all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation
@ 2021-05-27 12:32 Ludovic Courtès
  2021-05-27 12:35 ` [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section Ludovic Courtès
                   ` (2 more replies)
  0 siblings, 3 replies; 28+ messages in thread
From: Ludovic Courtès @ 2021-05-27 12:32 UTC (permalink / raw)
  To: 48696; +Cc: Ludovic Courtès

Hello Guix!

Attached is an attempt to:

  1. Structure the “Commit Access” section of the manual;

  2. Document how to address committers’ mistakes, when to revert
     commits;

  3. Explain under what circumstances maintainers may revoke commit
     rights.

It essentially codifies unwritten rules, but as always, I think it’s
better to be explicit about the rules and community expectations.

Let me know what you think!  I propose to leave a comment period
of at least one week, possibly iterating with new versions.

Ludo’.

Ludovic Courtès (3):
  doc: Structure the "Commit Access" section.
  doc: Add "Addressing Mistakes" section.
  doc: Explain more reasons for commit revocation.

 doc/contributing.texi | 114 ++++++++++++++++++++++++++++++++++--------
 1 file changed, 93 insertions(+), 21 deletions(-)

-- 
2.31.1





^ permalink raw reply	[flat|nested] 28+ messages in thread

* [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section.
  2021-05-27 12:32 [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation Ludovic Courtès
@ 2021-05-27 12:35 ` Ludovic Courtès
  2021-05-27 12:35   ` [bug#48696] [PATCH 2/3] doc: Add "Addressing Mistakes" section Ludovic Courtès
                     ` (3 more replies)
  2021-05-27 14:16 ` [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation Leo Famulari
  2021-05-30 12:49 ` Tobias Geerinckx-Rice via Guix-patches via
  2 siblings, 4 replies; 28+ messages in thread
From: Ludovic Courtès @ 2021-05-27 12:35 UTC (permalink / raw)
  To: 48696; +Cc: Ludovic Courtès

* doc/contributing.texi (Commit Access): Add introduction and section
heading.  Separate OpenPGP setup from commit policy.
---
 doc/contributing.texi | 59 ++++++++++++++++++++++++++++---------------
 1 file changed, 38 insertions(+), 21 deletions(-)

diff --git a/doc/contributing.texi b/doc/contributing.texi
index cfcae22502..7dc912b4de 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -1258,8 +1258,19 @@ this nifty tool!
 @section Commit Access
 
 @cindex commit access, for developers
-For frequent contributors, having write access to the repository is
-convenient.  When you deem it necessary, consider applying for commit
+Everyone can contribute to Guix without having commit access
+(@pxref{Submitting Patches}).  However, for frequent contributors,
+having write access to the repository can be convenient.  Commit access
+should not be thought of as a ``badge of honor'' but rather as a
+responsibility a contributor is willing to take to help the project.
+
+The following sections explain how to get commit access, how to be ready
+to push commits, and the policies and community expectations for commits
+pushed upstream.
+
+@subsection Applying for Commit Access
+
+When you deem it necessary, consider applying for commit
 access by following these steps:
 
 @enumerate
@@ -1331,6 +1342,27 @@ review and merging system, which, as a consequence, may lead us to have
 fewer people with commit access to the main repository.  Stay tuned!
 @end quotation
 
+All commits that are pushed to the central repository on Savannah must
+be signed with an OpenPGP key, and the public key should be uploaded to
+your user account on Savannah and to public key servers, such as
+@code{keys.openpgp.org}.  To configure Git to automatically sign
+commits, run:
+
+@example
+git config commit.gpgsign true
+git config user.signingkey CABBA6EA1DC0FF33
+@end example
+
+You can prevent yourself from accidentally pushing unsigned commits to
+Savannah by using the pre-push Git hook called located at
+@file{etc/git/pre-push}:
+
+@example
+cp etc/git/pre-push .git/hooks/pre-push
+@end example
+
+@subsection Commit Policy
+
 If you get commit access, please make sure to follow
 the policy below (discussions of the policy can take place on
 @email{guix-devel@@gnu.org}).
@@ -1349,25 +1381,6 @@ mailing list for commit notifications (@email{guix-commits@@gnu.org}),
 so people can notice.  Before pushing your changes, make sure to run
 @code{git pull --rebase}.
 
-All commits that are pushed to the central repository on Savannah must
-be signed with an OpenPGP key, and the public key should be uploaded to
-your user account on Savannah and to public key servers, such as
-@code{keys.openpgp.org}.  To configure Git to automatically sign
-commits, run:
-
-@example
-git config commit.gpgsign true
-git config user.signingkey CABBA6EA1DC0FF33
-@end example
-
-You can prevent yourself from accidentally pushing unsigned commits to
-Savannah by using the pre-push Git hook called located at
-@file{etc/git/pre-push}:
-
-@example
-cp etc/git/pre-push .git/hooks/pre-push
-@end example
-
 When pushing a commit on behalf of somebody else, please add a
 @code{Signed-off-by} line at the end of the commit log message---e.g.,
 with @command{git am --signoff}.  This improves tracking of who did
@@ -1389,12 +1402,16 @@ you're confident, it's OK to commit.
 That last part is subject to being adjusted, allowing individuals to commit
 directly on non-controversial changes on parts they’re familiar with.
 
+@subsection Commit Revocation
+
 In order to reduce the possibility of mistakes, committers will have
 their Savannah account removed from the Guix Savannah project and their
 key removed from @file{.guix-authorizations} after 12 months of
 inactivity; they can ask to regain commit access by emailing the
 maintainers, without going through the vouching process.
 
+@subsection Helping Out
+
 One last thing: the project keeps moving forward because committers not
 only push their own awesome changes, but also offer some of their time
 @emph{reviewing} and pushing other people's changes.  As a committer,
-- 
2.31.1





^ permalink raw reply related	[flat|nested] 28+ messages in thread

* [bug#48696] [PATCH 2/3] doc: Add "Addressing Mistakes" section.
  2021-05-27 12:35 ` [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section Ludovic Courtès
@ 2021-05-27 12:35   ` Ludovic Courtès
  2021-05-27 19:19     ` Christopher Baines
  2021-05-27 12:35   ` [bug#48696] [PATCH 3/3] doc: Explain more reasons for commit revocation Ludovic Courtès
                     ` (2 subsequent siblings)
  3 siblings, 1 reply; 28+ messages in thread
From: Ludovic Courtès @ 2021-05-27 12:35 UTC (permalink / raw)
  To: 48696; +Cc: Ludovic Courtès

* doc/contributing.texi (Addressing Mistakes): New section.
---
 doc/contributing.texi | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/doc/contributing.texi b/doc/contributing.texi
index 7dc912b4de..8308551261 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -1402,6 +1402,40 @@ you're confident, it's OK to commit.
 That last part is subject to being adjusted, allowing individuals to commit
 directly on non-controversial changes on parts they’re familiar with.
 
+@subsection Addressing Mistakes
+
+We all make mistakes.  We expect peer review (@pxref{Submitting
+Patches}) and tools such as @command{guix lint} (@pxref{Invoking guix
+lint}) and the test suite (@pxref{Running the Test Suite}) to catch
+issues before they are pushed; yet, mistakes might go through---that
+happens to both newcomers and old-timers, and there is nothing to be
+ashamed of when it happens.  As a community, we expect committers to
+recognize and address mistakes as soon as possible.
+
+Some mistakes can directly affect all users---for instance because they
+make @command{guix pull} fail or break core functionality, because they
+break major packages (at build time or run time), or because they
+introduce known security vulnerabilities.
+
+@cindex reverting commits
+The person who pushed the faulty commit(s) should be at the forefront to
+address such an issue in a timely fashion: by pushing a followup commit
+to fix it (if possible), or by reverting it to leave time to come up
+with a proper fix, and by communicating with other developers about the
+problem.
+
+If the committer is unavailable to address the issue in time, other
+committers are entitled to revert the offending commit(s), explaining in
+the commit log and on the mailing list what the problem was, with the
+goal of leaving time to the original committer and author(s) to propose
+a way forward.
+
+The Guix project values friendly cooperation and a constant effort to
+focus on the way forward when issues arise.  Committers should lead by
+example, notably as a way to encourage contributors and contributors to
+be.  Blame as well as defensiveness do not have their place in Guix when
+addressing genuine mistakes.
+
 @subsection Commit Revocation
 
 In order to reduce the possibility of mistakes, committers will have
-- 
2.31.1





^ permalink raw reply related	[flat|nested] 28+ messages in thread

* [bug#48696] [PATCH 3/3] doc: Explain more reasons for commit revocation.
  2021-05-27 12:35 ` [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section Ludovic Courtès
  2021-05-27 12:35   ` [bug#48696] [PATCH 2/3] doc: Add "Addressing Mistakes" section Ludovic Courtès
@ 2021-05-27 12:35   ` Ludovic Courtès
  2021-05-27 19:13     ` Maxime Devos
  2021-05-27 20:07     ` Christopher Baines
  2021-05-27 13:55   ` [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section Julien Lepiller
  2021-05-27 19:10   ` Maxime Devos
  3 siblings, 2 replies; 28+ messages in thread
From: Ludovic Courtès @ 2021-05-27 12:35 UTC (permalink / raw)
  To: 48696; +Cc: Ludovic Courtès

* doc/contributing.texi (Commit Revocation): Expound.
---
 doc/contributing.texi | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/doc/contributing.texi b/doc/contributing.texi
index 8308551261..ec649c8e13 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -1444,6 +1444,27 @@ key removed from @file{.guix-authorizations} after 12 months of
 inactivity; they can ask to regain commit access by emailing the
 maintainers, without going through the vouching process.
 
+Maintainers@footnote{See @uref{https://guix.gnu.org/en/about} for the
+current list of maintainers.  You can email them privately at
+@email{guix-maintainers@@gnu.org}.} may also revoke an individual's
+commit rights, as a last resort, if cooperation with the rest of the
+community has caused too much friction---even within the bounds of the
+project's code of conduct (@pxref{Contributing}).  They would only do so
+after public or private discussion with the individual and a clear
+notice.  Examples of behavior that hinders cooperation and could lead to
+such a decision include:
+
+@itemize
+@item repeated violation of the commit policy stated above;
+@item repeated failure to take peer criticism into account;
+@item breaching trust through a series of grave incidents.
+@end itemize
+
+When maintainers resort to such a decision, they notify developers on
+@email{guix-devel@@gnu.org}; inquiries may be sent to
+@email{guix-maintainers@@gnu.org}.  Depending on the situation, the
+individual may still be welcome to contribute.
+
 @subsection Helping Out
 
 One last thing: the project keeps moving forward because committers not
-- 
2.31.1





^ permalink raw reply related	[flat|nested] 28+ messages in thread

* [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section.
  2021-05-27 12:35 ` [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section Ludovic Courtès
  2021-05-27 12:35   ` [bug#48696] [PATCH 2/3] doc: Add "Addressing Mistakes" section Ludovic Courtès
  2021-05-27 12:35   ` [bug#48696] [PATCH 3/3] doc: Explain more reasons for commit revocation Ludovic Courtès
@ 2021-05-27 13:55   ` Julien Lepiller
  2021-05-29  9:30     ` Ludovic Courtès
  2021-05-27 19:10   ` Maxime Devos
  3 siblings, 1 reply; 28+ messages in thread
From: Julien Lepiller @ 2021-05-27 13:55 UTC (permalink / raw)
  To: Ludovic Courtès, 48696



Le 27 mai 2021 08:35:52 GMT-04:00, "Ludovic Courtès" <ludo@gnu.org> a écrit :
>* doc/contributing.texi (Commit Access): Add introduction and section
>heading.  Separate OpenPGP setup from commit policy.
>---
> doc/contributing.texi | 59 ++++++++++++++++++++++++++++---------------
> 1 file changed, 38 insertions(+), 21 deletions(-)
>
>diff --git a/doc/contributing.texi b/doc/contributing.texi
>index cfcae22502..7dc912b4de 100644
>--- a/doc/contributing.texi
>+++ b/doc/contributing.texi
>@@ -1258,8 +1258,19 @@ this nifty tool!
> @section Commit Access
> 
> @cindex commit access, for developers
>-For frequent contributors, having write access to the repository is
>-convenient.  When you deem it necessary, consider applying for commit
>+Everyone can contribute to Guix without having commit access
>+(@pxref{Submitting Patches}).  However, for frequent contributors,
>+having write access to the repository can be convenient.  Commit
>access
>+should not be thought of as a ``badge of honor'' but rather as a
>+responsibility a contributor is willing to take to help the project.
>+
>+The following sections explain how to get commit access, how to be
>ready
>+to push commits, and the policies and community expectations for
>commits
>+pushed upstream.
>+
>+@subsection Applying for Commit Access
>+
>+When you deem it necessary, consider applying for commit
> access by following these steps:
> 
> @enumerate
>@@ -1331,6 +1342,27 @@ review and merging system, which, as a
>consequence, may lead us to have
> fewer people with commit access to the main repository.  Stay tuned!
> @end quotation
> 
>+All commits that are pushed to the central repository on Savannah must
>+be signed with an OpenPGP key, and the public key should be uploaded
>to
>+your user account on Savannah and to public key servers, such as
>+@code{keys.openpgp.org}.  To configure Git to automatically sign
>+commits, run:
>+
>+@example
>+git config commit.gpgsign true
>+git config user.signingkey CABBA6EA1DC0FF33
>+@end example
>+
>+You can prevent yourself from accidentally pushing unsigned commits to
>+Savannah by using the pre-push Git hook called located at
>+@file{etc/git/pre-push}:

This sentence sounds weird. Isn't "called" superfluous?

>+
>+@example
>+cp etc/git/pre-push .git/hooks/pre-push
>+@end example
>+
>+@subsection Commit Policy
>+
> If you get commit access, please make sure to follow
> the policy below (discussions of the policy can take place on
> @email{guix-devel@@gnu.org}).
>@@ -1349,25 +1381,6 @@ mailing list for commit notifications
>(@email{guix-commits@@gnu.org}),
> so people can notice.  Before pushing your changes, make sure to run
> @code{git pull --rebase}.
> 
>-All commits that are pushed to the central repository on Savannah must
>-be signed with an OpenPGP key, and the public key should be uploaded
>to
>-your user account on Savannah and to public key servers, such as
>-@code{keys.openpgp.org}.  To configure Git to automatically sign
>-commits, run:
>-
>-@example
>-git config commit.gpgsign true
>-git config user.signingkey CABBA6EA1DC0FF33
>-@end example
>-
>-You can prevent yourself from accidentally pushing unsigned commits to
>-Savannah by using the pre-push Git hook called located at
>-@file{etc/git/pre-push}:
>-
>-@example
>-cp etc/git/pre-push .git/hooks/pre-push
>-@end example
>-
> When pushing a commit on behalf of somebody else, please add a
> @code{Signed-off-by} line at the end of the commit log message---e.g.,
> with @command{git am --signoff}.  This improves tracking of who did
>@@ -1389,12 +1402,16 @@ you're confident, it's OK to commit.
>That last part is subject to being adjusted, allowing individuals to
>commit
> directly on non-controversial changes on parts they’re familiar with.
> 
>+@subsection Commit Revocation
>+
> In order to reduce the possibility of mistakes, committers will have
>their Savannah account removed from the Guix Savannah project and their
> key removed from @file{.guix-authorizations} after 12 months of
> inactivity; they can ask to regain commit access by emailing the
> maintainers, without going through the vouching process.
> 
>+@subsection Helping Out
>+
>One last thing: the project keeps moving forward because committers not
> only push their own awesome changes, but also offer some of their time
> @emph{reviewing} and pushing other people's changes.  As a committer,




^ permalink raw reply	[flat|nested] 28+ messages in thread

* [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation
  2021-05-27 12:32 [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation Ludovic Courtès
  2021-05-27 12:35 ` [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section Ludovic Courtès
@ 2021-05-27 14:16 ` Leo Famulari
  2021-05-30 12:49 ` Tobias Geerinckx-Rice via Guix-patches via
  2 siblings, 0 replies; 28+ messages in thread
From: Leo Famulari @ 2021-05-27 14:16 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 48696

On Thu, May 27, 2021 at 02:32:59PM +0200, Ludovic Courtès wrote:
> Hello Guix!
> 
> Attached is an attempt to:
> 
>   1. Structure the “Commit Access” section of the manual;
> 
>   2. Document how to address committers’ mistakes, when to revert
>      commits;
> 
>   3. Explain under what circumstances maintainers may revoke commit
>      rights.
> 
> It essentially codifies unwritten rules, but as always, I think it’s
> better to be explicit about the rules and community expectations.
> 
> Let me know what you think!  I propose to leave a comment period
> of at least one week, possibly iterating with new versions.

Thanks for putting this together. It looks good to me!




^ permalink raw reply	[flat|nested] 28+ messages in thread

* [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section.
  2021-05-27 12:35 ` [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section Ludovic Courtès
                     ` (2 preceding siblings ...)
  2021-05-27 13:55   ` [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section Julien Lepiller
@ 2021-05-27 19:10   ` Maxime Devos
  3 siblings, 0 replies; 28+ messages in thread
From: Maxime Devos @ 2021-05-27 19:10 UTC (permalink / raw)
  To: Ludovic Courtès, 48696

[-- Attachment #1: Type: text/plain, Size: 1039 bytes --]

Ludovic Courtès schreef op do 27-05-2021 om 14:35 [+0200]:
> +All commits that are pushed to the central repository on Savannah must
> +be signed with an OpenPGP key, and the public key should be uploaded to
> +your user account on Savannah and to public key servers, such as
> +@code{keys.openpgp.org}.  To configure Git to automatically sign
> +commits, run:
> +
> +@example
> +git config commit.gpgsign true
> +git config user.signingkey CABBA6EA1DC0FF33
> +@end example

Is that meant to represent ‘cabbage and coffee’ in l33t?
Maybe replace this with something like

+@example
> +git config commit.gpgsign true
> +# Substitute the fingerprint of your public PGP key
> +git config user.signingkey CABBA6EA1DC0FF33
> +@end example

Basic, I know, but people have to learn the basics from
somewhere, so maybe best be explicit here.

> + [... some newlines after @section{...} ]

These extra newlines could go directly into 'master' I guess.
The rest of [PATCH 1/3] seems ok to me?

Greetings,
Maxime.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]

^ permalink raw reply	[flat|nested] 28+ messages in thread

* [bug#48696] [PATCH 3/3] doc: Explain more reasons for commit revocation.
  2021-05-27 12:35   ` [bug#48696] [PATCH 3/3] doc: Explain more reasons for commit revocation Ludovic Courtès
@ 2021-05-27 19:13     ` Maxime Devos
  2021-05-27 20:07     ` Christopher Baines
  1 sibling, 0 replies; 28+ messages in thread
From: Maxime Devos @ 2021-05-27 19:13 UTC (permalink / raw)
  To: Ludovic Courtès, 48696

[-- Attachment #1: Type: text/plain, Size: 70 bytes --]

PATCH 2/3 and PATCH 3/3 also seem good to me.

Greetings,
Maxime.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]

^ permalink raw reply	[flat|nested] 28+ messages in thread

* [bug#48696] [PATCH 2/3] doc: Add "Addressing Mistakes" section.
  2021-05-27 12:35   ` [bug#48696] [PATCH 2/3] doc: Add "Addressing Mistakes" section Ludovic Courtès
@ 2021-05-27 19:19     ` Christopher Baines
  2021-05-29 10:22       ` Ludovic Courtès
  0 siblings, 1 reply; 28+ messages in thread
From: Christopher Baines @ 2021-05-27 19:19 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 48696

[-- Attachment #1: Type: text/plain, Size: 3790 bytes --]


Ludovic Courtès <ludo@gnu.org> writes:

> * doc/contributing.texi (Addressing Mistakes): New section.
> ---
>  doc/contributing.texi | 34 ++++++++++++++++++++++++++++++++++
>  1 file changed, 34 insertions(+)
>
> diff --git a/doc/contributing.texi b/doc/contributing.texi
> index 7dc912b4de..8308551261 100644
> --- a/doc/contributing.texi
> +++ b/doc/contributing.texi
> @@ -1402,6 +1402,40 @@ you're confident, it's OK to commit.
>  That last part is subject to being adjusted, allowing individuals to commit
>  directly on non-controversial changes on parts they’re familiar with.
>  
> +@subsection Addressing Mistakes
> +
> +We all make mistakes.  We expect peer review (@pxref{Submitting
> +Patches}) and tools such as @command{guix lint} (@pxref{Invoking guix
> +lint}) and the test suite (@pxref{Running the Test Suite}) to catch
> +issues before they are pushed; yet, mistakes might go through---that
> +happens to both newcomers and old-timers, and there is nothing to be
> +ashamed of when it happens.  As a community, we expect committers to
> +recognize and address mistakes as soon as possible.
> +
> +Some mistakes can directly affect all users---for instance because they
> +make @command{guix pull} fail or break core functionality, because they
> +break major packages (at build time or run time), or because they
> +introduce known security vulnerabilities.
> +
> +@cindex reverting commits
> +The person who pushed the faulty commit(s) should be at the forefront to
> +address such an issue in a timely fashion: by pushing a followup commit
> +to fix it (if possible), or by reverting it to leave time to come up
> +with a proper fix, and by communicating with other developers about the
> +problem.
> +
> +If the committer is unavailable to address the issue in time, other
> +committers are entitled to revert the offending commit(s), explaining in
> +the commit log and on the mailing list what the problem was, with the
> +goal of leaving time to the original committer and author(s) to propose
> +a way forward.
> +
> +The Guix project values friendly cooperation and a constant effort to
> +focus on the way forward when issues arise.  Committers should lead by
> +example, notably as a way to encourage contributors and contributors to
> +be.  Blame as well as defensiveness do not have their place in Guix when
> +addressing genuine mistakes.

I too would like to see less blame, but one factor is how things are
framed and the language used.

On the language here, "mistake" is a word I would generally avoid if the
aim is avoid blaming someone, since mistakes are made by a person or set
of people. I'd prefer a term like "problem", since I don't perceieve
that as directly linked to a person or set of people.

On the bit about the "person who pushed the faulty commits" (so, person
to blame...) I'd much prefer an emphisis on group responsibility to
mitigate the impact of problems quickly, and understand the factors that
led to that problems in the first place. That avoids assigning blame,
rather than the process pushing responsibility to the person to blame
("person who pushed the faulty commit(s)").

On this same thread, I'd like to see less blaming in the form of asking
people to "explain". When there's a problem, and you ask someone to
explain, I would interpret that as "I'm blaming you for this, please
give your account of how the mistake was made", to which the person can
either answer explaining the details as to why they are to blame, or can
disagree with the implicit assertion that they are to blame. To avoid
assigning blame, one can just ask someone to "describe" what happened,
which I wouldn't interpret as being loaded with the same implicit
assertion.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 987 bytes --]

^ permalink raw reply	[flat|nested] 28+ messages in thread

* [bug#48696] [PATCH 3/3] doc: Explain more reasons for commit revocation.
  2021-05-27 12:35   ` [bug#48696] [PATCH 3/3] doc: Explain more reasons for commit revocation Ludovic Courtès
  2021-05-27 19:13     ` Maxime Devos
@ 2021-05-27 20:07     ` Christopher Baines
  2021-05-29  9:58       ` Ludovic Courtès
  1 sibling, 1 reply; 28+ messages in thread
From: Christopher Baines @ 2021-05-27 20:07 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 48696

[-- Attachment #1: Type: text/plain, Size: 3447 bytes --]


Ludovic Courtès <ludo@gnu.org> writes:

> * doc/contributing.texi (Commit Revocation): Expound.
> ---
>  doc/contributing.texi | 21 +++++++++++++++++++++
>  1 file changed, 21 insertions(+)
>
> diff --git a/doc/contributing.texi b/doc/contributing.texi
> index 8308551261..ec649c8e13 100644
> --- a/doc/contributing.texi
> +++ b/doc/contributing.texi
> @@ -1444,6 +1444,27 @@ key removed from @file{.guix-authorizations} after 12 months of
>  inactivity; they can ask to regain commit access by emailing the
>  maintainers, without going through the vouching process.
>
> +Maintainers@footnote{See @uref{https://guix.gnu.org/en/about} for the
> +current list of maintainers.  You can email them privately at
> +@email{guix-maintainers@@gnu.org}.} may also revoke an individual's
> +commit rights, as a last resort, if cooperation with the rest of the
> +community has caused too much friction---even within the bounds of the
> +project's code of conduct (@pxref{Contributing}).  They would only do so
> +after public or private discussion with the individual and a clear
> +notice.  Examples of behavior that hinders cooperation and could lead to
> +such a decision include:
> +
> +@itemize
> +@item repeated violation of the commit policy stated above;
> +@item repeated failure to take peer criticism into account;
> +@item breaching trust through a series of grave incidents.
> +@end itemize
> +
> +When maintainers resort to such a decision, they notify developers on
> +@email{guix-devel@@gnu.org}; inquiries may be sent to
> +@email{guix-maintainers@@gnu.org}.  Depending on the situation, the
> +individual may still be welcome to contribute.
> +
>  @subsection Helping Out
>
>  One last thing: the project keeps moving forward because committers not

Since the project code of conduct sets out behavioural standards,
including mandating "Gracefully accepting constructive criticism" and
"Showing empathy towards other community members", I think that combined
with "following the relevant processes" already covers what you're
setting out here?

I was shocked by [1], which from memory is the first time a technical
measure has been used to push a contributor away from the project (at
least that's my interpretation of the effect/intent). I think the future
use of revoking individuals commit access would be good to discuss.

1: https://lists.gnu.org/archive/html/guix-devel/2021-04/msg00489.html

In abstract, in my opinion, I can only think of three scenarios for
removing someones commit access when they're actively using it:

- Clear violation of the code of conduct

    I don't think it's helpful to set out stuff about conduct in other
    places, particularly bits about unacceptable conduct. If the code of
    conduct is wrong or not sufficient, it should be revised.

- Suspected malicious intent

    Like they didn't just introduce some reference to some dodgy release
    tarball for a package, but it seems like this could have been done
    intentionally.

- Process problem for giving out commit access

    There's a process and people involved, so it's fair to say that
    problems can occur. Obviously it's not ideal, but if the process
    wasn't followed correctly, or if it's been updated and in hindsight
    different decisions would have been made, I think that's reason
    enough to apologise, and remove someones commit access.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 987 bytes --]

^ permalink raw reply	[flat|nested] 28+ messages in thread

* [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section.
  2021-05-27 13:55   ` [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section Julien Lepiller
@ 2021-05-29  9:30     ` Ludovic Courtès
  0 siblings, 0 replies; 28+ messages in thread
From: Ludovic Courtès @ 2021-05-29  9:30 UTC (permalink / raw)
  To: Julien Lepiller, Maxime Devos; +Cc: 48696

Hi Julien & Maxime,

Julien Lepiller <julien@lepiller.eu> skribis:

>>+@example
>>+git config commit.gpgsign true
>>+git config user.signingkey CABBA6EA1DC0FF33
>>+@end example
>>+
>>+You can prevent yourself from accidentally pushing unsigned commits to
>>+Savannah by using the pre-push Git hook called located at
>>+@file{etc/git/pre-push}:
>
> This sentence sounds weird. Isn't "called" superfluous?

[...]

>> +@example
>> +git config commit.gpgsign true
>> +git config user.signingkey CABBA6EA1DC0FF33
>> +@end example
>
> Is that meant to represent ‘cabbage and coffee’ in l33t?
> Maybe replace this with something like
>
> +@example
>> +git config commit.gpgsign true
>> +# Substitute the fingerprint of your public PGP key
>> +git config user.signingkey CABBA6EA1DC0FF33
>> +@end example
>
> Basic, I know, but people have to learn the basics from
> somewhere, so maybe best be explicit here.

Yes, that makes sense to me.

Note that this text is not new, the patch merely shuffles it around.
But I agree, I’ll address the two issues above once we’ve agreed on the
rest.

>> + [... some newlines after @section{...} ]
>
> These extra newlines could go directly into 'master' I guess.
> The rest of [PATCH 1/3] seems ok to me?

I don’t know.  :-)

Patch #1 just moves text around and adds sectioning.

BTW, the whole patch series targets ‘master’ (there’s no point in
documenting our procedures in a branch other than ‘master’).

Thanks,
Ludo’.




^ permalink raw reply	[flat|nested] 28+ messages in thread

* [bug#48696] [PATCH 3/3] doc: Explain more reasons for commit revocation.
  2021-05-27 20:07     ` Christopher Baines
@ 2021-05-29  9:58       ` Ludovic Courtès
  2021-05-29 11:28         ` Christopher Baines
  0 siblings, 1 reply; 28+ messages in thread
From: Ludovic Courtès @ 2021-05-29  9:58 UTC (permalink / raw)
  To: Christopher Baines; +Cc: 48696

Christopher Baines <mail@cbaines.net> skribis:

> Ludovic Courtès <ludo@gnu.org> writes:

[...]

>> +Maintainers@footnote{See @uref{https://guix.gnu.org/en/about} for the
>> +current list of maintainers.  You can email them privately at
>> +@email{guix-maintainers@@gnu.org}.} may also revoke an individual's
>> +commit rights, as a last resort, if cooperation with the rest of the
>> +community has caused too much friction---even within the bounds of the
>> +project's code of conduct (@pxref{Contributing}).  They would only do so
>> +after public or private discussion with the individual and a clear
>> +notice.  Examples of behavior that hinders cooperation and could lead to
>> +such a decision include:
>> +
>> +@itemize
>> +@item repeated violation of the commit policy stated above;
>> +@item repeated failure to take peer criticism into account;
>> +@item breaching trust through a series of grave incidents.
>> +@end itemize

[...]

> Since the project code of conduct sets out behavioural standards,
> including mandating "Gracefully accepting constructive criticism" and
> "Showing empathy towards other community members", I think that combined
> with "following the relevant processes" already covers what you're
> setting out here?

Note that the code of conduct does not “mandate” gracefully accepting
constructive criticism; it merely gives it as an example of expected
behavior.

> I was shocked by [1], which from memory is the first time a technical
> measure has been used to push a contributor away from the project (at
> least that's my interpretation of the effect/intent). I think the future
> use of revoking individuals commit access would be good to discuss.
>
> 1: https://lists.gnu.org/archive/html/guix-devel/2021-04/msg00489.html

Yes, it was the first time; it was a tough decision for us
co-maintainers because it was a last resort we were not prepared for.
Part of the reason for this patch is to document this possibility so we
all know what to expect.

> In abstract, in my opinion, I can only think of three scenarios for
> removing someones commit access when they're actively using it:
>
> - Clear violation of the code of conduct

Yes, that’s already covered by the code of conduct.

The section above is explicitly about cases where the individual did not
violate the code of conduct (hence “even within the bounds of the
project's code of conduct” in the text above), but instead broke
community expectations.

> - Suspected malicious intent

Put this way, the question becomes who is suspecting that.  Instead I
wrote “breaching trust” in the bullet list above; the intent is to
describe a situation where the individual and other committers no longer
trust each other, there’s no judgment involved.

> - Process problem for giving out commit access

The process for giving commit access is already documented (info "(guix)
Commit Access"); my intent here was not to change it.

Thanks,
Ludo’.




^ permalink raw reply	[flat|nested] 28+ messages in thread

* [bug#48696] [PATCH 2/3] doc: Add "Addressing Mistakes" section.
  2021-05-27 19:19     ` Christopher Baines
@ 2021-05-29 10:22       ` Ludovic Courtès
  2021-05-30 10:29         ` Christopher Baines
  0 siblings, 1 reply; 28+ messages in thread
From: Ludovic Courtès @ 2021-05-29 10:22 UTC (permalink / raw)
  To: Christopher Baines; +Cc: 48696

Hi Chris,

Christopher Baines <mail@cbaines.net> skribis:

> Ludovic Courtès <ludo@gnu.org> writes:

[...]

>> +The Guix project values friendly cooperation and a constant effort to
>> +focus on the way forward when issues arise.  Committers should lead by
>> +example, notably as a way to encourage contributors and contributors to
>> +be.  Blame as well as defensiveness do not have their place in Guix when
>> +addressing genuine mistakes.
>
> I too would like to see less blame, but one factor is how things are
> framed and the language used.

Point taken!

> On the language here, "mistake" is a word I would generally avoid if the
> aim is avoid blaming someone, since mistakes are made by a person or set
> of people. I'd prefer a term like "problem", since I don't perceieve
> that as directly linked to a person or set of people.
>
> On the bit about the "person who pushed the faulty commits" (so, person
> to blame...) I'd much prefer an emphisis on group responsibility to
> mitigate the impact of problems quickly, and understand the factors that
> led to that problems in the first place. That avoids assigning blame,
> rather than the process pushing responsibility to the person to blame
> ("person who pushed the faulty commit(s)").

I get what you say and very much like the idea of focusing on group
responsibility.

There’s blame, and there’s accountability.  I see group responsibility
in setting up processes and carrying out proper peer review to avoid
problems.  I see accountability when it comes to commits actually
pushed—in the end, it’s one person running ‘git push’.  In my view,
“mistake” can be a way to name a “problem” that someone created and is
accountable for (Jelle wrote a nice message on this topic a while back).
This is getting a bit philosophical though, and I’m not sure my
understanding of English is good enough to go any further.  :-)

I think you have a point though.  Could you propose different wording
for this section?

(My goal for this section was to (1) spell out circumstances that may
lead to reverts, (2) explain the implications of committer
accountability, and (3) define our community standards in terms of
focusing on addressing issues and not on blaming individuals.)

> On this same thread, I'd like to see less blaming in the form of asking
> people to "explain". When there's a problem, and you ask someone to
> explain, I would interpret that as "I'm blaming you for this, please
> give your account of how the mistake was made", to which the person can
> either answer explaining the details as to why they are to blame, or can
> disagree with the implicit assertion that they are to blame. To avoid
> assigning blame, one can just ask someone to "describe" what happened,
> which I wouldn't interpret as being loaded with the same implicit
> assertion.

I agree with what you write in general, though my understanding is that
you’re not referring to the text in this patch, right?

Thanks for your feedback,
Ludo’.




^ permalink raw reply	[flat|nested] 28+ messages in thread

* [bug#48696] [PATCH 3/3] doc: Explain more reasons for commit revocation.
  2021-05-29  9:58       ` Ludovic Courtès
@ 2021-05-29 11:28         ` Christopher Baines
  2021-05-29 20:36           ` Ludovic Courtès
  0 siblings, 1 reply; 28+ messages in thread
From: Christopher Baines @ 2021-05-29 11:28 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 48696

[-- Attachment #1: Type: text/plain, Size: 3623 bytes --]


Ludovic Courtès <ludo@gnu.org> writes:

> Christopher Baines <mail@cbaines.net> skribis:
>
>> Ludovic Courtès <ludo@gnu.org> writes:
>
> [...]
>
>>> +Maintainers@footnote{See @uref{https://guix.gnu.org/en/about} for the
>>> +current list of maintainers.  You can email them privately at
>>> +@email{guix-maintainers@@gnu.org}.} may also revoke an individual's
>>> +commit rights, as a last resort, if cooperation with the rest of the
>>> +community has caused too much friction---even within the bounds of the
>>> +project's code of conduct (@pxref{Contributing}).  They would only do so
>>> +after public or private discussion with the individual and a clear
>>> +notice.  Examples of behavior that hinders cooperation and could lead to
>>> +such a decision include:
>>> +
>>> +@itemize
>>> +@item repeated violation of the commit policy stated above;
>>> +@item repeated failure to take peer criticism into account;
>>> +@item breaching trust through a series of grave incidents.
>>> +@end itemize
>
> [...]
>
>> Since the project code of conduct sets out behavioural standards,
>> including mandating "Gracefully accepting constructive criticism" and
>> "Showing empathy towards other community members", I think that combined
>> with "following the relevant processes" already covers what you're
>> setting out here?
>
> Note that the code of conduct does not “mandate” gracefully accepting
> constructive criticism; it merely gives it as an example of expected
> behavior.

Yeah, maybe you're right. While there's a pledge regarding harassment,
and the example behaviours are given in a section titled "Standards",
the example behaviours are called that, examples.

>> In abstract, in my opinion, I can only think of three scenarios for
>> removing someones commit access when they're actively using it:
>>
>> - Clear violation of the code of conduct
>
> Yes, that’s already covered by the code of conduct.
>
> The section above is explicitly about cases where the individual did not
> violate the code of conduct (hence “even within the bounds of the
> project's code of conduct” in the text above), but instead broke
> community expectations.

I'd like to say that the code of conduct should encapsulate community
expectations, but it does seem just to set out a strong position on
harassment, and I would like to think that the community expectations
are more than just making sure people feel that they're not being
harassed.

Is your intent here for "community expectations" to be/remain abstract,
or for them to be explicitly set out somewhere?

>> - Suspected malicious intent
>
> Put this way, the question becomes who is suspecting that.  Instead I
> wrote “breaching trust” in the bullet list above; the intent is to
> describe a situation where the individual and other committers no longer
> trust each other, there’s no judgment involved.

I think the "who" here would be the people looking at removing someones
commit access.

I like this framing because it's more specific than "breaching trust
through a series of grave incidents". Do you have other things in mind
that this third point as you put it would cover?

>> - Process problem for giving out commit access
>
> The process for giving commit access is already documented (info "(guix)
> Commit Access"); my intent here was not to change it.

My point here is just that I think it's reasonable to remove someones
commit access if it was effectively given out in error (because the
process wasn't followed properly, or has been since revised).

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 987 bytes --]

^ permalink raw reply	[flat|nested] 28+ messages in thread

* [bug#48696] [PATCH 3/3] doc: Explain more reasons for commit revocation.
  2021-05-29 11:28         ` Christopher Baines
@ 2021-05-29 20:36           ` Ludovic Courtès
  0 siblings, 0 replies; 28+ messages in thread
From: Ludovic Courtès @ 2021-05-29 20:36 UTC (permalink / raw)
  To: Christopher Baines; +Cc: 48696

Hello!

Christopher Baines <mail@cbaines.net> skribis:

> Ludovic Courtès <ludo@gnu.org> writes:

[...]

>> The section above is explicitly about cases where the individual did not
>> violate the code of conduct (hence “even within the bounds of the
>> project's code of conduct” in the text above), but instead broke
>> community expectations.
>
> I'd like to say that the code of conduct should encapsulate community
> expectations, but it does seem just to set out a strong position on
> harassment, and I would like to think that the community expectations
> are more than just making sure people feel that they're not being
> harassed.

Yes, that’s what the code of conduct is about, mostly.  It does not say
how a development community should cooperate, how it can maximize
benefits for everyone involved.  I found this article by a Rust
developer inspiring:
<https://aturon.github.io/tech/2018/06/02/listening-part-2/>.

> Is your intent here for "community expectations" to be/remain abstract,
> or for them to be explicitly set out somewhere?

My intent with this patch is to spell out expectations for committers,
with a concrete implementation.  It’s one particular aspect of
“community expectations”, but one that I think ought to be written down,
because committers (and maintainers) have a higher responsibility.

>>> - Suspected malicious intent
>>
>> Put this way, the question becomes who is suspecting that.  Instead I
>> wrote “breaching trust” in the bullet list above; the intent is to
>> describe a situation where the individual and other committers no longer
>> trust each other, there’s no judgment involved.
>
> I think the "who" here would be the people looking at removing someones
> commit access.

Removing someone’s commit access can never be a goal.  However,
maintainers, like everyone else, can witness a breach of trust at some
point.

> I like this framing because it's more specific than "breaching trust
> through a series of grave incidents". Do you have other things in mind
> that this third point as you put it would cover?

If repeated incidents happen, some may presume malice, while others may
still see “mere mistakes”—we have different thresholds.  Breach of trust
concerns the group as a whole: once there’s mutual suspicion among some
in the group, we can say that cooperation “doesn’t work” anymore, that
there’s too much friction.

>>> - Process problem for giving out commit access
>>
>> The process for giving commit access is already documented (info "(guix)
>> Commit Access"); my intent here was not to change it.
>
> My point here is just that I think it's reasonable to remove someones
> commit access if it was effectively given out in error (because the
> process wasn't followed properly, or has been since revised).

Oh, got it.  To me it’s implicit that commit access can only be obtained
by following the documented process (that’s indeed be the case since
it’s in place); do you think we should be more explicit?

Thanks,
Ludo’.




^ permalink raw reply	[flat|nested] 28+ messages in thread

* [bug#48696] [PATCH 2/3] doc: Add "Addressing Mistakes" section.
  2021-05-29 10:22       ` Ludovic Courtès
@ 2021-05-30 10:29         ` Christopher Baines
  2021-06-02  9:22           ` [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation Ludovic Courtès
  0 siblings, 1 reply; 28+ messages in thread
From: Christopher Baines @ 2021-05-30 10:29 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 48696

[-- Attachment #1: Type: text/plain, Size: 5758 bytes --]


Ludovic Courtès <ludo@gnu.org> writes:

> Hi Chris,
>
> Christopher Baines <mail@cbaines.net> skribis:
>
>> Ludovic Courtès <ludo@gnu.org> writes:
>
> [...]
>
>>> +The Guix project values friendly cooperation and a constant effort to
>>> +focus on the way forward when issues arise.  Committers should lead by
>>> +example, notably as a way to encourage contributors and contributors to
>>> +be.  Blame as well as defensiveness do not have their place in Guix when
>>> +addressing genuine mistakes.
>>
>> I too would like to see less blame, but one factor is how things are
>> framed and the language used.
>
> Point taken!
>
>> On the language here, "mistake" is a word I would generally avoid if the
>> aim is avoid blaming someone, since mistakes are made by a person or set
>> of people. I'd prefer a term like "problem", since I don't perceieve
>> that as directly linked to a person or set of people.
>>
>> On the bit about the "person who pushed the faulty commits" (so, person
>> to blame...) I'd much prefer an emphisis on group responsibility to
>> mitigate the impact of problems quickly, and understand the factors that
>> led to that problems in the first place. That avoids assigning blame,
>> rather than the process pushing responsibility to the person to blame
>> ("person who pushed the faulty commit(s)").
>
> I get what you say and very much like the idea of focusing on group
> responsibility.
>
> There’s blame, and there’s accountability.  I see group responsibility
> in setting up processes and carrying out proper peer review to avoid
> problems.  I see accountability when it comes to commits actually
> pushed—in the end, it’s one person running ‘git push’.  In my view,
> “mistake” can be a way to name a “problem” that someone created and is
> accountable for (Jelle wrote a nice message on this topic a while back).
> This is getting a bit philosophical though, and I’m not sure my
> understanding of English is good enough to go any further.  :-)

I guess part of what I'm getting at here is using language and the
perspective to try and delay that inference about individual
accountability, until the discussion around a problem has reached a
clear conclusion about what happened.

In doing so, opportunity is left open to actually consider the full
situation, rather than immediately narrowing it down to what a
particular individual or group did or didn't do.

> I think you have a point though.  Could you propose different wording
> for this section?
>
> (My goal for this section was to (1) spell out circumstances that may
> lead to reverts, (2) explain the implications of committer
> accountability, and (3) define our community standards in terms of
> focusing on addressing issues and not on blaming individuals.)

What I would like to see is more like this:

  Problems happen, while minimising there occurrence is important, it's
  also important to respond to problems in a useful way. There are two
  priorities, mitigating the impact and understanding what happened in
  order to reduce the chance of similar incidents in the future. The
  responsibility for both these things primarily lies with those
  involved, but like everything this is a group effort.

  When working to mitigate the impact of a problem, obviously the
  response is very much dependent on the situation. If it's possible to
  fix things that are broken, that's preferable. If that's infeasible,
  then promptly reverting changes to return to a working state is
  justified (as with any commit, note why the change is being made in
  the commit message).

  Once the problem has been dealt with to some extent, then it's the
  responsibility of those involved to make sure the situation is
  understood. If you are working to understand what happened, focus on
  gathering information and avoid assigning any blame. Do ask those
  involved to describe what has happened, don't ask them to explain the
  situation, even if you think they have something to explain, as this
  implicitly blames them, which is unhelpful. Accountability comes from
  a consensus about the problem, learning from it and improving
  processes so that it's less likely to reoccur.

I'm not sure how much needs saying about reverts, but I did include
something.

For committer accountability, that's where I'm talking about the
"responsibilities of those involved". I guess that's a little vague, but
what I'm trying to do there is trying to capture the group of relevant
people, for example, the person who proposed the breaking change, the
committer who pushed it, and the other person that reverted it.

In terms of trying to focus on addressing issues and not blaming
individuals, I think just avoiding language that implicitly blames
people would be a big step forward. Whether that's enough, I'm unsure.

>> On this same thread, I'd like to see less blaming in the form of asking
>> people to "explain". When there's a problem, and you ask someone to
>> explain, I would interpret that as "I'm blaming you for this, please
>> give your account of how the mistake was made", to which the person can
>> either answer explaining the details as to why they are to blame, or can
>> disagree with the implicit assertion that they are to blame. To avoid
>> assigning blame, one can just ask someone to "describe" what happened,
>> which I wouldn't interpret as being loaded with the same implicit
>> assertion.
>
> I agree with what you write in general, though my understanding is that
> you’re not referring to the text in this patch, right?

Yeah, although I think something to this effect might be worth
including.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 987 bytes --]

^ permalink raw reply	[flat|nested] 28+ messages in thread

* [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation
  2021-05-27 12:32 [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation Ludovic Courtès
  2021-05-27 12:35 ` [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section Ludovic Courtès
  2021-05-27 14:16 ` [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation Leo Famulari
@ 2021-05-30 12:49 ` Tobias Geerinckx-Rice via Guix-patches via
  2 siblings, 0 replies; 28+ messages in thread
From: Tobias Geerinckx-Rice via Guix-patches via @ 2021-05-30 12:49 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 48696

[-- Attachment #1: Type: text/plain, Size: 378 bytes --]

Ludovic Courtès 写道:
> It essentially codifies unwritten rules, but as always, I think 
> it’s
> better to be explicit about the rules and community 
> expectations.

Looks good to me modulo obvious typos like the ‘called’ pointed 
out by Julien.

I *don't* think the text assigns too much potential blame. 
Responsibility, yes.

Thanks Ludo'!

T G-R

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 247 bytes --]

^ permalink raw reply	[flat|nested] 28+ messages in thread

* [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation
  2021-05-30 10:29         ` Christopher Baines
@ 2021-06-02  9:22           ` Ludovic Courtès
  2021-06-08 14:02             ` Christopher Baines
  0 siblings, 1 reply; 28+ messages in thread
From: Ludovic Courtès @ 2021-06-02  9:22 UTC (permalink / raw)
  To: Christopher Baines; +Cc: 48696

Hi Chris,

Christopher Baines <mail@cbaines.net> skribis:

> Ludovic Courtès <ludo@gnu.org> writes:

[...]

>> I think you have a point though.  Could you propose different wording
>> for this section?
>>
>> (My goal for this section was to (1) spell out circumstances that may
>> lead to reverts, (2) explain the implications of committer
>> accountability, and (3) define our community standards in terms of
>> focusing on addressing issues and not on blaming individuals.)
>
> What I would like to see is more like this:
>
>   Problems happen, while minimising there occurrence is important, it's
>   also important to respond to problems in a useful way. There are two
>   priorities, mitigating the impact and understanding what happened in
>   order to reduce the chance of similar incidents in the future. The
>   responsibility for both these things primarily lies with those
>   involved, but like everything this is a group effort.
>
>   When working to mitigate the impact of a problem, obviously the
>   response is very much dependent on the situation. If it's possible to
>   fix things that are broken, that's preferable. If that's infeasible,
>   then promptly reverting changes to return to a working state is
>   justified (as with any commit, note why the change is being made in
>   the commit message).
>
>   Once the problem has been dealt with to some extent, then it's the
>   responsibility of those involved to make sure the situation is
>   understood. If you are working to understand what happened, focus on
>   gathering information and avoid assigning any blame. Do ask those
>   involved to describe what has happened, don't ask them to explain the
>   situation, even if you think they have something to explain, as this
>   implicitly blames them, which is unhelpful. Accountability comes from
>   a consensus about the problem, learning from it and improving
>   processes so that it's less likely to reoccur.
>
> I'm not sure how much needs saying about reverts, but I did include
> something.
>
> For committer accountability, that's where I'm talking about the
> "responsibilities of those involved". I guess that's a little vague, but
> what I'm trying to do there is trying to capture the group of relevant
> people, for example, the person who proposed the breaking change, the
> committer who pushed it, and the other person that reverted it.
>
> In terms of trying to focus on addressing issues and not blaming
> individuals, I think just avoiding language that implicitly blames
> people would be a big step forward. Whether that's enough, I'm unsure.

OK.

I like what you wrote; I think it addresses #3 and a bit of #2 above,
but I find a bit too abstract, not sufficiently hands-on (when can
commits be reverted? what’s the timeframe? who’s involved?), and lacking
examples.  “Problems happen” sounds unspecific to me (it reminds me of
Forest Gump :-)) and I’m uncomfortable with the passive voice that tends
to erase individuals.

  @subsection Addressing Issues
  
  Peer review (@pxref{Submitting Patches}) and tools such as
  @command{guix lint} (@pxref{Invoking guix lint}) and the test suite
  (@pxref{Running the Test Suite}) should catch issues before they are
  pushed.  Yet, commits that ``break'' functionality might occasionally
  go through.  When that happens, there are two priorities: mitigating
  the impact, and understanding what happened to reduce the chance of
  similar incidents in the future.  The responsibility for both these
  things primarily lies with those involved, but like everything this is
  a group effort.
  
  Some issues can directly affect all users---for instance because they
  make @command{guix pull} fail or break core functionality, because they
  break major packages (at build time or run time), or because they
  introduce known security vulnerabilities.
  
  @cindex reverting commits
  The people involved in authoring, reviewing, and pushing such
  commit(s) should be at the forefront to mitigate their impact in a
  timely fashion: by pushing a followup commit to fix it (if possible),
  or by reverting it to leave time to come up with a proper fix, and by
  communicating with other developers about the problem.
  
  If these persons are unavailable to address the issue in time, other
  committers are entitled to revert the commit(s), explaining in the
  commit log and on the mailing list what the problem was, with the goal
  of leaving time to the original committer, reviewer(s), and author(s)
  to propose a way forward.
  
  Once the problem has been dealt with, it is the responsibility of
  those involved to make sure the situation is understood.  If you are
  working to understand what happened, focus on gathering information
  and avoid assigning any blame.  Do ask those involved to describe what
  happened, do not ask them to explain the situation---this would
  implicitly blame them, which is unhelpful.  Accountability comes from
  a consensus about the problem, learning from it and improving
  processes so that it's less likely to reoccur.

There’s still “the people involved”, “these persons”, and “such commits”
(I removed “faulty”), because I couldn’t think of a way of avoiding
these without making the text too abstract or dismissing the idea
entirely (the idea that if I push a breaking change, others can expect
me to be spend time “mitigating the effort”).

Also, I think it’s useful to distinguish between “I revert my commit”
and “someone reverts my commit” due to their different social and
emotional implications (our goal is precisely to suggest that these
implications are out of place in this group effort that Guix is, but we
can’t deny that they preexist).

WDYT?

Thanks for taking the time to work on it!

Ludo’.




^ permalink raw reply	[flat|nested] 28+ messages in thread

* [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation
  2021-06-02  9:22           ` [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation Ludovic Courtès
@ 2021-06-08 14:02             ` Christopher Baines
  2021-06-11 14:05               ` Ludovic Courtès
  0 siblings, 1 reply; 28+ messages in thread
From: Christopher Baines @ 2021-06-08 14:02 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 48696

[-- Attachment #1: Type: text/plain, Size: 6374 bytes --]


Ludovic Courtès <ludo@gnu.org> writes:

> Hi Chris,
>
> Christopher Baines <mail@cbaines.net> skribis:
>
>> Ludovic Courtès <ludo@gnu.org> writes:
>
> [...]
>
>>> I think you have a point though.  Could you propose different wording
>>> for this section?
>>>
>>> (My goal for this section was to (1) spell out circumstances that may
>>> lead to reverts, (2) explain the implications of committer
>>> accountability, and (3) define our community standards in terms of
>>> focusing on addressing issues and not on blaming individuals.)
>>
>> What I would like to see is more like this:
>>
>>   Problems happen, while minimising there occurrence is important, it's
>>   also important to respond to problems in a useful way. There are two
>>   priorities, mitigating the impact and understanding what happened in
>>   order to reduce the chance of similar incidents in the future. The
>>   responsibility for both these things primarily lies with those
>>   involved, but like everything this is a group effort.
>>
>>   When working to mitigate the impact of a problem, obviously the
>>   response is very much dependent on the situation. If it's possible to
>>   fix things that are broken, that's preferable. If that's infeasible,
>>   then promptly reverting changes to return to a working state is
>>   justified (as with any commit, note why the change is being made in
>>   the commit message).
>>
>>   Once the problem has been dealt with to some extent, then it's the
>>   responsibility of those involved to make sure the situation is
>>   understood. If you are working to understand what happened, focus on
>>   gathering information and avoid assigning any blame. Do ask those
>>   involved to describe what has happened, don't ask them to explain the
>>   situation, even if you think they have something to explain, as this
>>   implicitly blames them, which is unhelpful. Accountability comes from
>>   a consensus about the problem, learning from it and improving
>>   processes so that it's less likely to reoccur.
>>
>> I'm not sure how much needs saying about reverts, but I did include
>> something.
>>
>> For committer accountability, that's where I'm talking about the
>> "responsibilities of those involved". I guess that's a little vague, but
>> what I'm trying to do there is trying to capture the group of relevant
>> people, for example, the person who proposed the breaking change, the
>> committer who pushed it, and the other person that reverted it.
>>
>> In terms of trying to focus on addressing issues and not blaming
>> individuals, I think just avoiding language that implicitly blames
>> people would be a big step forward. Whether that's enough, I'm unsure.
>
> OK.
>
> I like what you wrote; I think it addresses #3 and a bit of #2 above,
> but I find a bit too abstract, not sufficiently hands-on (when can
> commits be reverted? what’s the timeframe? who’s involved?), and lacking
> examples.  “Problems happen” sounds unspecific to me (it reminds me of
> Forest Gump :-)) and I’m uncomfortable with the passive voice that tends
> to erase individuals.
>
>   @subsection Addressing Issues
>
>   Peer review (@pxref{Submitting Patches}) and tools such as
>   @command{guix lint} (@pxref{Invoking guix lint}) and the test suite
>   (@pxref{Running the Test Suite}) should catch issues before they are
>   pushed.  Yet, commits that ``break'' functionality might occasionally
>   go through.  When that happens, there are two priorities: mitigating
>   the impact, and understanding what happened to reduce the chance of
>   similar incidents in the future.  The responsibility for both these
>   things primarily lies with those involved, but like everything this is
>   a group effort.
>   
>   Some issues can directly affect all users---for instance because they
>   make @command{guix pull} fail or break core functionality, because they
>   break major packages (at build time or run time), or because they
>   introduce known security vulnerabilities.

I'm not sure what this paragraph is getting at?

In any case, for security vulnerabilities, to affect all users they
would also have to occur in major packages.

>   @cindex reverting commits
>   The people involved in authoring, reviewing, and pushing such
>   commit(s) should be at the forefront to mitigate their impact in a
>   timely fashion: by pushing a followup commit to fix it (if possible),
>   or by reverting it to leave time to come up with a proper fix, and by
>   communicating with other developers about the problem.
>   
>   If these persons are unavailable to address the issue in time, other
>   committers are entitled to revert the commit(s), explaining in the
>   commit log and on the mailing list what the problem was, with the goal
>   of leaving time to the original committer, reviewer(s), and author(s)
>   to propose a way forward.
>   
>   Once the problem has been dealt with, it is the responsibility of
>   those involved to make sure the situation is understood.  If you are
>   working to understand what happened, focus on gathering information
>   and avoid assigning any blame.  Do ask those involved to describe what
>   happened, do not ask them to explain the situation---this would
>   implicitly blame them, which is unhelpful.  Accountability comes from
>   a consensus about the problem, learning from it and improving
>   processes so that it's less likely to reoccur.
>
> There’s still “the people involved”, “these persons”, and “such commits”
> (I removed “faulty”), because I couldn’t think of a way of avoiding
> these without making the text too abstract or dismissing the idea
> entirely (the idea that if I push a breaking change, others can expect
> me to be spend time “mitigating the effort”).
>
> Also, I think it’s useful to distinguish between “I revert my commit”
> and “someone reverts my commit” due to their different social and
> emotional implications (our goal is precisely to suggest that these
> implications are out of place in this group effort that Guix is, but we
> can’t deny that they preexist).
>
> WDYT?

I think the above text looks good. As noted above, I'm unsure about the
second paragraph, but that's not a big issue.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 987 bytes --]

^ permalink raw reply	[flat|nested] 28+ messages in thread

* [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation
  2021-06-08 14:02             ` Christopher Baines
@ 2021-06-11 14:05               ` Ludovic Courtès
  2021-06-13 10:15                 ` [bug#48696] [PATCH v2 0/4] " Ludovic Courtès
  0 siblings, 1 reply; 28+ messages in thread
From: Ludovic Courtès @ 2021-06-11 14:05 UTC (permalink / raw)
  To: Christopher Baines; +Cc: 48696

Hi Chris,

Christopher Baines <mail@cbaines.net> skribis:

> Ludovic Courtès <ludo@gnu.org> writes:

[...]

>>   @subsection Addressing Issues
>>
>>   Peer review (@pxref{Submitting Patches}) and tools such as
>>   @command{guix lint} (@pxref{Invoking guix lint}) and the test suite
>>   (@pxref{Running the Test Suite}) should catch issues before they are
>>   pushed.  Yet, commits that ``break'' functionality might occasionally
>>   go through.  When that happens, there are two priorities: mitigating
>>   the impact, and understanding what happened to reduce the chance of
>>   similar incidents in the future.  The responsibility for both these
>>   things primarily lies with those involved, but like everything this is
>>   a group effort.
>>   
>>   Some issues can directly affect all users---for instance because they
>>   make @command{guix pull} fail or break core functionality, because they
>>   break major packages (at build time or run time), or because they
>>   introduce known security vulnerabilities.
>
> I'm not sure what this paragraph is getting at?

It’s supposed to be provide concrete guidance to a committer wondering
whether they can/should/are entitled to revert a given commit.

> In any case, for security vulnerabilities, to affect all users they
> would also have to occur in major packages.

Agreed.  The word “known” is important here: if I remove *-CVE-*.patch,
or if I downgrade a package, I’m likely introducing a “known”
vulnerability; if I’m adding a new package that later happens to be
vulnerable, it’s not a “known” vulnerability (it’s just routine ;-)).

> I think the above text looks good. As noted above, I'm unsure about the
> second paragraph, but that's not a big issue.

OK, thanks for taking the time to discuss it.  I’ll send a v2 so
everyone gets a chance to chime in.

Ludo’.




^ permalink raw reply	[flat|nested] 28+ messages in thread

* [bug#48696] [PATCH v2 0/4] Documenting commit reverts and revocation
  2021-06-11 14:05               ` Ludovic Courtès
@ 2021-06-13 10:15                 ` Ludovic Courtès
  2021-06-13 10:15                   ` [bug#48696] [PATCH v2 1/4] doc: Structure the "Commit Access" section Ludovic Courtès
                                     ` (4 more replies)
  0 siblings, 5 replies; 28+ messages in thread
From: Ludovic Courtès @ 2021-06-13 10:15 UTC (permalink / raw)
  To: 48696; +Cc: Ludovic Courtès

Hi!

Changes since the initial version:

  1. “Addressing Mistakes” section replaced by “Addressing Issues”
     following suggestions by Chris Baines at
     <https://issues.guix.gnu.org/48696#17>.

  2. Fix typo and clarify Git commit signing instructions as
     reported by Julien and Maxime (these were in pre-existing
     text).

If there are no objections, I’d like to push within a couple of
days.

Thanks,
Ludo’.

Ludovic Courtès (4):
  doc: Structure the "Commit Access" section.
  doc: Add "Addressing Issues" section.
  doc: Explain more reasons for commit revocation.
  doc: Clarify Git commit signing; fix typo.

 doc/contributing.texi | 121 ++++++++++++++++++++++++++++++++++--------
 1 file changed, 100 insertions(+), 21 deletions(-)

-- 
2.32.0





^ permalink raw reply	[flat|nested] 28+ messages in thread

* [bug#48696] [PATCH v2 1/4] doc: Structure the "Commit Access" section.
  2021-06-13 10:15                 ` [bug#48696] [PATCH v2 0/4] " Ludovic Courtès
@ 2021-06-13 10:15                   ` Ludovic Courtès
  2021-06-13 11:50                     ` Xinglu Chen
  2021-06-13 10:15                   ` [bug#48696] [PATCH v2 2/4] doc: Add "Addressing Issues" section Ludovic Courtès
                                     ` (3 subsequent siblings)
  4 siblings, 1 reply; 28+ messages in thread
From: Ludovic Courtès @ 2021-06-13 10:15 UTC (permalink / raw)
  To: 48696; +Cc: Ludovic Courtès

* doc/contributing.texi (Commit Access): Add introduction and section
heading.  Separate OpenPGP setup from commit policy.
---
 doc/contributing.texi | 59 ++++++++++++++++++++++++++++---------------
 1 file changed, 38 insertions(+), 21 deletions(-)

diff --git a/doc/contributing.texi b/doc/contributing.texi
index d67e632520..4ab489173b 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -1275,8 +1275,19 @@ this nifty tool!
 @section Commit Access
 
 @cindex commit access, for developers
-For frequent contributors, having write access to the repository is
-convenient.  When you deem it necessary, consider applying for commit
+Everyone can contribute to Guix without having commit access
+(@pxref{Submitting Patches}).  However, for frequent contributors,
+having write access to the repository can be convenient.  Commit access
+should not be thought of as a ``badge of honor'' but rather as a
+responsibility a contributor is willing to take to help the project.
+
+The following sections explain how to get commit access, how to be ready
+to push commits, and the policies and community expectations for commits
+pushed upstream.
+
+@subsection Applying for Commit Access
+
+When you deem it necessary, consider applying for commit
 access by following these steps:
 
 @enumerate
@@ -1348,6 +1359,27 @@ review and merging system, which, as a consequence, may lead us to have
 fewer people with commit access to the main repository.  Stay tuned!
 @end quotation
 
+All commits that are pushed to the central repository on Savannah must
+be signed with an OpenPGP key, and the public key should be uploaded to
+your user account on Savannah and to public key servers, such as
+@code{keys.openpgp.org}.  To configure Git to automatically sign
+commits, run:
+
+@example
+git config commit.gpgsign true
+git config user.signingkey CABBA6EA1DC0FF33
+@end example
+
+You can prevent yourself from accidentally pushing unsigned commits to
+Savannah by using the pre-push Git hook called located at
+@file{etc/git/pre-push}:
+
+@example
+cp etc/git/pre-push .git/hooks/pre-push
+@end example
+
+@subsection Commit Policy
+
 If you get commit access, please make sure to follow
 the policy below (discussions of the policy can take place on
 @email{guix-devel@@gnu.org}).
@@ -1366,25 +1398,6 @@ mailing list for commit notifications (@email{guix-commits@@gnu.org}),
 so people can notice.  Before pushing your changes, make sure to run
 @code{git pull --rebase}.
 
-All commits that are pushed to the central repository on Savannah must
-be signed with an OpenPGP key, and the public key should be uploaded to
-your user account on Savannah and to public key servers, such as
-@code{keys.openpgp.org}.  To configure Git to automatically sign
-commits, run:
-
-@example
-git config commit.gpgsign true
-git config user.signingkey CABBA6EA1DC0FF33
-@end example
-
-You can prevent yourself from accidentally pushing unsigned commits to
-Savannah by using the pre-push Git hook called located at
-@file{etc/git/pre-push}:
-
-@example
-cp etc/git/pre-push .git/hooks/pre-push
-@end example
-
 When pushing a commit on behalf of somebody else, please add a
 @code{Signed-off-by} line at the end of the commit log message---e.g.,
 with @command{git am --signoff}.  This improves tracking of who did
@@ -1406,12 +1419,16 @@ you're confident, it's OK to commit.
 That last part is subject to being adjusted, allowing individuals to commit
 directly on non-controversial changes on parts they’re familiar with.
 
+@subsection Commit Revocation
+
 In order to reduce the possibility of mistakes, committers will have
 their Savannah account removed from the Guix Savannah project and their
 key removed from @file{.guix-authorizations} after 12 months of
 inactivity; they can ask to regain commit access by emailing the
 maintainers, without going through the vouching process.
 
+@subsection Helping Out
+
 One last thing: the project keeps moving forward because committers not
 only push their own awesome changes, but also offer some of their time
 @emph{reviewing} and pushing other people's changes.  As a committer,
-- 
2.32.0





^ permalink raw reply related	[flat|nested] 28+ messages in thread

* [bug#48696] [PATCH v2 2/4] doc: Add "Addressing Issues" section.
  2021-06-13 10:15                 ` [bug#48696] [PATCH v2 0/4] " Ludovic Courtès
  2021-06-13 10:15                   ` [bug#48696] [PATCH v2 1/4] doc: Structure the "Commit Access" section Ludovic Courtès
@ 2021-06-13 10:15                   ` Ludovic Courtès
  2021-06-13 10:15                   ` [bug#48696] [PATCH v2 3/4] doc: Explain more reasons for commit revocation Ludovic Courtès
                                     ` (2 subsequent siblings)
  4 siblings, 0 replies; 28+ messages in thread
From: Ludovic Courtès @ 2021-06-13 10:15 UTC (permalink / raw)
  To: 48696; +Cc: Ludovic Courtès, Christopher Baines

* doc/contributing.texi (Addressing Mistakes): New section.

Co-authored-by: Christopher Baines <mail@cbaines.net>
---
 doc/contributing.texi | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/doc/contributing.texi b/doc/contributing.texi
index 4ab489173b..00962be11e 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -1419,6 +1419,45 @@ you're confident, it's OK to commit.
 That last part is subject to being adjusted, allowing individuals to commit
 directly on non-controversial changes on parts they’re familiar with.
 
+@subsection Addressing Issues
+
+Peer review (@pxref{Submitting Patches}) and tools such as
+@command{guix lint} (@pxref{Invoking guix lint}) and the test suite
+(@pxref{Running the Test Suite}) should catch issues before they are
+pushed.  Yet, commits that ``break'' functionality might occasionally
+go through.  When that happens, there are two priorities: mitigating
+the impact, and understanding what happened to reduce the chance of
+similar incidents in the future.  The responsibility for both these
+things primarily lies with those involved, but like everything this is
+a group effort.
+
+Some issues can directly affect all users---for instance because they
+make @command{guix pull} fail or break core functionality, because they
+break major packages (at build time or run time), or because they
+introduce known security vulnerabilities.
+
+@cindex reverting commits
+The people involved in authoring, reviewing, and pushing such
+commit(s) should be at the forefront to mitigate their impact in a
+timely fashion: by pushing a followup commit to fix it (if possible),
+or by reverting it to leave time to come up with a proper fix, and by
+communicating with other developers about the problem.
+
+If these persons are unavailable to address the issue in time, other
+committers are entitled to revert the commit(s), explaining in the
+commit log and on the mailing list what the problem was, with the goal
+of leaving time to the original committer, reviewer(s), and author(s)
+to propose a way forward.
+
+Once the problem has been dealt with, it is the responsibility of
+those involved to make sure the situation is understood.  If you are
+working to understand what happened, focus on gathering information
+and avoid assigning any blame.  Do ask those involved to describe what
+happened, do not ask them to explain the situation---this would
+implicitly blame them, which is unhelpful.  Accountability comes from
+a consensus about the problem, learning from it and improving
+processes so that it's less likely to reoccur.
+
 @subsection Commit Revocation
 
 In order to reduce the possibility of mistakes, committers will have
-- 
2.32.0





^ permalink raw reply related	[flat|nested] 28+ messages in thread

* [bug#48696] [PATCH v2 3/4] doc: Explain more reasons for commit revocation.
  2021-06-13 10:15                 ` [bug#48696] [PATCH v2 0/4] " Ludovic Courtès
  2021-06-13 10:15                   ` [bug#48696] [PATCH v2 1/4] doc: Structure the "Commit Access" section Ludovic Courtès
  2021-06-13 10:15                   ` [bug#48696] [PATCH v2 2/4] doc: Add "Addressing Issues" section Ludovic Courtès
@ 2021-06-13 10:15                   ` Ludovic Courtès
  2021-06-13 10:15                   ` [bug#48696] [PATCH v2 4/4] doc: Clarify Git commit signing; fix typo Ludovic Courtès
  2021-06-18 12:37                   ` bug#48696: [PATCH 0/3] Documenting commit reverts and revocation Ludovic Courtès
  4 siblings, 0 replies; 28+ messages in thread
From: Ludovic Courtès @ 2021-06-13 10:15 UTC (permalink / raw)
  To: 48696; +Cc: Ludovic Courtès

* doc/contributing.texi (Commit Revocation): Expound.
---
 doc/contributing.texi | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/doc/contributing.texi b/doc/contributing.texi
index 00962be11e..5e59278534 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -1466,6 +1466,27 @@ key removed from @file{.guix-authorizations} after 12 months of
 inactivity; they can ask to regain commit access by emailing the
 maintainers, without going through the vouching process.
 
+Maintainers@footnote{See @uref{https://guix.gnu.org/en/about} for the
+current list of maintainers.  You can email them privately at
+@email{guix-maintainers@@gnu.org}.} may also revoke an individual's
+commit rights, as a last resort, if cooperation with the rest of the
+community has caused too much friction---even within the bounds of the
+project's code of conduct (@pxref{Contributing}).  They would only do so
+after public or private discussion with the individual and a clear
+notice.  Examples of behavior that hinders cooperation and could lead to
+such a decision include:
+
+@itemize
+@item repeated violation of the commit policy stated above;
+@item repeated failure to take peer criticism into account;
+@item breaching trust through a series of grave incidents.
+@end itemize
+
+When maintainers resort to such a decision, they notify developers on
+@email{guix-devel@@gnu.org}; inquiries may be sent to
+@email{guix-maintainers@@gnu.org}.  Depending on the situation, the
+individual may still be welcome to contribute.
+
 @subsection Helping Out
 
 One last thing: the project keeps moving forward because committers not
-- 
2.32.0





^ permalink raw reply related	[flat|nested] 28+ messages in thread

* [bug#48696] [PATCH v2 4/4] doc: Clarify Git commit signing; fix typo.
  2021-06-13 10:15                 ` [bug#48696] [PATCH v2 0/4] " Ludovic Courtès
                                     ` (2 preceding siblings ...)
  2021-06-13 10:15                   ` [bug#48696] [PATCH v2 3/4] doc: Explain more reasons for commit revocation Ludovic Courtès
@ 2021-06-13 10:15                   ` Ludovic Courtès
  2021-06-18 12:37                   ` bug#48696: [PATCH 0/3] Documenting commit reverts and revocation Ludovic Courtès
  4 siblings, 0 replies; 28+ messages in thread
From: Ludovic Courtès @ 2021-06-13 10:15 UTC (permalink / raw)
  To: 48696; +Cc: Ludovic Courtès

Suggested by Maxime Devos <maximedevos@telenet.be>
and Julien Lepiller <julien@lepiller.eu>.

* doc/contributing.texi (Commit Access): Clarify Git commit signing
setup and fix typo.
---
 doc/contributing.texi | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/doc/contributing.texi b/doc/contributing.texi
index 5e59278534..a8bc279936 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -1367,11 +1367,13 @@ commits, run:
 
 @example
 git config commit.gpgsign true
+
+# Substitute the fingerprint of your public PGP key.
 git config user.signingkey CABBA6EA1DC0FF33
 @end example
 
 You can prevent yourself from accidentally pushing unsigned commits to
-Savannah by using the pre-push Git hook called located at
+Savannah by using the pre-push Git hook located at
 @file{etc/git/pre-push}:
 
 @example
-- 
2.32.0





^ permalink raw reply related	[flat|nested] 28+ messages in thread

* [bug#48696] [PATCH v2 1/4] doc: Structure the "Commit Access" section.
  2021-06-13 10:15                   ` [bug#48696] [PATCH v2 1/4] doc: Structure the "Commit Access" section Ludovic Courtès
@ 2021-06-13 11:50                     ` Xinglu Chen
  2021-06-13 11:56                       ` Xinglu Chen
  0 siblings, 1 reply; 28+ messages in thread
From: Xinglu Chen @ 2021-06-13 11:50 UTC (permalink / raw)
  To: Ludovic Courtès, 48696; +Cc: Ludovic Courtès

[-- Attachment #1: Type: text/plain, Size: 2288 bytes --]

On Sun, Jun 13 2021, Ludovic Courtès wrote:

> * doc/contributing.texi (Commit Access): Add introduction and section
> heading.  Separate OpenPGP setup from commit policy.
> ---
>  doc/contributing.texi | 59 ++++++++++++++++++++++++++++---------------
>  1 file changed, 38 insertions(+), 21 deletions(-)
>
> diff --git a/doc/contributing.texi b/doc/contributing.texi
> index d67e632520..4ab489173b 100644
> --- a/doc/contributing.texi
> +++ b/doc/contributing.texi
> @@ -1275,8 +1275,19 @@ this nifty tool!
>  @section Commit Access
>  
>  @cindex commit access, for developers
> -For frequent contributors, having write access to the repository is
> -convenient.  When you deem it necessary, consider applying for commit
> +Everyone can contribute to Guix without having commit access
> +(@pxref{Submitting Patches}).  However, for frequent contributors,
> +having write access to the repository can be convenient.  Commit access
> +should not be thought of as a ``badge of honor'' but rather as a
> +responsibility a contributor is willing to take to help the project.
> +
> +The following sections explain how to get commit access, how to be ready
> +to push commits, and the policies and community expectations for commits
> +pushed upstream.
> +
> +@subsection Applying for Commit Access
> +
> +When you deem it necessary, consider applying for commit
>  access by following these steps:
>  
>  @enumerate
> @@ -1348,6 +1359,27 @@ review and merging system, which, as a consequence, may lead us to have
>  fewer people with commit access to the main repository.  Stay tuned!
>  @end quotation
>  
> +All commits that are pushed to the central repository on Savannah must
> +be signed with an OpenPGP key, and the public key should be uploaded to
> +your user account on Savannah and to public key servers, such as
> +@code{keys.openpgp.org}.  To configure Git to automatically sign
> +commits, run:
> +
> +@example
> +git config commit.gpgsign true
> +git config user.signingkey CABBA6EA1DC0FF33
> +@end example
> +
> +You can prevent yourself from accidentally pushing unsigned commits to
> +Savannah by using the pre-push Git hook called located at
> +@file{etc/git/pre-push}:

I think you forgot to remove “called” :)


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 861 bytes --]

^ permalink raw reply	[flat|nested] 28+ messages in thread

* [bug#48696] [PATCH v2 1/4] doc: Structure the "Commit Access" section.
  2021-06-13 11:50                     ` Xinglu Chen
@ 2021-06-13 11:56                       ` Xinglu Chen
  0 siblings, 0 replies; 28+ messages in thread
From: Xinglu Chen @ 2021-06-13 11:56 UTC (permalink / raw)
  To: Ludovic Courtès, 48696; +Cc: Ludovic Courtès

[-- Attachment #1: Type: text/plain, Size: 2426 bytes --]

On Sun, Jun 13 2021, Xinglu Chen wrote:

> On Sun, Jun 13 2021, Ludovic Courtès wrote:
>
>> * doc/contributing.texi (Commit Access): Add introduction and section
>> heading.  Separate OpenPGP setup from commit policy.
>> ---
>>  doc/contributing.texi | 59 ++++++++++++++++++++++++++++---------------
>>  1 file changed, 38 insertions(+), 21 deletions(-)
>>
>> diff --git a/doc/contributing.texi b/doc/contributing.texi
>> index d67e632520..4ab489173b 100644
>> --- a/doc/contributing.texi
>> +++ b/doc/contributing.texi
>> @@ -1275,8 +1275,19 @@ this nifty tool!
>>  @section Commit Access
>>  
>>  @cindex commit access, for developers
>> -For frequent contributors, having write access to the repository is
>> -convenient.  When you deem it necessary, consider applying for commit
>> +Everyone can contribute to Guix without having commit access
>> +(@pxref{Submitting Patches}).  However, for frequent contributors,
>> +having write access to the repository can be convenient.  Commit access
>> +should not be thought of as a ``badge of honor'' but rather as a
>> +responsibility a contributor is willing to take to help the project.
>> +
>> +The following sections explain how to get commit access, how to be ready
>> +to push commits, and the policies and community expectations for commits
>> +pushed upstream.
>> +
>> +@subsection Applying for Commit Access
>> +
>> +When you deem it necessary, consider applying for commit
>>  access by following these steps:
>>  
>>  @enumerate
>> @@ -1348,6 +1359,27 @@ review and merging system, which, as a consequence, may lead us to have
>>  fewer people with commit access to the main repository.  Stay tuned!
>>  @end quotation
>>  
>> +All commits that are pushed to the central repository on Savannah must
>> +be signed with an OpenPGP key, and the public key should be uploaded to
>> +your user account on Savannah and to public key servers, such as
>> +@code{keys.openpgp.org}.  To configure Git to automatically sign
>> +commits, run:
>> +
>> +@example
>> +git config commit.gpgsign true
>> +git config user.signingkey CABBA6EA1DC0FF33
>> +@end example
>> +
>> +You can prevent yourself from accidentally pushing unsigned commits to
>> +Savannah by using the pre-push Git hook called located at
>> +@file{etc/git/pre-push}:
>
> I think you forgot to remove “called” :)

Oh, I see that you fixed it in 4/4...

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 861 bytes --]

^ permalink raw reply	[flat|nested] 28+ messages in thread

* bug#48696: [PATCH 0/3] Documenting commit reverts and revocation
  2021-06-13 10:15                 ` [bug#48696] [PATCH v2 0/4] " Ludovic Courtès
                                     ` (3 preceding siblings ...)
  2021-06-13 10:15                   ` [bug#48696] [PATCH v2 4/4] doc: Clarify Git commit signing; fix typo Ludovic Courtès
@ 2021-06-18 12:37                   ` Ludovic Courtès
  4 siblings, 0 replies; 28+ messages in thread
From: Ludovic Courtès @ 2021-06-18 12:37 UTC (permalink / raw)
  To: 48696-done

Hi!

Ludovic Courtès <ludo@gnu.org> skribis:

> If there are no objections, I’d like to push within a couple of
> days.

[...]

>   doc: Structure the "Commit Access" section.
>   doc: Add "Addressing Issues" section.
>   doc: Explain more reasons for commit revocation.
>   doc: Clarify Git commit signing; fix typo.

Pushed as b5b9266e409abb18970bd34557cf087eb29fa713.

Thanks Chris and everyone for your feedback!

Ludo’.




^ permalink raw reply	[flat|nested] 28+ messages in thread

end of thread, other threads:[~2021-06-18 12:40 UTC | newest]

Thread overview: 28+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-27 12:32 [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation Ludovic Courtès
2021-05-27 12:35 ` [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section Ludovic Courtès
2021-05-27 12:35   ` [bug#48696] [PATCH 2/3] doc: Add "Addressing Mistakes" section Ludovic Courtès
2021-05-27 19:19     ` Christopher Baines
2021-05-29 10:22       ` Ludovic Courtès
2021-05-30 10:29         ` Christopher Baines
2021-06-02  9:22           ` [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation Ludovic Courtès
2021-06-08 14:02             ` Christopher Baines
2021-06-11 14:05               ` Ludovic Courtès
2021-06-13 10:15                 ` [bug#48696] [PATCH v2 0/4] " Ludovic Courtès
2021-06-13 10:15                   ` [bug#48696] [PATCH v2 1/4] doc: Structure the "Commit Access" section Ludovic Courtès
2021-06-13 11:50                     ` Xinglu Chen
2021-06-13 11:56                       ` Xinglu Chen
2021-06-13 10:15                   ` [bug#48696] [PATCH v2 2/4] doc: Add "Addressing Issues" section Ludovic Courtès
2021-06-13 10:15                   ` [bug#48696] [PATCH v2 3/4] doc: Explain more reasons for commit revocation Ludovic Courtès
2021-06-13 10:15                   ` [bug#48696] [PATCH v2 4/4] doc: Clarify Git commit signing; fix typo Ludovic Courtès
2021-06-18 12:37                   ` bug#48696: [PATCH 0/3] Documenting commit reverts and revocation Ludovic Courtès
2021-05-27 12:35   ` [bug#48696] [PATCH 3/3] doc: Explain more reasons for commit revocation Ludovic Courtès
2021-05-27 19:13     ` Maxime Devos
2021-05-27 20:07     ` Christopher Baines
2021-05-29  9:58       ` Ludovic Courtès
2021-05-29 11:28         ` Christopher Baines
2021-05-29 20:36           ` Ludovic Courtès
2021-05-27 13:55   ` [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section Julien Lepiller
2021-05-29  9:30     ` Ludovic Courtès
2021-05-27 19:10   ` Maxime Devos
2021-05-27 14:16 ` [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation Leo Famulari
2021-05-30 12:49 ` Tobias Geerinckx-Rice via Guix-patches via

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.