From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id YCOaGRz+jmDVdwEAgWs5BA (envelope-from ) for ; Sun, 02 May 2021 21:31:40 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id uA1SFRz+jmD0GgAA1q6Kng (envelope-from ) for ; Sun, 02 May 2021 19:31:40 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id C71A19ED8 for ; Sun, 2 May 2021 21:31:39 +0200 (CEST) Received: from localhost ([::1]:54056 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ldHoY-0005j5-Ot for larch@yhetil.org; Sun, 02 May 2021 15:31:38 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34238) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ldHnT-0005hS-Kx for guix-devel@gnu.org; Sun, 02 May 2021 15:30:31 -0400 Received: from world.peace.net ([64.112.178.59]:60706) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ldHnR-0003Pl-7q; Sun, 02 May 2021 15:30:31 -0400 Received: from mhw by world.peace.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1ldHnA-0003C8-Ic; Sun, 02 May 2021 15:30:12 -0400 From: Mark H Weaver To: Leo Prikler , =?utf-8?B?5a6L5paH5q2m?= Subject: Re: Criticisms of my "tone" (was Re: A "cosmetic changes" commit that removes security fixes) In-Reply-To: <8df20a7d869d5bdca47aaf044ac9b229b020aea2.camel@student.tugraz.at> References: <87tunz11mf.fsf@netris.org> <87y2daz13x.fsf@netris.org> <87r1j2z079.fsf@netris.org> <87a6pqypf9.fsf@netris.org> <87wnsp7yo9.fsf@gnu.org> <87v986pdej.fsf@netris.org> <874kfm75fl.fsf@biscuolo.net> <1bbb100c34c660eaa697ae7ea9ea7ea3638c4c50.camel@student.tugraz.at> <87wnsije63.fsf@netris.org> <8df20a7d869d5bdca47aaf044ac9b229b020aea2.camel@student.tugraz.at> Date: Sun, 02 May 2021 15:29:24 -0400 Message-ID: <87k0ohorww.fsf@netris.org> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=64.112.178.59; envelope-from=mhw@netris.org; helo=world.peace.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Guix Devel , GNU Guix maintainers Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1619983899; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=4FOStWVBUuEOcwDL1QmaiHjGIchpccRYod8yhjnzg1c=; b=U1KOoMvH9sqkT08bP02oa6YSV0u4+PSddyjly0kIbepBfyAQynCIhmsputX12/60tOVUQZ m4gJ6k2esPV0jaBGjMcYMK7ving94LvoK6b9czR8TIWu5Kup9mFTGJX965bfR/f+HyjDa4 LOLBltrEJP4omTbT/f5/yPVmN/iPsV2omWmSDX5izJByX2+yu1YxON5yzLlkI6STaF+Kp5 jFU0qiUZGo8z7yStMhWfQpm6Ip6sz2nLLOWM5LNKUgpNbC0iMla2NgCj1HMoLmyugtULuc ONLQ79jHJ4xSPn9BXfX7NdhgTEc44jda7sOVHX8ccsHOoURc7kxwJIkP1togYA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1619983899; a=rsa-sha256; cv=none; b=FvMk0Xw7UTsKplxvQuXRvPczecgiUgx4gNKN1FEihEdrMtGX1nzSHZdNchllp0WQsbbuIe wnnPKgFaSW/+Xc56d+y0Rmy896hfLuBiaIlgSifE/5mWgbrFc/G40xvVZMXH0z6+vFVG05 ywyXabADIjcJWrW008S4VrplZTBrs1qWJJjGxD94GGqiJdle1Wf2XT7KSjJepJSA/Vy9wH 5NaAL1uKkMJXQ8ESmiEu32OL0sC5ziIPYmmTirkZswhczobMFOHOw4ePijhEwMU/guq+Ip unBIwUi7jjF6ba9eJS+q7i+axwv3m+eG2Pc76o16SmefN+nn5hk/dwdnIF/t8A== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -2.46 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: C71A19ED8 X-Spam-Score: -2.46 X-Migadu-Scanner: scn0.migadu.com X-TUID: Lleps06uwYIA Hi Leo, Leo Prikler writes: > Let us assume for > the sake of argument I were to introduce a bug into Guix. There are a > number of ways this can happen, but let's focus on the important > distinction here, which is me purposefully introducing that bug vs. it > happening due to oversight. > > Let us imagine the following four scenarios: > 1. You assume I'm acting in bad faith and I indeed am. > 2. You assume I'm acting in bad faith and I am not. > 3. You assume I'm acting in good faith and I am not. > 4. You assume I'm acting in good faith and I am. This is a false dilemma , because you've missed a very important case, namely: 5. You assume *nothing*. This is, in fact, the current scenario. I'm not making any assumptions. That is truly the state of my mind on this question, and I think it's the only rational position to take. In particular, I don't feel the need to introduce assumptions in order to justify my question in the opening email of this thread, namely whether someone who pushed a "cosmetic changes" commit that removes security fixes should have commit access. That question does _not_ imply that anyone acted in bad faith. From my perspective, it doesn't matter for our purposes. (Of course, it would be good to know, but I'd rather not be distracted by questions that we have little hope of ever answering.) My primary concern here is to protect our users, and the integrity of our systems and of Guix itself. I don't know how to do that if we tolerate committers who repeatedly push commits with misleading commit messages. In order for meaningful oversight of Guix to be practical, it is of *paramount* importance that the summary lines of commits be reasonably accurate. I have neither the time nor the interest in scrutinizing _every_ commit pushed to our repository, just in case the summary lines are misleading. Therefore, I claim that we *must not* tolerate committers who repeatedly push commits with misleading commit logs. We are lucky that this incident was discovered. There's no guarantee that the next one will be. This is _not_ about being a beginner. No technical expertise should have been required to avoid this incident, only some basic care before pushing commits. Even the most cursory glance at the commit log should have immediately raised red flags, because its summary line clearly contradicts the next few lines of the commit log itself: --8<---------------cut here---------------start------------->8--- gnu: cairo: Make some cosmetic changes. * gnu/packages/patches/cairo-CVE-2018-19876.patch, gnu/packages/patches/cairo-CVE-2020-35492.patch: Remove patches. * gnu/local.mk (dist_patch_DATA): Unregister them. * gnu/packages/gtk.scm (cairo): Make some cosmetic changes. [replacement]: Remove. (cairo/fixed): Remove. --8<---------------cut here---------------end--------------->8--- I don't know what went wrong here, but it doesn't really matter to me. Whatever the reason, I don't want someone who pushes commits like this to have commit access. If people want to condemn me for saying that, so be it. Regards, Mark -- Disinformation flourishes because many people care deeply about injustice but very few check the facts. Ask me about .