From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTPS id F3D6E385842D for ; Thu, 18 Apr 2024 15:56:31 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org F3D6E385842D Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org F3D6E385842D Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1713455793; cv=none; b=e6RW2dMxmTk+s90uRzQjQZh/lMa4FxiiR+V4Hbr/qCO8/K0YlkpKvlcTrDOqt7H9tReO/XM3Dkmy4rf98CgpO5eTT2wuP/Ht/t5Oj7A2h3uocSsyz6mr2iEvwsL/jNGHnDKeuRel3FpZ5t0iptm/dq96bEqXGWrf0fNd+LyiXw0= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1713455793; c=relaxed/simple; bh=Lajyre75GSXFOt0/i8u22fEXbHV/rM5Xh3TV+KWZ/Ng=; h=DKIM-Signature:Date:From:To:Subject:Message-ID:MIME-Version; b=jvSwWfzDqnfS0RcONdk1jQO2vgbE9UPzWDEdUnMNC4jS89Qduy0T6MJwe81P6zvmTjw0PV9DCHa405n6va1zLqAk2cAiTEMDYfNvlikR/QqYX8rWjXtERvZmZtjSDiIh40EbEmQF3B/63UTpLG2+uR3HhZEyW55xflI+9hWx2+A= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1713455791; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=XHlkXc6TflleocHax5B4hNw9ZD1jE6YOI69V93PWInM=; b=P3PG0NskiSfbcT+PzpEzzIRAGFxjGcU9/huvTLaB84shFA9aXKwOkelFngLEzuSVSZkxGN fdoUMt2CIDClk5XJVGhzinTVEAcIoJrobYlBYAKuy/DpufJGP9pVmSxKbQGqjpEOlJasph R18oI9euFe35Oo2eOALGNs7Vr6Z5mwI= Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-80-XjBnUHf_Pc26XGqaUQRIRg-1; Thu, 18 Apr 2024 11:56:29 -0400 X-MC-Unique: XjBnUHf_Pc26XGqaUQRIRg-1 Received: by mail-wm1-f71.google.com with SMTP id 5b1f17b1804b1-4155db7b58cso6051435e9.1 for ; Thu, 18 Apr 2024 08:56:29 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713455788; x=1714060588; h=mime-version:references:message-id:in-reply-to:subject:cc:to:from :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=XHlkXc6TflleocHax5B4hNw9ZD1jE6YOI69V93PWInM=; b=VLIOmKdh3HTpG4lOfA3aCdHVy9q7+p/2dIpJXGdcKjGLEcxhnXVTKK17OvqyI0/+2k bJlx16pQXapPgs9CeNpr0oAR+83Jtuei2Y29wilNZrJpYf3kJsoQkveuyZ+EV6Q93EJr BwnANwgMPK1umGor4MuktrhqBDUS4Km2sXMvqNO5tvP+5//1Yv9rf7kBddGZDIWxTaTR 3OsKLwX3+uW+gXn65ZbMhwGf0x2qwSA3K6i2AcepWCzZTTxJmxi9m4dxl208md5c7Hdw TMqQnv6N5qsKVdW+rQRafZ+oHwLx9vh6WWF+BVItZXgkYxOOwlfau35r9ezyTk6S6uzG lvwA== X-Forwarded-Encrypted: i=1; AJvYcCX+avw0yaG+Xn6IKTe+FiXajJUbtUU/BYUvqdeDpIIerRk799VfFBSJyCM+sIMsseBxBuRfgnOU/Q2va5atcFVlwKI= X-Gm-Message-State: AOJu0YymtcpH87AQb3KF/1sDHWyau7Jl5X1OXB3Bp9c2QYKI5wPCXNXE /pH40ojeVuKe1gA4MyKfKWzIdN5Jl6zr0LhXEa62gO76dxpDnwUhjQ37DMePq/ZmsEhYx5NG53y aF+krcUx9bHJdpRb9DxZprbVpGWpvoQEUODCCZOVf8T9GyWYe X-Received: by 2002:a05:6000:188e:b0:346:c746:289e with SMTP id a14-20020a056000188e00b00346c746289emr2420523wri.48.1713455788341; Thu, 18 Apr 2024 08:56:28 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFPOfaxaU/+xUguzhOJaxa/7tm40d5GGd7nHNRD4BsnpvIJXYYo14i4Uvob4Zam/6r42KvUOQ== X-Received: by 2002:a05:6000:188e:b0:346:c746:289e with SMTP id a14-20020a056000188e00b00346c746289emr2420504wri.48.1713455787984; Thu, 18 Apr 2024 08:56:27 -0700 (PDT) Received: from digraph.polyomino.org.uk (digraph.polyomino.org.uk. [2001:8b0:bf73:93f7::51bb:e332]) by smtp.gmail.com with ESMTPSA id p13-20020adfe60d000000b00349b73143e7sm2141480wrm.75.2024.04.18.08.56.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Apr 2024 08:56:27 -0700 (PDT) Received: from jsm28 (helo=localhost) by digraph.polyomino.org.uk with local-esmtp (Exim 4.95) (envelope-from ) id 1rxU7d-00EFQR-Ke; Thu, 18 Apr 2024 15:56:25 +0000 Date: Thu, 18 Apr 2024 15:56:25 +0000 (UTC) From: Joseph Myers To: Mark Wielaard cc: overseers@sourceware.org, gcc@gcc.gnu.org, binutils@sourceware.org, gdb@sourceware.org, libc-alpha@sourceware.org Subject: Re: Updated Sourceware infrastructure plans In-Reply-To: <20240417232725.GC25080@gnu.wildebeest.org> Message-ID: References: <20240417232725.GC25080@gnu.wildebeest.org> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,KAM_SHORT,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Thu, 18 Apr 2024, Mark Wielaard wrote: > But we like to get more feedback on what people really think a > "pull-request" style framework should look like. We used to have a > gerrit setup which wasn't really popular. And we already have a > sourcehut mirror that can be used to turn your "pull-requests" into a > git send-email style submission (without having to setup any > email/smtp yourself): https://sr.ht/~sourceware/ The xz backdoor showed up one issue with some implementations of pull-request systems: GitHub removed access to the repository, and with it access to the past pull requests, so disrupting investigation into the sequence of bad-faith contributions. I suggest that a basic principle for such a system is that it should be *easy* to obtain and maintain a local copy of the history of all pull requests. That includes all versions of a pull request, if it gets rebased, and all versions of comments, if the system allows editing comments. A system that uses git as the source of truth for all the pull request data and has refs through which all this can be located (with reasonably straightforward, documented formats for the data, not too closely tied to any particular implementation of a pull-request system), so that a single clone --mirror has all the data, might be suitable (people have worked on ensuring git scales well with very large numbers of refs, which you'd probably get in such a system storing all the data in git); a system that requires use of rate-limited APIs to access pull request data, not designed for maintaining such a local copy, rather less so. There are some other considerations as well, such as ensuring the proposed commit message is just as much subject to review as the proposed code changes, and allowing both pull requests that propose a single commit (with subsequent fixups in the PR branch intended to be squashed) and pull requests that propose a series of commits (where fixups found in the review process need to be integrated into the relevant individual commit and the branch rebased before merge). -- Joseph S. Myers josmyers@redhat.com