X-Original-To: alpine-devel@lists.alpinelinux.org Received: from mail-qk0-f174.google.com (mail-qk0-f174.google.com [209.85.220.174]) by lists.alpinelinux.org (Postfix) with ESMTP id 7D6145C455D for ; Tue, 21 Mar 2017 08:21:12 +0000 (GMT) Received: by mail-qk0-f174.google.com with SMTP id p64so129361804qke.1 for ; Tue, 21 Mar 2017 01:21:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dereferenced-org.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=qZejNGrI4CCOvr46vTMWqPzG8Py+7iNpxHBkijKCSew=; b=l6B3AIzPMHEMkxjYOp/WBptOGGkZtiy9dbCvt9+dBaZ2u513QmBlANhzNLu7GT/1I1 of2BtcYoZbEdM+Cyy4bX2LFwmo2rI8OXwz5dSmgpWhGfmYabONuSSyAcQldrCIoo+PZL WqjlJSaZdjygYj5QzH/rSRXx39t6MmCGUGIyIZh080TXA5GvXm5d3O2+DABCHmpvp8Rl WFANN4ytzUyDUabMwbWU6/tPVsV9At6N1SIr8bAO8StS1B/9DeeQZ7+rmwMC39HtSrvl cKdv2J440HElJwN1Fc1dby5iMokU/HcDMW3qRy4mrIc4RIgfY/4xUZf+AepwXqQn3tBK ZjBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=qZejNGrI4CCOvr46vTMWqPzG8Py+7iNpxHBkijKCSew=; b=MOYKlt6QKYHaE/jhvbCC02VEiuXE7nwnJDu2Y5Ln+vdrUQdZE0fbrd2eli2RunmfoU +FgA98tC+APo9wfGCXDLpvY1x+Cz34TAbNYckZHecgjbsEVTKEdtXFLJJzWEn557QbLe a5aoRbAy9d6afrUgXmL8ykdbHsKC22S3RbgJ4kI7vOFvsdl0p2WXfsI+OuvgKTXR5J5/ Uui0L46Kpru+N+/nejN7D+Z9rHhc5TLkVFL8sV/RQVY1CGS+H5ezZZKauzG9zS6PF+Sx IK3PNBfH6YyoYPrVgSoTvsYB8Ya+T+IGKLbdUousoD4wKJ1bamenKoswQfJhmMzmqQpp G8CA== X-Gm-Message-State: AFeK/H2M629JN8YHLCxr2jzDYa7j16MT7kObopTvjqOaKUhlvUrxQmJeRfNBhGDZPgFGFVjeHZNLSyRC+Jhj4A== X-Received: by 10.55.27.29 with SMTP id b29mr23751203qkb.76.1490084471594; Tue, 21 Mar 2017 01:21:11 -0700 (PDT) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Received: by 10.200.50.49 with HTTP; Tue, 21 Mar 2017 01:21:11 -0700 (PDT) From: William Pitcock Date: Tue, 21 Mar 2017 03:21:11 -0500 Message-ID: Subject: [alpine-devel] RFC: Soft commit rights for established maintainers To: alpine-dev Content-Type: text/plain; charset=UTF-8 Hello, As we all know, new contributors to Alpine who wish to become Alpine Developers go through a process to gain commit rights, meanwhile Maintainers have to find a Developer to commit their work by proxy. As the project has grown, multiple people have introduced new channels for maintainers to work in the distribution, such as submitting patches through GitHub. These contribution channels have yielded great results for Alpine, resulting in many new maintainers stepping forward, some of which have over time gone through the full process and gained commit rights. To be quite clear: those initiatives have been largely successful. However, working through the GitHub and Patchwork queues looking for packages to commit, I notice that a majority of the commits are just generated by abump, which got me thinking... Is it really worth developer time to go through a bunch of abump patches? Is it worth making Alpine users wait for someone to go through and commit their changes? In my opinion, most of the time, *new* packages are where the review is needed. If the change ultimately is just a new SHA512 hash and $version change, then for established maintainers, I think it is alright to just accept the change into the distribution. And if that is the case, then why not allow them to push the change themselves? What I propose is quite simple -- we add a git hook to check incoming pushes with the following checks: 1. Is the committer a proper dev? If so, allow the commit through. 2. Is the commit only changing packages (and thusly not configs stored in the aports tree)? If not, reject the push. 3. Are the changed APKBUILDs in question maintained by the person who committed the patch (or they have additional privilege, maybe we can add a Co-Maintainer field?). If not, reject the push. 4. Are the changed APKBUILDs on a whitelist for the maintainer? If not, reject the push. 5. If all the above checks pass (2 through 4), allow the push. This would allow us to extend some "soft" commit rights to new prospective developers, which in turn gives *positive reinforcement* that they are on track to becoming a developer. It also has the benefit of reducing the size of the aports patch queues and allowing us to concentrate review efforts on people who need those efforts the most. There is some minor risk that folks who have the soft commit rights extended to them may from time to time mess up and cause a builder to stall. However, in these cases we can simply revert the push or correct it. After all, that is what we would be doing with a broken GitHub submission. Beyond that, quite honestly, we have all done it before anyway *and* if the maintainer breaks something, it gives them the possibility of fixing it themselves before it causes any major impact. So overall, I would say that it is a very minor risk. William --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---