Hi hackers, Coming back to this, because we did start doing some of these, but didn't actually document all of these suggestions. On Thu, 2023-04-06 at 18:30 +0200, Mark Wielaard wrote: > In general it feels like the elfutils community is working well, there > are regular releases with bug fixes and new features. Most patches are > reviewed fairly quickly (although there are some exceptions where > patches have been pending too long). So I don't want to change too > much. But here are some small suggestions for changes to out processes > that might be helpful: > > - Get rid of ChangeLog files and trivial ChangeLog entries > I personally love ChangeLog entries. Writing them helps me > double check I actually intended to make the changes. And > it is a great help reviewing patches. It helps having to > guess if some specific change was an accident or intended. > > But patches that have changes against the ChangeLog files are > sometimes hard to rebase or move between branches. The gnulib > git-merge-changelog driver is awesome, but is not always able > to help. Also some commit messages for smaller changes are > already fine describing what changed. > > So I propose to drop ChangeLog files completely and only add > a ChangeLog entry to the commit message for larger changes > to help the review process. Some, but not all contributors have now switched to this style of commits. The attached patch formally documents it. > - Use patchwork more > All patches sent to the mailing list are tracked at > https://patchwork.sourceware.org/project/elfutils/list/ > It has helped me a lot keeping track of patches that > have been pending for some time. Also git-pw has been > really nice for cherry-picking patches. > https://patchwork.readthedocs.io/projects/git-pw/en/latest/ > > Please let me know if you would like to help maintain the > pending patch list and I'll add your account as maintainer > for the elfutils project. > > For using it with git-pw use these .git/config settings: > [pw] > server = https://patchwork.sourceware.org/api/1.2/ > project = elfutils > token = > states = committed,accepted,superseded,deferred,rejected,under-review > > It would be nice if it was automated a bit more by have a git > commit hook that flagged whether a patch was committed. And if > the buildbot try-branch system would flag pass/fail on the patch. The automation is still not there. But I am using it happily as todo list: https://patchwork.sourceware.org/project/elfutils/list/ Currently it lists 42 active patches, so we could use some help with reviewing. If anybody want to become a elfutils patchwork maintainer please let me know. Also documented in CONTRIBUTING in the attached patch. > - Don't require "real names" in Signed-off-by lines. > Our current CONTRIBUTING guide say that you have to use your > your real name for the Signed-off-by line. This is sometimes > problematic for people for who their real (legal) name is not > how they identify themselves to others. I suggest to change > the requirement as follows (this mimics what the linux kernel > project did recently): > > diff --git a/CONTRIBUTING b/CONTRIBUTING > index bb48975b..1a1c443f 100644 > --- a/CONTRIBUTING > +++ b/CONTRIBUTING > @@ -45,7 +45,9 @@ then you just add a line saying > > Signed-off-by: Random J Developer > > -using your real name (sorry, no pseudonyms or anonymous > contributions.) > +using a known identity (sorry, no anonymous contributions.) > +The name you use as your identity should not be an anonymous id > +or false name that misrepresents who you are. > > git commit --signoff will add such a Signed-off-by line at the end of > the commit log message for you. I have now committed the above change. commit b770e1c4def3532c7b59c4d2e4cd3cee26d4548b Author: Mark Wielaard Date: Thu Oct 19 17:47:28 2023 +0200 CONTRIBUTING: Switch from real name policy to know identity policy Signed-off-by: Mark Wielaard > - "Security" bug guidance > Here I don't have good guidance, but I have the feeling some of > the bugs reported (especially by some fuzzers) are sometimes > unnecessarily marked as security issues. Which causes lots of > unnecessary work for downstream users of our code. Especially > if someone starts assigning CVEs to them. It would be good to > have some explicit text to point "security" bug reporters at > on how we will handle their bugs. Thanks to Frank we now have this! With the following note in our README: See the SECURITY file for defining and handling security- sensitive bugs. There are two more changes I like to make, but not right now. As part of the release (just before, or right after) later this month I like to switch the main branch from 'master' to 'main'. It is the last use of some harmful language in our project. https://inclusivenaming.org/ It will need a few updates to the documentation and buildbot setup. But we can leave an alias so nothing breaks. Finally we do have a somewhat informal code of conduct, see the end of our CONTRIBUTING document: committers/maintainers who repeatedly ignore the above guidelines, are hostile or offensive towards other committers or contributors, and don't correct their behavior after being asked by other committers will be removed as maintainer/committer. It would imho be good to extend this a little to all project contributors and adopt a formal code of conduct like the Contributor Covenant https://www.contributor-covenant.org/ That page also has some good references on reaching agreement on adopting such a more formal code of conduct. Please let me know if you would like to help adopting a more formal code of conduct and/or be part of a code of conduct committee for elfutils. Thanks, Mark