From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184]) by sourceware.org (Postfix) with ESMTPS id F21233858D28 for ; Thu, 6 Apr 2023 21:57:50 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org F21233858D28 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=klomp.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org Received: by gnu.wildebeest.org (Postfix, from userid 1000) id C793E302BB02; Thu, 6 Apr 2023 23:57:49 +0200 (CEST) Date: Thu, 6 Apr 2023 23:57:49 +0200 From: Mark Wielaard To: "Frank Ch. Eigler" Cc: elfutils-devel@sourceware.org Subject: Re: Some ideas for process improvements/changes Message-ID: <20230406215749.GC18331@gnu.wildebeest.org> References: <11b1c515a2a0ed2af0c72ac6437aca81ba0806a7.camel@klomp.org> <20230406173420.GA10746@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230406173420.GA10746@redhat.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Status: No, score=-3030.6 required=5.0 tests=BAYES_00,JMQ_SPF_NEUTRAL,KAM_DMARC_STATUS,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Hi Frank, On Thu, Apr 06, 2023 at 01:34:20PM -0400, Frank Ch. Eigler via Elfutils-devel wrote: > > - Get rid of ChangeLog files and trivial ChangeLog entries > > [...] > > Yes please! So sad, on irc people are also enthousiastic about this. O well. :) > > - Use patchwork more > > [...] > > This doesn't seem like something for community/contributors > to do - patchwork seems mostly a maintainer/committer tool. But I want more community/contributors to feel like they are maintainers/committers! > > It would be nice if it was automated a bit more by have a git > > commit hook that flagged whether a patch was committed. And if > > the buildbot try-branch system would flag pass/fail on the patch. > > Sounds like a sourceware infrastructure RFE. Yes, but if I RFE that then it often just comes back to me to add it :) So I mention it here in the hope someone says "O, but that is easy, this is exactly how to do it..." > > - Don't require "real names" in Signed-off-by lines. > > [...] > > +The name you use as your identity should not be an anonymous id > > +or false name that misrepresents who you are. > > (No strong opinion on this one, except that a declaration that is this > informal would have little weight, should it ever be relied upon in > legal proceedings.) Do you feel this weakens our Developer's Certificate of Origin process? My point is that we shouldn't judge what is a "real name" or not. But the name shouldn't misrepresent who someone is. What we care about is that the identity people use to sign the certificate refers to a real person that can be contacted about their contributions when needed. > > - "Security" bug guidance > > [...] > > Yeah, a brief SECURITY file would be nice. Any suggestions about what to put in such a section or file. My main concern is that people are filing things we regard as simple bugs as "security" issues and get CVEs assigned which cause lots of extra work for some of our downstream users. I think we should be clear that we want to fix all bugs and don't want to get dragged into embargoed security theater. https://daniel.haxx.se/blog/2023/03/29/pre-notification-dilemmas/ Cheers, Mark