From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id EFCWE+Ycg2DH0QAAgWs5BA (envelope-from ) for ; Fri, 23 Apr 2021 21:15:50 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id aLg5D+Ycg2BMUQAA1q6Kng (envelope-from ) for ; Fri, 23 Apr 2021 19:15:50 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id F397E141D1 for ; Fri, 23 Apr 2021 21:15:49 +0200 (CEST) Received: from localhost ([::1]:34094 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1la1HI-0001Yc-V9 for larch@yhetil.org; Fri, 23 Apr 2021 15:15:48 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38158) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1la1H2-0001XX-PM for guix-devel@gnu.org; Fri, 23 Apr 2021 15:15:32 -0400 Received: from mailrelay.tugraz.at ([129.27.2.202]:34814) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1la1Gz-0006Kt-9R for guix-devel@gnu.org; Fri, 23 Apr 2021 15:15:32 -0400 Received: from nijino.local (194-96-9-9.adsl.highway.telekom.at [194.96.9.9]) by mailrelay.tugraz.at (Postfix) with ESMTPSA id 4FRkWp34h0z1DDYw; Fri, 23 Apr 2021 21:15:18 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mailrelay.tugraz.at 4FRkWp34h0z1DDYw DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tugraz.at; s=mailrelay; t=1619205318; bh=4YwfCRQ/Vi95ZwSuFLiGS6S81r7ornLG94ZtIeHVL3o=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=krm+BEwOJ6RhujTw3HRZwRV877b4k1KiWbuFnZ9/+CrvyK2MJd3jKNJYtFX7/aX5C W0pELYNG0gbzS1aVCfK5BNwoS+rm2mXa4pa8tegg/PlXc+seBVAx3uinbM4eFO8Ocq csAmXP8criil8tJ45nEyX6Qx1VrdsuLUg0DpU8GU= Message-ID: <7e8c672c98c461ab01d0f56b686e44e30a4a0e1f.camel@student.tugraz.at> Subject: Re: A "cosmetic changes" commit that removes security fixes From: Leo Prikler To: =?ISO-8859-1?Q?L=E9o?= Le Bouter , Maxim Cournoyer Date: Fri, 23 Apr 2021 21:15:17 +0200 In-Reply-To: <5cbbfa9b258fb28beb9288685ccc85b4d015cd8a.camel@zaclys.net> References: <87tunz11mf.fsf@netris.org> <87r1j30xmo.fsf@netris.org> <87czumypz3.fsf@netris.org> <87o8e4zy5k.fsf@gmail.com> <5cbbfa9b258fb28beb9288685ccc85b4d015cd8a.camel@zaclys.net> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TUG-Backscatter-control: bt4lQm5Tva3SBgCuw0EnZw X-Spam-Scanner: SpamAssassin 3.003001 X-Spam-Score-relay: -1.9 X-Scanned-By: MIMEDefang 2.74 on 129.27.10.117 Received-SPF: pass client-ip=129.27.2.202; envelope-from=leo.prikler@student.tugraz.at; helo=mailrelay.tugraz.at X-Spam_score_int: -42 X-Spam_score: -4.3 X-Spam_bar: ---- X-Spam_report: (-4.3 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Guix Devel , Sou Bunnbu , Raghav Gururajan Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1619205350; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=4YwfCRQ/Vi95ZwSuFLiGS6S81r7ornLG94ZtIeHVL3o=; b=h5Sdd1dekeNNu0zHsA4NDpax/hAdZIGQHz6DsyFjjRpiyu19eX/ztgth3/R8CNQyjBoB0o KWJFIsqtITy0kNAUSokt98nKP+TM0Fn0DbkNsjFQe62SJHVaMiOjyxRT766jR+OVyUgNUq qzB63RWbPDJtw48qm0FLdPFqImmk+9131Z932xQD6hb1hZ+WPA0CcrMr7I1p+KArD27pw/ 18nc4rcro/d6IqET9FMdYVwL7BgwgePQITLEtJevqB5mb5Xsk8tQpPDc5HEH4w3chF1aFg 6IJL3zqQuZR2ZoYaIynOmxolS95WKkuw2ljgStkPS9nfjJjdLbr4Qn1f78yiTw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1619205350; a=rsa-sha256; cv=none; b=JJ15KgzzFYy1zXdF5qnirflR4Do3T+FbMPRACES6nEzdbjXc5A4qXM6ysKq4HxR9CZHrCf Q0lQsttfgD8xPQ+tTr9jqlVuD7YlRCso23nYh3IJnHxkEF0nUTh1yvv4GmuptHwzLHto5D i9YolXVTq7h4LNjzaE2A4ugyhjAB6iv96W+NNta3cByh65dJyZFg5VU42n0AOxErhCpiNT w0iAOo3FyqUXzj3rQJLMcWY284fw+2h0MMiELx6OkynYchuYiR+UZf9XNtAmZlQw5cYRvG oTxiJDI8XiI7jofe8WS/Z3r4tKtAZJxN1210qj1uuf3smy/6R7qBlPgA0d/LAQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=tugraz.at header.s=mailrelay header.b=krm+BEwO; dmarc=fail reason="SPF not aligned (relaxed)" header.from=student.tugraz.at (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: 0.16 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=tugraz.at header.s=mailrelay header.b=krm+BEwO; dmarc=fail reason="SPF not aligned (relaxed)" header.from=student.tugraz.at (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: F397E141D1 X-Spam-Score: 0.16 X-Migadu-Scanner: scn0.migadu.com X-TUID: 2Fdah15oH9S0 Hi, Am Freitag, den 23.04.2021, 20:50 +0200 schrieb Léo Le Bouter: > I think there is no problem in accepting criticism but there is a > certain way Mark presents criticism and I don't feel like I can > respond > to it when it is written in such way. Over several emails Mark was > looking to point to people who were somehow responsible for whatever > "damage" for changes that happened on a branch nobody uses and always > contains ongoing work (core-updates), so maintaining it security-wise > is not as much of a question. The result is that we have a long > thread > of people responding etc. causing a fuss over something that just > needs > to be fixed rather than find whoever is somehow "responsible". I disagree with the sentiment, that core-updates is fair game for any kind of commit. Now, naturally, since they cause many rebuilds it may be harder to verify that upgrading some packages does not lead to failure in another (especially without the CI), contributing to the "work in progress" nature of core-updates, but this still doesn't excuse removing security fixes. We all expect, that at some point we can merge core-updates "as is" into master and commits like that call this assumption into question, instead demanding a full review of a branch, whose patches should already have been reviewed by the time they land. > I feel > like we're collectively responsible. We try our best at all times, > during this GNOME upgrade I also tried to take into account Raghav's > feelings so they do not give up and have a rewarding review > experience, > I knew these commits werent great, I have written about it here: < > https://issues.guix.gnu.org/42958#67>;. I think a more rewarding experience would have been to help them arrive at a point, where such changes are no longer needed for the rest of their patch set. Not only would this have solved their immediate issue, it would also have been a good learning experience and we wouldn't need to discuss this at lengths several months later. I have worked with Raghav before on telegram-desktop (and other packages as well) and they were pretty patient with about 20 versions being sent back and forth between us until we arrived at a set of descriptions, that we could safely push. Not nearly as many versions would need to be sent in the case of a "cosmetic changes" patch, when I ported their GStreamer updates to staging, I noticed that it was mostly the indentation, that would screw things up for future patches. I admit, sometimes Raghav appears to "just want to get the job done quickly", but giving in to such urges helps no one. Regards, Leo