From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184]) by sourceware.org (Postfix) with ESMTPS id 97D893858D1E for ; Thu, 19 Oct 2023 16:13:17 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 97D893858D1E Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=klomp.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 97D893858D1E Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=45.83.234.184 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1697732000; cv=none; b=uqXkUO0JPPNqfsUbIDiZqn0HRT9KUaWJpn2WSgJB/rQ06SD0JaoBYKprbZeoeNrR7nwSsZANL84/ILGCo3VCbsSS+EqSHi7KtEyePMBiBqHXfhihCFfqMF4Dg0HbpxEm+OmjkRcd4xgW+Kjg6xMFmTFxr3gL34X6IDnC2aozaLM= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1697732000; c=relaxed/simple; bh=Igy0Bg7gbvm7NihL0ZnGkokIbNZPrwhHD9lv4gIFwV4=; h=Message-ID:Subject:From:To:Date:MIME-Version; b=K219dQ+vYPw4NVR2CX8dbwAn6gpAQAHVlnsClz4zlCx6ha1m12wdH1D9/OYqlaEUOnaT4LA5D14k8yd5RFYjMELjMpYVCpxPSwoGrn/DngMWGmTIB9AcaYWhwea082nhorNiAom8NzNAZU/rjDg159MkP2heqpghktSUoseNNuk= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from r6.localdomain (82-217-174-174.cable.dynamic.v4.ziggo.nl [82.217.174.174]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gnu.wildebeest.org (Postfix) with ESMTPSA id EA7E2302FDCA for ; Thu, 19 Oct 2023 18:13:15 +0200 (CEST) Received: by r6.localdomain (Postfix, from userid 1000) id 8634F340314; Thu, 19 Oct 2023 18:13:15 +0200 (CEST) Message-ID: <63f6aa114966e0d49d18497c336afa8d3965e24d.camel@klomp.org> Subject: Re: Some ideas for process improvements/changes From: Mark Wielaard To: elfutils-devel@sourceware.org Date: Thu, 19 Oct 2023 18:13:15 +0200 In-Reply-To: <11b1c515a2a0ed2af0c72ac6437aca81ba0806a7.camel@klomp.org> References: <11b1c515a2a0ed2af0c72ac6437aca81ba0806a7.camel@klomp.org> Content-Type: multipart/mixed; boundary="=-D6fW92vmv7PHgP7QO/SK" User-Agent: Evolution 3.48.4 (3.48.4-1.fc38) MIME-Version: 1.0 X-Spam-Status: No, score=-3033.4 required=5.0 tests=BAYES_00,GIT_PATCH_0,JMQ_SPF_NEUTRAL,KAM_DMARC_STATUS,KAM_SHORT,RCVD_IN_BARRACUDACENTRAL,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --=-D6fW92vmv7PHgP7QO/SK Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi hackers, Coming back to this, because we did start doing some of these, but didn't actually document all of these suggestions. On Thu, 2023-04-06 at 18:30 +0200, Mark Wielaard wrote: > In general it feels like the elfutils community is working well, there > are regular releases with bug fixes and new features. Most patches are > reviewed fairly quickly (although there are some exceptions where > patches have been pending too long). So I don't want to change too > much. But here are some small suggestions for changes to out processes > that might be helpful: >=20 > - Get rid of ChangeLog files and trivial ChangeLog entries > I personally love ChangeLog entries. Writing them helps me > double check I actually intended to make the changes. And > it is a great help reviewing patches. It helps having to > guess if some specific change was an accident or intended. >=20 > But patches that have changes against the ChangeLog files are > sometimes hard to rebase or move between branches. The gnulib > git-merge-changelog driver is awesome, but is not always able > to help. Also some commit messages for smaller changes are > already fine describing what changed. >=20 > So I propose to drop ChangeLog files completely and only add > a ChangeLog entry to the commit message for larger changes > to help the review process. Some, but not all contributors have now switched to this style of commits. The attached patch formally documents it. > - Use patchwork more > All patches sent to the mailing list are tracked at > https://patchwork.sourceware.org/project/elfutils/list/ > It has helped me a lot keeping track of patches that > have been pending for some time. Also git-pw has been > really nice for cherry-picking patches. > https://patchwork.readthedocs.io/projects/git-pw/en/latest/ > =20 > Please let me know if you would like to help maintain the > pending patch list and I'll add your account as maintainer > for the elfutils project. >=20 > For using it with git-pw use these .git/config settings: > [pw] > server =3D https://patchwork.sourceware.org/api/1.2/ > project =3D elfutils > token =3D > states =3D committed,accepted,superseded,deferred,rejected,under-revi= ew >=20 > It would be nice if it was automated a bit more by have a git > commit hook that flagged whether a patch was committed. And if > the buildbot try-branch system would flag pass/fail on the patch. The automation is still not there. But I am using it happily as todo list: https://patchwork.sourceware.org/project/elfutils/list/ Currently it lists 42 active patches, so we could use some help with reviewing. If anybody want to become a elfutils patchwork maintainer please let me know. Also documented in CONTRIBUTING in the attached patch. > - Don't require "real names" in Signed-off-by lines. > Our current CONTRIBUTING guide say that you have to use your=20 > your real name for the Signed-off-by line. This is sometimes > problematic for people for who their real (legal) name is not > how they identify themselves to others. I suggest to change > the requirement as follows (this mimics what the linux kernel > project did recently): >=20 > diff --git a/CONTRIBUTING b/CONTRIBUTING > index bb48975b..1a1c443f 100644 > --- a/CONTRIBUTING > +++ b/CONTRIBUTING > @@ -45,7 +45,9 @@ then you just add a line saying > =20 > Signed-off-by: Random J Developer > =20 > -using your real name (sorry, no pseudonyms or anonymous > contributions.) > +using a known identity (sorry, no anonymous contributions.) > +The name you use as your identity should not be an anonymous id > +or false name that misrepresents who you are. > =20 > git commit --signoff will add such a Signed-off-by line at the end of > the commit log message for you. I have now committed the above change. commit b770e1c4def3532c7b59c4d2e4cd3cee26d4548b Author: Mark Wielaard Date: Thu Oct 19 17:47:28 2023 +0200 CONTRIBUTING: Switch from real name policy to know identity policy =20 Signed-off-by: Mark Wielaard > - "Security" bug guidance > Here I don't have good guidance, but I have the feeling some of > the bugs reported (especially by some fuzzers) are sometimes > unnecessarily marked as security issues. Which causes lots of > unnecessary work for downstream users of our code. Especially > if someone starts assigning CVEs to them. It would be good to > have some explicit text to point "security" bug reporters at > on how we will handle their bugs. Thanks to Frank we now have this! With the following note in our README: See the SECURITY file for defining and handling security- sensitive bugs. There are two more changes I like to make, but not right now. As part of the release (just before, or right after) later this month I like to switch the main branch from 'master' to 'main'. It is the last use of some harmful language in our project. https://inclusivenaming.org/ It will need a few updates to the documentation and buildbot setup. But we can leave an alias so nothing breaks. Finally we do have a somewhat informal code of conduct, see the end of our CONTRIBUTING document: committers/maintainers who repeatedly ignore the above guidelines, = =20 are hostile or offensive towards other committers or contributors, = =20 and don't correct their behavior after being asked by other committers will be removed as maintainer/committer. = =20 It would imho be good to extend this a little to all project contributors and adopt a formal code of conduct like the Contributor Covenant https://www.contributor-covenant.org/ That page also has some good references on reaching agreement on adopting such a more formal code of conduct. Please let me know if you would like to help adopting a more formal code of conduct and/or be part of a code of conduct committee for elfutils. Thanks, Mark --=-D6fW92vmv7PHgP7QO/SK Content-Disposition: attachment; filename*0=0001-CONTRIBUTING-Update-ChangeLog-policy-mention-patchwo.pat; filename*1=ch Content-Transfer-Encoding: base64 Content-Type: text/x-patch; name="0001-CONTRIBUTING-Update-ChangeLog-policy-mention-patchwo.patch"; charset="UTF-8" RnJvbSAyNjRlMDZkMDE4OWVjNjBiMjNjN2NlMzNmYTQ0YWE0ZDVhNGZhODQ4IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBNYXJrIFdpZWxhYXJkIDxtYXJrQGtsb21wLm9yZz4KRGF0ZTog VGh1LCAxOSBPY3QgMjAyMyAxNzo0MzowMSArMDIwMApTdWJqZWN0OiBbUEFUQ0hdIENPTlRSSUJV VElORzogVXBkYXRlIENoYW5nZUxvZyBwb2xpY3ksIG1lbnRpb24gcGF0Y2h3b3JrIGFuZAogdHJ5 IGJvdHMKClNpZ25lZC1vZmYtYnk6IE1hcmsgV2llbGFhcmQgPG1hcmtAa2xvbXAub3JnPgotLS0K IENPTlRSSUJVVElORyB8IDM4ICsrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKy0t CiAxIGZpbGUgY2hhbmdlZCwgMzYgaW5zZXJ0aW9ucygrKSwgMiBkZWxldGlvbnMoLSkKCmRpZmYg LS1naXQgYS9DT05UUklCVVRJTkcgYi9DT05UUklCVVRJTkcKaW5kZXggMWExYzQ0M2YuLjRiNmZh YzIwIDEwMDY0NAotLS0gYS9DT05UUklCVVRJTkcKKysrIGIvQ09OVFJJQlVUSU5HCkBAIC01Miw4 ICs1MiwyMSBAQCBvciBmYWxzZSBuYW1lIHRoYXQgbWlzcmVwcmVzZW50cyB3aG8geW91IGFyZS4K IGdpdCBjb21taXQgLS1zaWdub2ZmIHdpbGwgYWRkIHN1Y2ggYSBTaWduZWQtb2ZmLWJ5IGxpbmUg YXQgdGhlIGVuZCBvZgogdGhlIGNvbW1pdCBsb2cgbWVzc2FnZSBmb3IgeW91LgogCi1UaGUgaWRl YWwgcGF0Y2ggY29udGFpbnMgYSBDaGFuZ2VMb2cgZW50cnkgYW5kIGEgdGVzdCBjYXNlIGZvciB0 aGUKLWJ1ZyBmaXhlZCBvciBmZWF0dXJlIGFkZGVkLgorVGhlIGlkZWFsIHBhdGNoIGNvbnRhaW5z IGEgQ2hhbmdlTG9nIGVudHJ5IGZvciB0aGUgY29tbWl0IG1lc3NhZ2UgYW5kCithIHRlc3QgY2Fz ZSBmb3IgdGhlIGJ1ZyBmaXhlZCBvciBmZWF0dXJlIGFkZGVkLgorCitUaGUgY29tbWl0IG1lc3Nh Z2UgaXMgZXhwZWN0ZWQgdG8gc3RhcnQgd2l0aCBhIG9uZSBsaW5lIHN1bW1hcnkgb2YKK3doYXQg dGhlIHBhdGNoIGRvZXMsIHByZWZpeGVkIHdpdGggdGhlIG1haW4gc3ViZGlyIHRoZSBwYXRjaCBh cHBsaWVzCit0by4gZS5nIGxpYmVsZjogUmV3aW5kIHRoZSBlbGZfZnJvYiBmdW5jdGlvbiBiYXIg ZGVmaW5pdGlvbnMuCisKK0ZpbmFsbHkgcGxlYXNlIGluY2x1ZGUgYW4gQ2hhbmdlTG9nIGVudHJ5 IGV4cGxpY2l0bHkgbGlzdGluZyB0aGUgZmlsZXMKK2FuZCB3aGF0IGNoYW5nZWQgaW4gZWFjaCBv ZiB0aGVtIGluIHRoZSBjb21taXQgbWVzc2FnZS4gVGhpcyB3aWxsIGhlbHAKK2EgcmV2aWV3ZXIg dW5kZXJzdGFuZCB3aGljaCBjaGFuZ2VzIGFyZSBleHBlY3RlZCAoYW5kIHdoaWNoIG1pZ2h0IGJl CithY2NpZGVudGlhbCkuIFRyeSB0byBmb2xsb3cgdGhlIEdOVSBDaGFuZ2UgTG9nIHN0eWxlOgor aHR0cHM6Ly93d3cuZ251Lm9yZy9wcmVwL3N0YW5kYXJkcy9odG1sX25vZGUvU3R5bGUtb2YtQ2hh bmdlLUxvZ3MuaHRtbAorTm90ZSB0aGF0IGVsZnV0aWxzIHByZXZpb3VzbHkgbWFpbnRhaW5lZCBz ZXBhcmF0ZSBDaGFuZ2VMb2cKK2ZpbGVzLiBUaGVzZSBhcmUgbm8gbG9uZ2VyIHVzZWQuIEFsbCBj aGFuZ2VzIHNob3VsZCBiZSBkb2N1bWVudGVkIGluCit0aGUgZ2l0IGNvbW1pdCBtZXNzYWdlLgog CiBUaGUgdGVzdHN1aXRlIChtYWtlIGNoZWNrKSBpcyBleHBlY3RlZCB0byBoYXZlIHplcm8gZmFp bGluZyB0ZXN0cy4KIERvIG5vdCBrbm93aW5nbHkgYWRkIHRlc3RzIHRoYXQgRkFJTC4gSWYgdGhl cmUgYXJlIGFyY2hpdGVjdHVyZXMgb3IKQEAgLTcxLDYgKzg0LDIyIEBAIEFmdGVyIHNlbmRpbmcg eW91ciBwYXRjaCB0byB0aGUgbWFpbGluZ2xpc3Qgb25lIG9mIHRoZSBjb21taXR0ZXJzCiB0byB0 aGUgcHJvamVjdCB3aWxsIHJldmlldyBpdCwgZ2l2ZSBmZWVkYmFjaywgYW5kIGlmIHBlcmZlY3Qg dGhleQogd2lsbCBjb21taXQgaXQgZm9yIHlvdS4KIAorQWxsIHBhdGNoZXMgc2VudCB0byB0aGUg bWFpbGluZyBsaXN0IGFyZSB0cmFja2VkIGF0CitodHRwczovL3BhdGNod29yay5zb3VyY2V3YXJl Lm9yZy9wcm9qZWN0L2VsZnV0aWxzL2xpc3QvCisKK1RvIHVzZSB0aGlzIGZyb20gdGhlIGNvbW1h bmQgbGluZSB5b3UgY2FuIHVzZSBnaXQtcHcKK2h0dHBzOi8vcGF0Y2h3b3JrLnJlYWR0aGVkb2Nz LmlvL3Byb2plY3RzL2dpdC1wdy9lbi9sYXRlc3QvCisKK0ZvciB1c2luZyBpdCB3aXRoIGdpdC1w dyB1c2UgdGhlc2UgLmdpdC9jb25maWcgc2V0dGluZ3M6CisgIFtwd10KKyAgICBzZXJ2ZXIgPSBo dHRwczovL3BhdGNod29yay5zb3VyY2V3YXJlLm9yZy9hcGkvMS4yLworICAgIHByb2plY3QgPSBl bGZ1dGlscworICAgIHRva2VuID0gPGhleC10b2tlbj4KKyAgICBzdGF0ZXMgPSBjb21taXR0ZWQs YWNjZXB0ZWQsc3VwZXJzZWRlZCxkZWZlcnJlZCxyZWplY3RlZCx1bmRlci1yZXZpZXcKKworSWYg eW91IHdvdWxkIGxpa2UgdG8gaGVscCBtYWludGFpbiB0aGUgcGVuZGluZyBwYXRjaCBsaXN0IHlv dXIKK3BhdGNod29yayBhY2NvdW50IGNhbiBiZSBhZGRlZCBhcyBtYWludGFpbmVyIGZvciB0aGUg ZWxmdXRpbHMgcHJvamVjdC4KKwogWW91IGNhbiBiZWNvbWUgYSBtYWludGFpbmVyL2NvbW1pdHRl ciB5b3Vyc2VsZiBhZnRlciB5b3UgaGF2ZSBwcm92aWRlZAogYXQgbGVhc3QgYSBoYW5kZnVsIG9m IGFjY2VwdGVkIHBhdGNoZXMgYW5kIGFncmVlIHRvIHRoZSBndWlkZWxpbmVzIGluCiB0aGlzIGRv Y3VtZW50IGZvciBjcmVhdGluZywgcmV2aWV3aW5nLCBhY2NlcHRpbmcgYW5kIGNvbW1pdHRpbmcg cGF0Y2hlcy4KQEAgLTEwMiw2ICsxMzEsMTEgQEAgYmUgYWltZWQgYXQgaW50ZWdyYXRpb24gaW50 byBtYXN0ZXIuIEZvciBtZXJnaW5nIGEgYnJhbmNoIGludG8gbWFzdGVyCiB0aGUgc2FtZSBwcm9j ZXNzIGFzIGFib3ZlIHNob3VsZCBiZSBmb2xsb3dlZCBieSBwb3N0aW5nIHRoZSBwYXRjaGVzCiB0 byB0aGUgbGlzdCBmaXJzdC4KIAorTm90ZSB0aGF0IGEgYnJhbmNoIHN0YXJ0aW5nIHdpdGggPG5p Y2tuYW1lPi90cnkuLi4gd2lsbCBiZSBwaWNrZWQgdXAKK2J5IHRoZSBTb3VyY2V3YXJlIGJ1aWxk Ym90IGFuZCBjYW4gYmUgdXNlZCB0byB0ZXN0IHlvdXIgcGF0Y2hlcyBiZWZvcmUKK21lcmdpbmcg aW50byB0aGUgbWFpbiBicmFuY2g6CitodHRwczovL2J1aWxkZXIuc291cmNld2FyZS5vcmcvYnVp bGRib3QvIy9idWlsZGVycz90YWdzPWVsZnV0aWxzLXRyeQorCiBjb21taXR0ZXJzL21haW50YWlu ZXJzIHdobyByZXBlYXRlZGx5IGlnbm9yZSB0aGUgYWJvdmUgZ3VpZGVsaW5lcywKIGFyZSBob3N0 aWxlIG9yIG9mZmVuc2l2ZSB0b3dhcmRzIG90aGVyIGNvbW1pdHRlcnMgb3IgY29udHJpYnV0b3Jz LAogYW5kIGRvbid0IGNvcnJlY3QgdGhlaXIgYmVoYXZpb3IgYWZ0ZXIgYmVpbmcgYXNrZWQgYnkg b3RoZXIgY29tbWl0dGVycwotLSAKMi40MS4wCgo= --=-D6fW92vmv7PHgP7QO/SK--