprint of your public PGP key. git config user.signingkey CABBA6EA1DC0FF33 @end example You can prevent yourself from accidentally pushing unsigned commits to -Savannah by using the pre-push Git hook called located at +Savannah by using the pre-push Git hook located at @file{etc/git/pre-push}: @example -- 2.32.0 ^ permalink raw reply related [flat|nested] 28+ messages in thread
* bug#48696: [PATCH 0/3] Documenting commit reverts and revocation 2021-06-13 10:15 ` [bug#48696] [PATCH v2 0/4] " Ludovic Courtès ` (3 preceding siblings ...) 2021-06-13 10:15 ` [bug#48696] [PATCH v2 4/4] doc: Clarify Git commit signing; fix typo Ludovic Courtès @ 2021-06-18 12:37 ` Ludovic Courtès 4 siblings, 0 replies; 28+ messages in thread From: Ludovic Courtès @ 2021-06-18 12:37 UTC (permalink / raw) To: 48696-done Hi! Ludovic Courtès <ludo@gnu.org> skribis: > If there are no objections, I’d like to push within a couple of > days. [...] > doc: Structure the "Commit Access" section. > doc: Add "Addressing Issues" section. > doc: Explain more reasons for commit revocation. > doc: Clarify Git commit signing; fix typo. Pushed as b5b9266e409abb18970bd34557cf087eb29fa713. Thanks Chris and everyone for your feedback! Ludo’. ^ permalink raw reply [flat|nested] 28+ messages in thread
* [bug#48696] [PATCH 3/3] doc: Explain more reasons for commit revocation. 2021-05-27 12:35 ` [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section Ludovic Courtès 2021-05-27 12:35 ` [bug#48696] [PATCH 2/3] doc: Add "Addressing Mistakes" section Ludovic Courtès @ 2021-05-27 12:35 ` Ludovic Courtès 2021-05-27 19:13 ` Maxime Devos 2021-05-27 20:07 ` Christopher Baines 2021-05-27 13:55 ` [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section Julien Lepiller 2021-05-27 19:10 ` Maxime Devos 3 siblings, 2 replies; 28+ messages in thread From: Ludovic Courtès @ 2021-05-27 12:35 UTC (permalink / raw) To: 48696; +Cc: Ludovic Courtès * doc/contributing.texi (Commit Revocation): Expound. --- doc/contributing.texi | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/doc/contributing.texi b/doc/contributing.texi index 8308551261..ec649c8e13 100644 --- a/doc/contributing.texi +++ b/doc/contributing.texi @@ -1444,6 +1444,27 @@ key removed from @file{.guix-authorizations} after 12 months of inactivity; they can ask to regain commit access by emailing the maintainers, without going through the vouching process. +Maintainers@footnote{See @uref{https://guix.gnu.org/en/about} for the +current list of maintainers. You can email them privately at +@email{guix-maintainers@@gnu.org}.} may also revoke an individual's +commit rights, as a last resort, if cooperation with the rest of the +community has caused too much friction---even within the bounds of the +project's code of conduct (@pxref{Contributing}). They would only do so +after public or private discussion with the individual and a clear +notice. Examples of behavior that hinders cooperation and could lead to +such a decision include: + +@itemize +@item repeated violation of the commit policy stated above; +@item repeated failure to take peer criticism into account; +@item breaching trust through a series of grave incidents. +@end itemize + +When maintainers resort to such a decision, they notify developers on +@email{guix-devel@@gnu.org}; inquiries may be sent to +@email{guix-maintainers@@gnu.org}. Depending on the situation, the +individual may still be welcome to contribute. + @subsection Helping Out One last thing: the project keeps moving forward because committers not -- 2.31.1 ^ permalink raw reply related [flat|nested] 28+ messages in thread
* [bug#48696] [PATCH 3/3] doc: Explain more reasons for commit revocation. 2021-05-27 12:35 ` [bug#48696] [PATCH 3/3] doc: Explain more reasons for commit revocation Ludovic Courtès @ 2021-05-27 19:13 ` Maxime Devos 2021-05-27 20:07 ` Christopher Baines 1 sibling, 0 replies; 28+ messages in thread From: Maxime Devos @ 2021-05-27 19:13 UTC (permalink / raw) To: Ludovic Courtès, 48696 [-- Attachment #1: Type: text/plain, Size: 70 bytes --] PATCH 2/3 and PATCH 3/3 also seem good to me. Greetings, Maxime. [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 260 bytes --] ^ permalink raw reply [flat|nested] 28+ messages in thread
* [bug#48696] [PATCH 3/3] doc: Explain more reasons for commit revocation. 2021-05-27 12:35 ` [bug#48696] [PATCH 3/3] doc: Explain more reasons for commit revocation Ludovic Courtès 2021-05-27 19:13 ` Maxime Devos @ 2021-05-27 20:07 ` Christopher Baines 2021-05-29 9:58 ` Ludovic Courtès 1 sibling, 1 reply; 28+ messages in thread From: Christopher Baines @ 2021-05-27 20:07 UTC (permalink / raw) To: Ludovic Courtès; +Cc: 48696 [-- Attachment #1: Type: text/plain, Size: 3447 bytes --] Ludovic Courtès <ludo@gnu.org> writes: > * doc/contributing.texi (Commit Revocation): Expound. > --- > doc/contributing.texi | 21 +++++++++++++++++++++ > 1 file changed, 21 insertions(+) > > diff --git a/doc/contributing.texi b/doc/contributing.texi > index 8308551261..ec649c8e13 100644 > --- a/doc/contributing.texi > +++ b/doc/contributing.texi > @@ -1444,6 +1444,27 @@ key removed from @file{.guix-authorizations} after 12 months of > inactivity; they can ask to regain commit access by emailing the > maintainers, without going through the vouching process. > > +Maintainers@footnote{See @uref{https://guix.gnu.org/en/about} for the > +current list of maintainers. You can email them privately at > +@email{guix-maintainers@@gnu.org}.} may also revoke an individual's > +commit rights, as a last resort, if cooperation with the rest of the > +community has caused too much friction---even within the bounds of the > +project's code of conduct (@pxref{Contributing}). They would only do so > +after public or private discussion with the individual and a clear > +notice. Examples of behavior that hinders cooperation and could lead to > +such a decision include: > + > +@itemize > +@item repeated violation of the commit policy stated above; > +@item repeated failure to take peer criticism into account; > +@item breaching trust through a series of grave incidents. > +@end itemize > + > +When maintainers resort to such a decision, they notify developers on > +@email{guix-devel@@gnu.org}; inquiries may be sent to > +@email{guix-maintainers@@gnu.org}. Depending on the situation, the > +individual may still be welcome to contribute. > + > @subsection Helping Out > > One last thing: the project keeps moving forward because committers not Since the project code of conduct sets out behavioural standards, including mandating "Gracefully accepting constructive criticism" and "Showing empathy towards other community members", I think that combined with "following the relevant processes" already covers what you're setting out here? I was shocked by [1], which from memory is the first time a technical measure has been used to push a contributor away from the project (at least that's my interpretation of the effect/intent). I think the future use of revoking individuals commit access would be good to discuss. 1: https://lists.gnu.org/archive/html/guix-devel/2021-04/msg00489.html In abstract, in my opinion, I can only think of three scenarios for removing someones commit access when they're actively using it: - Clear violation of the code of conduct I don't think it's helpful to set out stuff about conduct in other places, particularly bits about unacceptable conduct. If the code of conduct is wrong or not sufficient, it should be revised. - Suspected malicious intent Like they didn't just introduce some reference to some dodgy release tarball for a package, but it seems like this could have been done intentionally. - Process problem for giving out commit access There's a process and people involved, so it's fair to say that problems can occur. Obviously it's not ideal, but if the process wasn't followed correctly, or if it's been updated and in hindsight different decisions would have been made, I think that's reason enough to apologise, and remove someones commit access. [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 987 bytes --] ^ permalink raw reply [flat|nested] 28+ messages in thread
* [bug#48696] [PATCH 3/3] doc: Explain more reasons for commit revocation. 2021-05-27 20:07 ` Christopher Baines @ 2021-05-29 9:58 ` Ludovic Courtès 2021-05-29 11:28 ` Christopher Baines 0 siblings, 1 reply; 28+ messages in thread From: Ludovic Courtès @ 2021-05-29 9:58 UTC (permalink / raw) To: Christopher Baines; +Cc: 48696 Christopher Baines <mail@cbaines.net> skribis: > Ludovic Courtès <ludo@gnu.org> writes: [...] >> +Maintainers@footnote{See @uref{https://guix.gnu.org/en/about} for the >> +current list of maintainers. You can email them privately at >> +@email{guix-maintainers@@gnu.org}.} may also revoke an individual's >> +commit rights, as a last resort, if cooperation with the rest of the >> +community has caused too much friction---even within the bounds of the >> +project's code of conduct (@pxref{Contributing}). They would only do so >> +after public or private discussion with the individual and a clear >> +notice. Examples of behavior that hinders cooperation and could lead to >> +such a decision include: >> + >> +@itemize >> +@item repeated violation of the commit policy stated above; >> +@item repeated failure to take peer criticism into account; >> +@item breaching trust through a series of grave incidents. >> +@end itemize [...] > Since the project code of conduct sets out behavioural standards, > including mandating "Gracefully accepting constructive criticism" and > "Showing empathy towards other community members", I think that combined > with "following the relevant processes" already covers what you're > setting out here? Note that the code of conduct does not “mandate” gracefully accepting constructive criticism; it merely gives it as an example of expected behavior. > I was shocked by [1], which from memory is the first time a technical > measure has been used to push a contributor away from the project (at > least that's my interpretation of the effect/intent). I think the future > use of revoking individuals commit access would be good to discuss. > > 1: https://lists.gnu.org/archive/html/guix-devel/2021-04/msg00489.html Yes, it was the first time; it was a tough decision for us co-maintainers because it was a last resort we were not prepared for. Part of the reason for this patch is to document this possibility so we all know what to expect. > In abstract, in my opinion, I can only think of three scenarios for > removing someones commit access when they're actively using it: > > - Clear violation of the code of conduct Yes, that’s already covered by the code of conduct. The section above is explicitly about cases where the individual did not violate the code of conduct (hence “even within the bounds of the project's code of conduct” in the text above), but instead broke community expectations. > - Suspected malicious intent Put this way, the question becomes who is suspecting that. Instead I wrote “breaching trust” in the bullet list above; the intent is to describe a situation where the individual and other committers no longer trust each other, there’s no judgment involved. > - Process problem for giving out commit access The process for giving commit access is already documented (info "(guix) Commit Access"); my intent here was not to change it. Thanks, Ludo’. ^ permalink raw reply [flat|nested] 28+ messages in thread
* [bug#48696] [PATCH 3/3] doc: Explain more reasons for commit revocation. 2021-05-29 9:58 ` Ludovic Courtès @ 2021-05-29 11:28 ` Christopher Baines 2021-05-29 20:36 ` Ludovic Courtès 0 siblings, 1 reply; 28+ messages in thread From: Christopher Baines @ 2021-05-29 11:28 UTC (permalink / raw) To: Ludovic Courtès; +Cc: 48696 [-- Attachment #1: Type: text/plain, Size: 3623 bytes --] Ludovic Courtès <ludo@gnu.org> writes: > Christopher Baines <mail@cbaines.net> skribis: > >> Ludovic Courtès <ludo@gnu.org> writes: > > [...] > >>> +Maintainers@footnote{See @uref{https://guix.gnu.org/en/about} for the >>> +current list of maintainers. You can email them privately at >>> +@email{guix-maintainers@@gnu.org}.} may also revoke an individual's >>> +commit rights, as a last resort, if cooperation with the rest of the >>> +community has caused too much friction---even within the bounds of the >>> +project's code of conduct (@pxref{Contributing}). They would only do so >>> +after public or private discussion with the individual and a clear >>> +notice. Examples of behavior that hinders cooperation and could lead to >>> +such a decision include: >>> + >>> +@itemize >>> +@item repeated violation of the commit policy stated above; >>> +@item repeated failure to take peer criticism into account; >>> +@item breaching trust through a series of grave incidents. >>> +@end itemize > > [...] > >> Since the project code of conduct sets out behavioural standards, >> including mandating "Gracefully accepting constructive criticism" and >> "Showing empathy towards other community members", I think that combined >> with "following the relevant processes" already covers what you're >> setting out here? > > Note that the code of conduct does not “mandate” gracefully accepting > constructive criticism; it merely gives it as an example of expected > behavior. Yeah, maybe you're right. While there's a pledge regarding harassment, and the example behaviours are given in a section titled "Standards", the example behaviours are called that, examples. >> In abstract, in my opinion, I can only think of three scenarios for >> removing someones commit access when they're actively using it: >> >> - Clear violation of the code of conduct > > Yes, that’s already covered by the code of conduct. > > The section above is explicitly about cases where the individual did not > violate the code of conduct (hence “even within the bounds of the > project's code of conduct” in the text above), but instead broke > community expectations. I'd like to say that the code of conduct should encapsulate community expectations, but it does seem just to set out a strong position on harassment, and I would like to think that the community expectations are more than just making sure people feel that they're not being harassed. Is your intent here for "community expectations" to be/remain abstract, or for them to be explicitly set out somewhere? >> - Suspected malicious intent > > Put this way, the question becomes who is suspecting that. Instead I > wrote “breaching trust” in the bullet list above; the intent is to > describe a situation where the individual and other committers no longer > trust each other, there’s no judgment involved. I think the "who" here would be the people looking at removing someones commit access. I like this framing because it's more specific than "breaching trust through a series of grave incidents". Do you have other things in mind that this third point as you put it would cover? >> - Process problem for giving out commit access > > The process for giving commit access is already documented (info "(guix) > Commit Access"); my intent here was not to change it. My point here is just that I think it's reasonable to remove someones commit access if it was effectively given out in error (because the process wasn't followed properly, or has been since revised). [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 987 bytes --] ^ permalink raw reply [flat|nested] 28+ messages in thread
* [bug#48696] [PATCH 3/3] doc: Explain more reasons for commit revocation. 2021-05-29 11:28 ` Christopher Baines @ 2021-05-29 20:36 ` Ludovic Courtès 0 siblings, 0 replies; 28+ messages in thread From: Ludovic Courtès @ 2021-05-29 20:36 UTC (permalink / raw) To: Christopher Baines; +Cc: 48696 Hello! Christopher Baines <mail@cbaines.net> skribis: > Ludovic Courtès <ludo@gnu.org> writes: [...] >> The section above is explicitly about cases where the individual did not >> violate the code of conduct (hence “even within the bounds of the >> project's code of conduct” in the text above), but instead broke >> community expectations. > > I'd like to say that the code of conduct should encapsulate community > expectations, but it does seem just to set out a strong position on > harassment, and I would like to think that the community expectations > are more than just making sure people feel that they're not being > harassed. Yes, that’s what the code of conduct is about, mostly. It does not say how a development community should cooperate, how it can maximize benefits for everyone involved. I found this article by a Rust developer inspiring: <https://aturon.github.io/tech/2018/06/02/listening-part-2/>. > Is your intent here for "community expectations" to be/remain abstract, > or for them to be explicitly set out somewhere? My intent with this patch is to spell out expectations for committers, with a concrete implementation. It’s one particular aspect of “community expectations”, but one that I think ought to be written down, because committers (and maintainers) have a higher responsibility. >>> - Suspected malicious intent >> >> Put this way, the question becomes who is suspecting that. Instead I >> wrote “breaching trust” in the bullet list above; the intent is to >> describe a situation where the individual and other committers no longer >> trust each other, there’s no judgment involved. > > I think the "who" here would be the people looking at removing someones > commit access. Removing someone’s commit access can never be a goal. However, maintainers, like everyone else, can witness a breach of trust at some point. > I like this framing because it's more specific than "breaching trust > through a series of grave incidents". Do you have other things in mind > that this third point as you put it would cover? If repeated incidents happen, some may presume malice, while others may still see “mere mistakes”—we have different thresholds. Breach of trust concerns the group as a whole: once there’s mutual suspicion among some in the group, we can say that cooperation “doesn’t work” anymore, that there’s too much friction. >>> - Process problem for giving out commit access >> >> The process for giving commit access is already documented (info "(guix) >> Commit Access"); my intent here was not to change it. > > My point here is just that I think it's reasonable to remove someones > commit access if it was effectively given out in error (because the > process wasn't followed properly, or has been since revised). Oh, got it. To me it’s implicit that commit access can only be obtained by following the documented process (that’s indeed be the case since it’s in place); do you think we should be more explicit? Thanks, Ludo’. ^ permalink raw reply [flat|nested] 28+ messages in thread
* [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section. 2021-05-27 12:35 ` [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section Ludovic Courtès 2021-05-27 12:35 ` [bug#48696] [PATCH 2/3] doc: Add "Addressing Mistakes" section Ludovic Courtès 2021-05-27 12:35 ` [bug#48696] [PATCH 3/3] doc: Explain more reasons for commit revocation Ludovic Courtès @ 2021-05-27 13:55 ` Julien Lepiller 2021-05-29 9:30 ` Ludovic Courtès 2021-05-27 19:10 ` Maxime Devos 3 siblings, 1 reply; 28+ messages in thread From: Julien Lepiller @ 2021-05-27 13:55 UTC (permalink / raw) To: Ludovic Courtès, 48696 Le 27 mai 2021 08:35:52 GMT-04:00, "Ludovic Courtès" <ludo@gnu.org> a écrit : >* doc/contributing.texi (Commit Access): Add introduction and section >heading. Separate OpenPGP setup from commit policy. >--- > doc/contributing.texi | 59 ++++++++++++++++++++++++++++--------------- > 1 file changed, 38 insertions(+), 21 deletions(-) > >diff --git a/doc/contributing.texi b/doc/contributing.texi >index cfcae22502..7dc912b4de 100644 >--- a/doc/contributing.texi >+++ b/doc/contributing.texi >@@ -1258,8 +1258,19 @@ this nifty tool! > @section Commit Access > > @cindex commit access, for developers >-For frequent contributors, having write access to the repository is >-convenient. When you deem it necessary, consider applying for commit >+Everyone can contribute to Guix without having commit access >+(@pxref{Submitting Patches}). However, for frequent contributors, >+having write access to the repository can be convenient. Commit >access >+should not be thought of as a ``badge of honor'' but rather as a >+responsibility a contributor is willing to take to help the project. >+ >+The following sections explain how to get commit access, how to be >ready >+to push commits, and the policies and community expectations for >commits >+pushed upstream. >+ >+@subsection Applying for Commit Access >+ >+When you deem it necessary, consider applying for commit > access by following these steps: > > @enumerate >@@ -1331,6 +1342,27 @@ review and merging system, which, as a >consequence, may lead us to have > fewer people with commit access to the main repository. Stay tuned! > @end quotation > >+All commits that are pushed to the central repository on Savannah must >+be signed with an OpenPGP key, and the public key should be uploaded >to >+your user account on Savannah and to public key servers, such as >+@code{keys.openpgp.org}. To configure Git to automatically sign >+commits, run: >+ >+@example >+git config commit.gpgsign true >+git config user.signingkey CABBA6EA1DC0FF33 >+@end example >+ >+You can prevent yourself from accidentally pushing unsigned commits to >+Savannah by using the pre-push Git hook called located at >+@file{etc/git/pre-push}: This sentence sounds weird. Isn't "called" superfluous? >+ >+@example >+cp etc/git/pre-push .git/hooks/pre-push >+@end example >+ >+@subsection Commit Policy >+ > If you get commit access, please make sure to follow > the policy below (discussions of the policy can take place on > @email{guix-devel@@gnu.org}). >@@ -1349,25 +1381,6 @@ mailing list for commit notifications >(@email{guix-commits@@gnu.org}), > so people can notice. Before pushing your changes, make sure to run > @code{git pull --rebase}. > >-All commits that are pushed to the central repository on Savannah must >-be signed with an OpenPGP key, and the public key should be uploaded >to >-your user account on Savannah and to public key servers, such as >-@code{keys.openpgp.org}. To configure Git to automatically sign >-commits, run: >- >-@example >-git config commit.gpgsign true >-git config user.signingkey CABBA6EA1DC0FF33 >-@end example >- >-You can prevent yourself from accidentally pushing unsigned commits to >-Savannah by using the pre-push Git hook called located at >-@file{etc/git/pre-push}: >- >-@example >-cp etc/git/pre-push .git/hooks/pre-push >-@end example >- > When pushing a commit on behalf of somebody else, please add a > @code{Signed-off-by} line at the end of the commit log message---e.g., > with @command{git am --signoff}. This improves tracking of who did >@@ -1389,12 +1402,16 @@ you're confident, it's OK to commit. >That last part is subject to being adjusted, allowing individuals to >commit > directly on non-controversial changes on parts they’re familiar with. > >+@subsection Commit Revocation >+ > In order to reduce the possibility of mistakes, committers will have >their Savannah account removed from the Guix Savannah project and their > key removed from @file{.guix-authorizations} after 12 months of > inactivity; they can ask to regain commit access by emailing the > maintainers, without going through the vouching process. > >+@subsection Helping Out >+ >One last thing: the project keeps moving forward because committers not > only push their own awesome changes, but also offer some of their time > @emph{reviewing} and pushing other people's changes. As a committer, ^ permalink raw reply [flat|nested] 28+ messages in thread
* [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section. 2021-05-27 13:55 ` [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section Julien Lepiller @ 2021-05-29 9:30 ` Ludovic Courtès 0 siblings, 0 replies; 28+ messages in thread From: Ludovic Courtès @ 2021-05-29 9:30 UTC (permalink / raw) To: Julien Lepiller, Maxime Devos; +Cc: 48696 Hi Julien & Maxime, Julien Lepiller <julien@lepiller.eu> skribis: >>+@example >>+git config commit.gpgsign true >>+git config user.signingkey CABBA6EA1DC0FF33 >>+@end example >>+ >>+You can prevent yourself from accidentally pushing unsigned commits to >>+Savannah by using the pre-push Git hook called located at >>+@file{etc/git/pre-push}: > > This sentence sounds weird. Isn't "called" superfluous? [...] >> +@example >> +git config commit.gpgsign true >> +git config user.signingkey CABBA6EA1DC0FF33 >> +@end example > > Is that meant to represent ‘cabbage and coffee’ in l33t? > Maybe replace this with something like > > +@example >> +git config commit.gpgsign true >> +# Substitute the fingerprint of your public PGP key >> +git config user.signingkey CABBA6EA1DC0FF33 >> +@end example > > Basic, I know, but people have to learn the basics from > somewhere, so maybe best be explicit here. Yes, that makes sense to me. Note that this text is not new, the patch merely shuffles it around. But I agree, I’ll address the two issues above once we’ve agreed on the rest. >> + [... some newlines after @section{...} ] > > These extra newlines could go directly into 'master' I guess. > The rest of [PATCH 1/3] seems ok to me? I don’t know. :-) Patch #1 just moves text around and adds sectioning. BTW, the whole patch series targets ‘master’ (there’s no point in documenting our procedures in a branch other than ‘master’). Thanks, Ludo’. ^ permalink raw reply [flat|nested] 28+ messages in thread
* [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section. 2021-05-27 12:35 ` [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section Ludovic Courtès ` (2 preceding siblings ...) 2021-05-27 13:55 ` [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section Julien Lepiller @ 2021-05-27 19:10 ` Maxime Devos 3 siblings, 0 replies; 28+ messages in thread From: Maxime Devos @ 2021-05-27 19:10 UTC (permalink / raw) To: Ludovic Courtès, 48696 [-- Attachment #1: Type: text/plain, Size: 1039 bytes --] Ludovic Courtès schreef op do 27-05-2021 om 14:35 [+0200]: > +All commits that are pushed to the central repository on Savannah must > +be signed with an OpenPGP key, and the public key should be uploaded to > +your user account on Savannah and to public key servers, such as > +@code{keys.openpgp.org}. To configure Git to automatically sign > +commits, run: > + > +@example > +git config commit.gpgsign true > +git config user.signingkey CABBA6EA1DC0FF33 > +@end example Is that meant to represent ‘cabbage and coffee’ in l33t? Maybe replace this with something like +@example > +git config commit.gpgsign true > +# Substitute the fingerprint of your public PGP key > +git config user.signingkey CABBA6EA1DC0FF33 > +@end example Basic, I know, but people have to learn the basics from somewhere, so maybe best be explicit here. > + [... some newlines after @section{...} ] These extra newlines could go directly into 'master' I guess. The rest of [PATCH 1/3] seems ok to me? Greetings, Maxime. [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 260 bytes --] ^ permalink raw reply [flat|nested] 28+ messages in thread
* [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation 2021-05-27 12:32 [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation Ludovic Courtès 2021-05-27 12:35 ` [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section Ludovic Courtès @ 2021-05-27 14:16 ` Leo Famulari 2021-05-30 12:49 ` Tobias Geerinckx-Rice via Guix-patches via 2 siblings, 0 replies; 28+ messages in thread From: Leo Famulari @ 2021-05-27 14:16 UTC (permalink / raw) To: Ludovic Courtès; +Cc: 48696 On Thu, May 27, 2021 at 02:32:59PM +0200, Ludovic Courtès wrote: > Hello Guix! > > Attached is an attempt to: > > 1. Structure the “Commit Access” section of the manual; > > 2. Document how to address committers’ mistakes, when to revert > commits; > > 3. Explain under what circumstances maintainers may revoke commit > rights. > > It essentially codifies unwritten rules, but as always, I think it’s > better to be explicit about the rules and community expectations. > > Let me know what you think! I propose to leave a comment period > of at least one week, possibly iterating with new versions. Thanks for putting this together. It looks good to me! ^ permalink raw reply [flat|nested] 28+ messages in thread
* [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation 2021-05-27 12:32 [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation Ludovic Courtès 2021-05-27 12:35 ` [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section Ludovic Courtès 2021-05-27 14:16 ` [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation Leo Famulari @ 2021-05-30 12:49 ` Tobias Geerinckx-Rice via Guix-patches via 2 siblings, 0 replies; 28+ messages in thread From: Tobias Geerinckx-Rice via Guix-patches via @ 2021-05-30 12:49 UTC (permalink / raw) To: Ludovic Courtès; +Cc: 48696 [-- Attachment #1: Type: text/plain, Size: 378 bytes --] Ludovic Courtès 写道: > It essentially codifies unwritten rules, but as always, I think > it’s > better to be explicit about the rules and community > expectations. Looks good to me modulo obvious typos like the ‘called’ pointed out by Julien. I *don't* think the text assigns too much potential blame. Responsibility, yes. Thanks Ludo'! T G-R [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 247 bytes --] ^ permalink raw reply [flat|nested] 28+ messages in thread
end of thread, other threads:[~2021-06-18 12:40 UTC | newest] Thread overview: 28+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2021-05-27 12:32 [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation Ludovic Courtès 2021-05-27 12:35 ` [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section Ludovic Courtès 2021-05-27 12:35 ` [bug#48696] [PATCH 2/3] doc: Add "Addressing Mistakes" section Ludovic Courtès 2021-05-27 19:19 ` Christopher Baines 2021-05-29 10:22 ` Ludovic Courtès 2021-05-30 10:29 ` Christopher Baines 2021-06-02 9:22 ` [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation Ludovic Courtès 2021-06-08 14:02 ` Christopher Baines 2021-06-11 14:05 ` Ludovic Courtès 2021-06-13 10:15 ` [bug#48696] [PATCH v2 0/4] " Ludovic Courtès 2021-06-13 10:15 ` [bug#48696] [PATCH v2 1/4] doc: Structure the "Commit Access" section Ludovic Courtès 2021-06-13 11:50 ` Xinglu Chen 2021-06-13 11:56 ` Xinglu Chen 2021-06-13 10:15 ` [bug#48696] [PATCH v2 2/4] doc: Add "Addressing Issues" section Ludovic Courtès 2021-06-13 10:15 ` [bug#48696] [PATCH v2 3/4] doc: Explain more reasons for commit revocation Ludovic Courtès 2021-06-13 10:15 ` [bug#48696] [PATCH v2 4/4] doc: Clarify Git commit signing; fix typo Ludovic Courtès 2021-06-18 12:37 ` bug#48696: [PATCH 0/3] Documenting commit reverts and revocation Ludovic Courtès 2021-05-27 12:35 ` [bug#48696] [PATCH 3/3] doc: Explain more reasons for commit revocation Ludovic Courtès 2021-05-27 19:13 ` Maxime Devos 2021-05-27 20:07 ` Christopher Baines 2021-05-29 9:58 ` Ludovic Courtès 2021-05-29 11:28 ` Christopher Baines 2021-05-29 20:36 ` Ludovic Courtès 2021-05-27 13:55 ` [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section Julien Lepiller 2021-05-29 9:30 ` Ludovic Courtès 2021-05-27 19:10 ` Maxime Devos 2021-05-27 14:16 ` [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation Leo Famulari 2021-05-30 12:49 ` Tobias Geerinckx-Rice via Guix-patches via
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/guix.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).