DevHeads.net

Proven packagers - stop messing with other people packages!!

Hello folks,

I do not want to point any fingers, so I'll be adressing this to all proven
packagers...

Stop messing with other people packages without trying to contact them via
e-mail/IRC, or openind new BZ!
Especially when you see they are actively maintaining the package and your
changes are not critical for Fedora to function/boot.
THIS IS NOT OKAY, AND YOU ARE ABUSING THE RIGHTS YOU WERE GIVEN!

Fedora proven packagers policy (
<a href="https://fedoraproject.org/wiki/Provenpackager_policy" title="https://fedoraproject.org/wiki/Provenpackager_policy">https://fedoraproject.org/wiki/Provenpackager_policy</a>) explicitly says:
"Provenpackagers should try to communicate with owners of a package in
bugzilla, irc or email prior to making changes. They should be careful not
to change other people's packages needlessly and try to do the minimal
changes required to fix problems, ..."

Last note to proven packagers: You're not BDFLs - so start acting according
to it. Thank you!

David Kaspar [Dee'Kej]
*Associate Software Engineer*
*Brno, Czech Republic*

RED HAT | TRIED. TESTED. TRUSTED.
Every airline in the Fortune 500 relies on Red Hat.
Find out why at Trusted | Red Hat <http://www.redhat.com/en/about/trusted>.

Comments

Re: Proven packagers - stop messing with other people packages!!

By Christian Dersch at 12/04/2017 - 09:44

Hi all,

sorry but I think this mail goes into the completely wrong direction… You
claim that you don't want to point any fingers, but instead you blame *all*
proven packagers, including me. I claim that I respect the policies for
example. Only reason to use the rights are pure rebuilds for me, in case of
soname bumps and already broken dependencies. So when things are already
broken and a rebuild solves it. For changes in packages I used Bugzilla for
long time. Now we have pagure with its very nice pull request mechanism I use
in these cases to work with the maintainer. I know many other (proven)
packagers doing the same. So blaming all of them… sorry… NO!

I know what you want to say though, as I also know that *some* proven
packagers abuse their rights. I also had that situation with few of my
packages, but I managed this with the specific proven packager then. If some
proven packagers abuses his access again and again, an issue has to be filed
@FESCo, so they can instruct the packager and maybe remove the proven packager
rights later in case of another abuse.

Greetings,
Christian

On Monday 4 December 2017 13:33:09 CET David Kaspar [Dee'Kej] wrote:

Re: Proven packagers - stop messing with other people packages!!

By David Kaspar at 12/04/2017 - 10:48

​Hello Christian,​

On Mon, Dec 4, 2017 at 2:44 PM, Christian Dersch <lupinix. ... at gmail dot com>
wrote:

​my intention was not to blame all packagers maintainers, and it definitely
went the wrong direction - I can see that.​

​And for that I thank you - this is what I would expect from proven
packagers workflow.​

​Please accept my apologies (and others as well) if you're following the
Proven Packager policies and you have taken my initial e-mail personally.
It was not intended to offend people who follow the policies. (Actually it
was not intended to offend anyone.)​

​This was the first time happening for me so I can't tell if it was
actually recurring case or not. It seemed to me too far to take this to
FESco straight away. Instead I tried to remind the proven packagers of the
policy. However, I must admit that the format of this was based on
affection and therefore not ideally chosen.

Best regards,

Dee'Kej​

Re: Proven packagers - stop messing with other people packages!!

By Zbigniew =?utf-... at 12/04/2017 - 09:13

On Mon, Dec 04, 2017 at 01:33:09PM +0100, David Kaspar [Dee'Kej] wrote:
Hi Dee'Kej,

you must be aware that there are hundreds of proven packagers doing hundreds
of changes on hundreds of packages at various points in time.
If you say neither which packages you have in mind, modified when, by whom,
or for what purpose, you're very unlikely to reach the right people.

I suggest that you list in a _calm_ technical manner some specific commits
which you think shouldn't have been done under pp policy and why.
Please note that aside from the part you quoted there are other rules which
allow fairly significant actions to be taken by pps assuming certain
procedures are followed, so it may all have been according to policy.

Zbyszek

Re: Proven packagers - stop messing with other people packages!!

By David Kaspar at 12/04/2017 - 10:17

So, to clarify - I'm OK with proven packagers to make changes to package I
(actively) maintain in case I'm unavailable for some longer period of time
(weekend, vacation, etc.), and the changes needed to be done fall into one
of these categories:
* my package received some high/critical CVE that needs to be patched ASAP
* my package is causing Fedora not to boot properly/at all
* my package is causing some serious problems to Fedora infrastructure
(e.g. causing builds to fail, causing Pagure not to work, etc.)
* my package is causing some other significant problem

When there's no such pressing issue, I would expect the packager to follow
the Fedora policy about proven packagers I mentioned before. To be specific:
* contact me via IRC first if it is something trivial not worth creating
BZ and I'm available at IRC
* write me an e-mail if it is something trivial not worth creating BZ and
I'm not available at IRC
* create a new BZ if it something non-trivial, causing problems to any
users of Fedora

What happened in the case that lead me to write my initial e-mail was this:
1) Proven packager received a BZ report for his own package.
2) Proven packager discovered the issue was actually caused by package I
maintain/own.
3) Instead of switching that BZ to correct component, the proven packager
decided to use his power to fix it himself.
4) He found a fix for it, created a new patch and added it into the package
I maintain/own.

NOTES:
* The issue itself was not critical at all for Fedora to boot/function, it
was not a CVE and it was not affecting the Fedora infrastructure, nor was
critical at all IMHO.
* I was available on the IRC during my working hours, but was not
contacted by the proven packager, either via IRC or e-mail.
* The specfile change was not referencing the BZ it was suppose to fix. It
was containing only a link to upstream commit, where the commit message was
completely irrelevant to the actual BZ.
* The dist-git commit didn't contain the BZ number or some actually useful
info either.

The reason I'm not mentioning the person's name here is that I'm still
waiting for his reply (or some kind of justification for this approach),
but I really don't think that this actions would (nor should) fall to
"being done according to policy". :) For me, it's more "I don't give a damn
about others"-like approach, which IMHO nobody likes. :)

Because it will be me (or some other maintainer) who will be (and will have
to) deal(ing) with the package in the future, not the proven packager.
Generally this "reckless" approach can cause be a pain for other people
when they will be trying to find out answers to their questions (like "why
was this patch included in the first place?", "can I safely remove it
now?", "how long should it stay in the package?", "could this be the patch
causing some regression I'm facing now?", etc. etc.) And that's one of the
reason why I wrote my initial e-mail to this mailing list - for other
proven packagers to be aware of this and for them to try not to make others
people life harder... :) In the end, we have that saying in Fedora as well
IIRC (when using 'sudo' for the first time): "With great power comes great
responsibility" :)

Re: Proven packagers - stop messing with other people packages!!

By Michael Schwendt at 12/04/2017 - 17:19

Do I understand you correctly that this has happened only once to one
of your packages? And that already has prompted you to create this thread?

Oha! You could/should have waited for a response before complaining so
loudly.

Re: Proven packagers - stop messing with other people packages!!

By Jonathan Wakely at 12/04/2017 - 11:59

On 04/12/17 15:17 +0100, David Kaspar [Dee'Kej] wrote:
These two points are a problem, and make work for other package
mantainers. Fixing a bug without asking your permission is a much
smaller problem IMHO.

Re: Proven packagers - stop messing with other people packages!!

By Richard Hughes at 12/04/2017 - 10:54

On 4 December 2017 at 14:17, David Kaspar [Dee'Kej] < ... at redhat dot com> wrote:
Did you say thanks? To any proven packagers out there, feel free to
fix bugs in any of the packages I own.

Richard

Re: Proven packagers - stop messing with other people packages!!

By =?ISO-8859-1?Q?... at 12/05/2017 - 08:33

On Mon, 2017-12-04 at 14:54 +0000, Richard Hughes wrote:
+1 To any proven packagers out there , feel free to fix bugs in any of
the packages I own , especially selinux bugs :P

Re: Proven packagers - stop messing with other people packages!!

By Adam Williamson at 12/04/2017 - 12:21

On Mon, 2017-12-04 at 14:54 +0000, Richard Hughes wrote:
DK has a point about process, though. A patch in a package with no
useful context is one of my least favourite things. As DK says, it's
effectively a "hidden work landmine": whoever put it there has
bequeathed the poor bastard who has to deal with it in future a bunch
of needless work figuring out why the patch is there, where it came
from, and when it can be removed.

Re: Proven packagers - stop messing with other people packages!!

By David Kaspar at 12/04/2017 - 13:17

2 Richard: I think we've hit the cause of misunderstanding here. Many
people around me (including) me use the word "own", because it's shorter
(faster to say/write), even though we mean maintain (in a contributor
sense). It's a slang for us. I don't know anyone around ne who would take
the word "own" literally. The same applies for me.

2 Reindl: And I actually didn't write anything like this - nor I think
anything like this. I thought my follow-up e-mail explained it clearly
enough.

And trying to discuss the meaning of "own" in Fedora package context is
getting us off-topic... So to reiterate - I don't have a problem with
proven packagers fixing something in packages that I maintain. My problem
is when by doing that they create unnecessary more work (and/or some
"hidden work landmine" as nicely stated by Adam), because they do not
follow the Proven Packager Policy, which was IMHO create to also address
exactly this specific issue...

Anyway, I have already apologized to people who follow the Proven Packager
Policy and whom I could offend, and I don't see this dicussion progressing
anywhere. We're starting to beat a dead-horse here...

Re: Proven packagers - stop messing with other people packages!!

By David Kaspar at 12/04/2017 - 11:22

​For what? Creating more work for me? :) If you were self-employed, would
you thank your government for creating more unnecessary work for you? :)
Hmm. I wouldn't think so...

Re: Proven packagers - stop messing with other people packages!!

By Pierre-Yves at 12/04/2017 - 11:49

On Mon, Dec 04, 2017 at 04:22:00PM +0100, David Kaspar [Dee'Kej] wrote:
For fixing a bug that was reported by a Fedora user?

You said yourself, that person fixed the issue.

Pierre

Re: Proven packagers - stop messing with other people packages!!

By Richard Hughes at 12/04/2017 - 11:56

On 4 December 2017 at 15:22, David Kaspar [Dee'Kej] < ... at redhat dot com> wrote:
I think maybe it's time to take a step back and reconsider what it is
to be a Fedora "contributor". You don't _own_ anything; we're all
working together as a team.

Richard.

Re: Proven packagers - stop messing with other people packages!!

By Josh Boyer at 12/04/2017 - 09:08

On Mon, Dec 4, 2017 at 7:33 AM, David Kaspar [Dee'Kej]
< ... at redhat dot com> wrote:
While I'm sure this is well intentioned, it's not actually going to
solve anything. You're shouting at an entire group of people, 99% of
whom likely have no context for what you're upset about.

Perhaps you could provide some examples of what the actual problems are.

josh