Re: A "cosmetic changes" commit that removes security fixes

[Leo Prikler]

Hi,

Am Freitag, den 23.04.2021, 20:50 +0200 schrieb Léo Le Bouter:
> I think there is no problem in accepting criticism but there is a
> certain way Mark presents criticism and I don't feel like I can
> respond
> to it when it is written in such way. Over several emails Mark was
> looking to point to people who were somehow responsible for whatever
> "damage" for changes that happened on a branch nobody uses and always
> contains ongoing work (core-updates), so maintaining it security-wise
> is not as much of a question. The result is that we have a long
> thread
> of people responding etc. causing a fuss over something that just
> needs
> to be fixed rather than find whoever is somehow "responsible". 
I disagree with the sentiment, that core-updates is fair game for any
kind of commit.  Now, naturally, since they cause many rebuilds it may
be harder to verify that upgrading some packages does not lead to
failure in another (especially without the CI), contributing to the
"work in progress" nature of core-updates, but this still doesn't
excuse removing security fixes.  
We all expect, that at some point we can merge core-updates "as is"
into master and commits like that call this assumption into question,
instead demanding a full review of a branch, whose patches should
already have been reviewed by the time they land.

> I feel
> like we're collectively responsible. We try our best at all times,
> during this GNOME upgrade I also tried to take into account Raghav's
> feelings so they do not give up and have a rewarding review
> experience,
> I knew these commits werent great, I have written about it here: <
> https://issues.guix.gnu.org/42958#67>;.
I think a more rewarding experience would have been to help them arrive
at a point, where such changes are no longer needed for the rest of
their patch set.  Not only would this have solved their immediate
issue, it would also have been a good learning experience and we
wouldn't need to discuss this at lengths several months later.

I have worked with Raghav before on telegram-desktop (and other
packages as well) and they were pretty patient with about 20 versions
being sent back and forth between us until we arrived at a set of
descriptions, that we could safely push.  Not nearly as many versions
would need to be sent in the case of a "cosmetic changes" patch, when I
ported their GStreamer updates to staging, I noticed that it was mostly
the indentation, that would screw things up for future patches.  I
admit, sometimes Raghav appears to "just want to get the job done
quickly", but giving in to such urges helps no one.

Regards,
Leo