From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id C86963858C35 for ; Thu, 18 Apr 2024 15:56:31 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org C86963858C35 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org C86963858C35 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1713455793; cv=none; b=e6RW2dMxmTk+s90uRzQjQZh/lMa4FxiiR+V4Hbr/qCO8/K0YlkpKvlcTrDOqt7H9tReO/XM3Dkmy4rf98CgpO5eTT2wuP/Ht/t5Oj7A2h3uocSsyz6mr2iEvwsL/jNGHnDKeuRel3FpZ5t0iptm/dq96bEqXGWrf0fNd+LyiXw0= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1713455793; c=relaxed/simple; bh=Lajyre75GSXFOt0/i8u22fEXbHV/rM5Xh3TV+KWZ/Ng=; h=DKIM-Signature:Date:From:To:Subject:Message-ID:MIME-Version; b=jvSwWfzDqnfS0RcONdk1jQO2vgbE9UPzWDEdUnMNC4jS89Qduy0T6MJwe81P6zvmTjw0PV9DCHa405n6va1zLqAk2cAiTEMDYfNvlikR/QqYX8rWjXtERvZmZtjSDiIh40EbEmQF3B/63UTpLG2+uR3HhZEyW55xflI+9hWx2+A= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1713455791; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=XHlkXc6TflleocHax5B4hNw9ZD1jE6YOI69V93PWInM=; b=P3PG0NskiSfbcT+PzpEzzIRAGFxjGcU9/huvTLaB84shFA9aXKwOkelFngLEzuSVSZkxGN fdoUMt2CIDClk5XJVGhzinTVEAcIoJrobYlBYAKuy/DpufJGP9pVmSxKbQGqjpEOlJasph R18oI9euFe35Oo2eOALGNs7Vr6Z5mwI= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-641-KmA9n-_8N-iyDWEnSq8LvA-1; Thu, 18 Apr 2024 11:56:29 -0400 X-MC-Unique: KmA9n-_8N-iyDWEnSq8LvA-1 Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-417de456340so6019015e9.2 for ; Thu, 18 Apr 2024 08:56:29 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713455788; x=1714060588; h=mime-version:references:message-id:in-reply-to:subject:cc:to:from :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=XHlkXc6TflleocHax5B4hNw9ZD1jE6YOI69V93PWInM=; b=p6ZNmsZBMP3eKcGk7Gv5Hx8rWXdaWzH87N7cLHoOLr2VvW0KKuXdW3w1QZ1yZB5qYx 2xIIxtoEcYYTE/zuI6k1IlL/9XFzKeFnNMTuP6j/UptiZnLvCp/hvrPtHIZmBmMIM71D tZx9ffCwxL4wW6gF4pPPSyZlZKMDpycdj/q/+dFxn7JbIQjATNGK7VKCfhoCgm2m+ZyH yS5S1Pxyo7kL+k2VIOVQ2XRRfHubx72yK/Eef0cM51U07og8tDI3jxp1mvelKTPY5lkl DnnyhD82NJGGUjBMBzw5u+ZkaBpKmuto7ZOWlSE+0rTkcOxzA5adKwBijiUiqThrR651 U5Hw== X-Forwarded-Encrypted: i=1; AJvYcCW7t0r6UsA7brGHZJCMKR0RJG3gqKnZ9Fj787UFgtwdGLkBjM/7xWf07fVEXfBB+htDhU1+2H8aPXH5uUA7gVnp3Ttff0QtZUDG X-Gm-Message-State: AOJu0YwRh0MiCEqyhXPr6dX4mB15QgZsWQ10WpThRkd5MiPl847kWJyN hGlzfX1TTGf14BUhYge5G2GpSYuxCLHMZlJIVu7yAxDMLnV0nKMdQ5TQkhQHsuQD5QnmZhS6AoC MGP0+sgs9REKpo6FmfJIrAhjz8/Mb7rZonlXvt/uknVhZoZ014ijT7uFPfA== X-Received: by 2002:a05:6000:188e:b0:346:c746:289e with SMTP id a14-20020a056000188e00b00346c746289emr2420520wri.48.1713455788337; Thu, 18 Apr 2024 08:56:28 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFPOfaxaU/+xUguzhOJaxa/7tm40d5GGd7nHNRD4BsnpvIJXYYo14i4Uvob4Zam/6r42KvUOQ== X-Received: by 2002:a05:6000:188e:b0:346:c746:289e with SMTP id a14-20020a056000188e00b00346c746289emr2420504wri.48.1713455787984; Thu, 18 Apr 2024 08:56:27 -0700 (PDT) Received: from digraph.polyomino.org.uk (digraph.polyomino.org.uk. [2001:8b0:bf73:93f7::51bb:e332]) by smtp.gmail.com with ESMTPSA id p13-20020adfe60d000000b00349b73143e7sm2141480wrm.75.2024.04.18.08.56.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Apr 2024 08:56:27 -0700 (PDT) Received: from jsm28 (helo=localhost) by digraph.polyomino.org.uk with local-esmtp (Exim 4.95) (envelope-from ) id 1rxU7d-00EFQR-Ke; Thu, 18 Apr 2024 15:56:25 +0000 Date: Thu, 18 Apr 2024 15:56:25 +0000 (UTC) From: Joseph Myers To: Mark Wielaard cc: overseers@sourceware.org, gcc@gcc.gnu.org, binutils@sourceware.org, gdb@sourceware.org, libc-alpha@sourceware.org Subject: Re: Updated Sourceware infrastructure plans In-Reply-To: <20240417232725.GC25080@gnu.wildebeest.org> Message-ID: References: <20240417232725.GC25080@gnu.wildebeest.org> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,KAM_SHORT,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Thu, 18 Apr 2024, Mark Wielaard wrote: > But we like to get more feedback on what people really think a > "pull-request" style framework should look like. We used to have a > gerrit setup which wasn't really popular. And we already have a > sourcehut mirror that can be used to turn your "pull-requests" into a > git send-email style submission (without having to setup any > email/smtp yourself): https://sr.ht/~sourceware/ The xz backdoor showed up one issue with some implementations of pull-request systems: GitHub removed access to the repository, and with it access to the past pull requests, so disrupting investigation into the sequence of bad-faith contributions. I suggest that a basic principle for such a system is that it should be *easy* to obtain and maintain a local copy of the history of all pull requests. That includes all versions of a pull request, if it gets rebased, and all versions of comments, if the system allows editing comments. A system that uses git as the source of truth for all the pull request data and has refs through which all this can be located (with reasonably straightforward, documented formats for the data, not too closely tied to any particular implementation of a pull-request system), so that a single clone --mirror has all the data, might be suitable (people have worked on ensuring git scales well with very large numbers of refs, which you'd probably get in such a system storing all the data in git); a system that requires use of rate-limited APIs to access pull request data, not designed for maintaining such a local copy, rather less so. There are some other considerations as well, such as ensuring the proposed commit message is just as much subject to review as the proposed code changes, and allowing both pull requests that propose a single commit (with subsequent fixups in the PR branch intended to be squashed) and pull requests that propose a series of commits (where fixups found in the review process need to be integrated into the relevant individual commit and the branch rebased before merge). -- Joseph S. Myers josmyers@redhat.com