From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184]) by sourceware.org (Postfix) with ESMTPS id 64C953858D28 for ; Thu, 6 Apr 2023 16:30:56 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 64C953858D28 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=klomp.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org Received: from r6.localdomain (82-217-174-174.cable.dynamic.v4.ziggo.nl [82.217.174.174]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gnu.wildebeest.org (Postfix) with ESMTPSA id 1D4B9302BB02 for ; Thu, 6 Apr 2023 18:30:54 +0200 (CEST) Received: by r6.localdomain (Postfix, from userid 1000) id C2BED340082; Thu, 6 Apr 2023 18:30:53 +0200 (CEST) Message-ID: <11b1c515a2a0ed2af0c72ac6437aca81ba0806a7.camel@klomp.org> Subject: Some ideas for process improvements/changes From: Mark Wielaard To: elfutils-devel@sourceware.org Date: Thu, 06 Apr 2023 18:30:53 +0200 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.46.4 (3.46.4-1.fc37) MIME-Version: 1.0 X-Spam-Status: No, score=-3035.4 required=5.0 tests=BAYES_00,GIT_PATCH_0,JMQ_SPF_NEUTRAL,KAM_DMARC_STATUS,RCVD_IN_BARRACUDACENTRAL,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Hi hackers, In general it feels like the elfutils community is working well, there are regular releases with bug fixes and new features. Most patches are reviewed fairly quickly (although there are some exceptions where patches have been pending too long). So I don't want to change too much. But here are some small suggestions for changes to out processes that might be helpful: - Get rid of ChangeLog files and trivial ChangeLog entries I personally love ChangeLog entries. Writing them helps me double check I actually intended to make the changes. And it is a great help reviewing patches. It helps having to guess if some specific change was an accident or intended. But patches that have changes against the ChangeLog files are sometimes hard to rebase or move between branches. The gnulib git-merge-changelog driver is awesome, but is not always able to help. Also some commit messages for smaller changes are already fine describing what changed. So I propose to drop ChangeLog files completely and only add a ChangeLog entry to the commit message for larger changes to help the review process. - Use patchwork more All patches sent to the mailing list are tracked at https://patchwork.sourceware.org/project/elfutils/list/ It has helped me a lot keeping track of patches that have been pending for some time. Also git-pw has been really nice for cherry-picking patches. https://patchwork.readthedocs.io/projects/git-pw/en/latest/ =20 Please let me know if you would like to help maintain the pending patch list and I'll add your account as maintainer for the elfutils project. For using it with git-pw use these .git/config settings: [pw] server =3D https://patchwork.sourceware.org/api/1.2/ project =3D elfutils token =3D states =3D committed,accepted,superseded,deferred,rejected,under-review It would be nice if it was automated a bit more by have a git commit hook that flagged whether a patch was committed. And if the buildbot try-branch system would flag pass/fail on the patch. - Don't require "real names" in Signed-off-by lines. Our current CONTRIBUTING guide say that you have to use your=20 your real name for the Signed-off-by line. This is sometimes problematic for people for who their real (legal) name is not how they identify themselves to others. I suggest to change the requirement as follows (this mimics what the linux kernel project did recently): diff --git a/CONTRIBUTING b/CONTRIBUTING index bb48975b..1a1c443f 100644 --- a/CONTRIBUTING +++ b/CONTRIBUTING @@ -45,7 +45,9 @@ then you just add a line saying =20 Signed-off-by: Random J Developer =20 -using your real name (sorry, no pseudonyms or anonymous contributions.) +using a known identity (sorry, no anonymous contributions.) +The name you use as your identity should not be an anonymous id +or false name that misrepresents who you are. =20 git commit --signoff will add such a Signed-off-by line at the end of the commit log message for you. - "Security" bug guidance Here I don't have good guidance, but I have the feeling some of the bugs reported (especially by some fuzzers) are sometimes unnecessarily marked as security issues. Which causes lots of unnecessary work for downstream users of our code. Especially if someone starts assigning CVEs to them. It would be good to have some explicit text to point "security" bug reporters at on how we will handle their bugs. Cheers, Mark