From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=vlme=LX=redhat.com=josmyers@sourceware.org>
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	by sourceware.org (Postfix) with ESMTPS id 7D2FC3858C78
	for <overseers@sourceware.org>; Thu, 18 Apr 2024 15:56:31 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 7D2FC3858C78
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 7D2FC3858C78
Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.129.124
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1713455793; cv=none;
	b=e6RW2dMxmTk+s90uRzQjQZh/lMa4FxiiR+V4Hbr/qCO8/K0YlkpKvlcTrDOqt7H9tReO/XM3Dkmy4rf98CgpO5eTT2wuP/Ht/t5Oj7A2h3uocSsyz6mr2iEvwsL/jNGHnDKeuRel3FpZ5t0iptm/dq96bEqXGWrf0fNd+LyiXw0=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1713455793; c=relaxed/simple;
	bh=Lajyre75GSXFOt0/i8u22fEXbHV/rM5Xh3TV+KWZ/Ng=;
	h=DKIM-Signature:Date:From:To:Subject:Message-ID:MIME-Version; b=jvSwWfzDqnfS0RcONdk1jQO2vgbE9UPzWDEdUnMNC4jS89Qduy0T6MJwe81P6zvmTjw0PV9DCHa405n6va1zLqAk2cAiTEMDYfNvlikR/QqYX8rWjXtERvZmZtjSDiIh40EbEmQF3B/63UTpLG2+uR3HhZEyW55xflI+9hWx2+A=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1713455791;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=XHlkXc6TflleocHax5B4hNw9ZD1jE6YOI69V93PWInM=;
	b=P3PG0NskiSfbcT+PzpEzzIRAGFxjGcU9/huvTLaB84shFA9aXKwOkelFngLEzuSVSZkxGN
	fdoUMt2CIDClk5XJVGhzinTVEAcIoJrobYlBYAKuy/DpufJGP9pVmSxKbQGqjpEOlJasph
	R18oI9euFe35Oo2eOALGNs7Vr6Z5mwI=
Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com
 [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-621-E4QEs22wPF6Os6Kq0ug4Ww-1; Thu, 18 Apr 2024 11:56:29 -0400
X-MC-Unique: E4QEs22wPF6Os6Kq0ug4Ww-1
Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-418f18458a0so2932815e9.0
        for <overseers@sourceware.org>; Thu, 18 Apr 2024 08:56:29 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1713455788; x=1714060588;
        h=mime-version:references:message-id:in-reply-to:subject:cc:to:from
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=XHlkXc6TflleocHax5B4hNw9ZD1jE6YOI69V93PWInM=;
        b=I3+EDO8aAZLmJIQu5tkaaa42JXqYMa4bvDJeoIDFiQpCfGf0aQrRk2yJgCk1ybhtO5
         PaJTWP0pe53Qh0emIYVB7zZWjJhDwzyIUZ5QZWxwQD6VCJLlYQz4G6Mz2LTSaFp2ROXM
         dBuW1f05HQduKUnAyK9IEyINrClV93VNVwhGN+sNRR9UX7bCOZSQp/P6iSMKqKhAUSCo
         xLPoHDF6wf/ZEq50o1GwFIFEZ9wR4RMCjhFxEeqabTVwtwI8Jy9tMH82QyQei5x6bS3S
         TEKjKKjxwCbEarznOYKuLC65SnBa0JPzSwYFbfbzdHoWybdkXmNPA36nhwb+rTTF3MzI
         qiqg==
X-Gm-Message-State: AOJu0YxUisbpEwWnIY17GpvdGrqa6FMAeMiHM/XJZ5TPE0c9E+LB5FMl
	S5Rdn7bRau5rccPKqGuAd47fgECTfrclbKVhUumiUGEFCZAsXxibfFNrMx/chTLFox+4kNqa+0R
	0+Xw5765tw+dQcNLYZ3WEp5LGdXsZsQc5SnmevICn1LUnCa1Z0aSxiSHh
X-Received: by 2002:a05:6000:188e:b0:346:c746:289e with SMTP id a14-20020a056000188e00b00346c746289emr2420519wri.48.1713455788333;
        Thu, 18 Apr 2024 08:56:28 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IFPOfaxaU/+xUguzhOJaxa/7tm40d5GGd7nHNRD4BsnpvIJXYYo14i4Uvob4Zam/6r42KvUOQ==
X-Received: by 2002:a05:6000:188e:b0:346:c746:289e with SMTP id a14-20020a056000188e00b00346c746289emr2420504wri.48.1713455787984;
        Thu, 18 Apr 2024 08:56:27 -0700 (PDT)
Received: from digraph.polyomino.org.uk (digraph.polyomino.org.uk. [2001:8b0:bf73:93f7::51bb:e332])
        by smtp.gmail.com with ESMTPSA id p13-20020adfe60d000000b00349b73143e7sm2141480wrm.75.2024.04.18.08.56.26
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 18 Apr 2024 08:56:27 -0700 (PDT)
Received: from jsm28 (helo=localhost)
	by digraph.polyomino.org.uk with local-esmtp (Exim 4.95)
	(envelope-from <josmyers@redhat.com>)
	id 1rxU7d-00EFQR-Ke;
	Thu, 18 Apr 2024 15:56:25 +0000
Date: Thu, 18 Apr 2024 15:56:25 +0000 (UTC)
From: Joseph Myers <josmyers@redhat.com>
To: Mark Wielaard <mark@klomp.org>
cc: overseers@sourceware.org, gcc@gcc.gnu.org, binutils@sourceware.org, 
    gdb@sourceware.org, libc-alpha@sourceware.org
Subject: Re: Updated Sourceware infrastructure plans
In-Reply-To: <20240417232725.GC25080@gnu.wildebeest.org>
Message-ID: <f1f5cc47-2d45-7268-3726-8565a6681a79@redhat.com>
References: <20240417232725.GC25080@gnu.wildebeest.org>
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=US-ASCII
X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,KAM_SHORT,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <overseers.sourceware.org>

On Thu, 18 Apr 2024, Mark Wielaard wrote:

> But we like to get more feedback on what people really think a
> "pull-request" style framework should look like. We used to have a
> gerrit setup which wasn't really popular. And we already have a
> sourcehut mirror that can be used to turn your "pull-requests" into a
> git send-email style submission (without having to setup any
> email/smtp yourself): https://sr.ht/~sourceware/

The xz backdoor showed up one issue with some implementations of 
pull-request systems: GitHub removed access to the repository, and with it 
access to the past pull requests, so disrupting investigation into the 
sequence of bad-faith contributions.  I suggest that a basic principle for 
such a system is that it should be *easy* to obtain and maintain a local 
copy of the history of all pull requests.  That includes all versions of a 
pull request, if it gets rebased, and all versions of comments, if the 
system allows editing comments.  A system that uses git as the source of 
truth for all the pull request data and has refs through which all this 
can be located (with reasonably straightforward, documented formats for 
the data, not too closely tied to any particular implementation of a 
pull-request system), so that a single clone --mirror has all the data, 
might be suitable (people have worked on ensuring git scales well with 
very large numbers of refs, which you'd probably get in such a system 
storing all the data in git); a system that requires use of rate-limited 
APIs to access pull request data, not designed for maintaining such a 
local copy, rather less so.

There are some other considerations as well, such as ensuring the proposed 
commit message is just as much subject to review as the proposed code 
changes, and allowing both pull requests that propose a single commit 
(with subsequent fixups in the PR branch intended to be squashed) and pull 
requests that propose a series of commits (where fixups found in the 
review process need to be integrated into the relevant individual commit 
and the branch rebased before merge).

-- 
Joseph S. Myers
josmyers@redhat.com