guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A "cosmetic changes" commit that removes security fixes

From: Leo Famulari
Subject: Re: A "cosmetic changes" commit that removes security fixes
Date: Fri, 23 Apr 2021 15:18:02 -0400 
On Fri, Apr 23, 2021 at 08:50:37PM +0200, Léo Le Bouter wrote:
> I think there is no problem in accepting criticism but there is a
> certain way Mark presents criticism and I don't feel like I can respond
> to it when it is written in such way. Over several emails Mark was
> looking to point to people who were somehow responsible for whatever
> "damage" for changes that happened on a branch nobody uses and always
> contains ongoing work (core-updates), so maintaining it security-wise
> is not as much of a question. The result is that we have a long thread
> of people responding etc. causing a fuss over something that just needs
> to be fixed rather than find whoever is somehow "responsible". I feel
> like we're collectively responsible. We try our best at all times,
> during this GNOME upgrade I also tried to take into account Raghav's
> feelings so they do not give up and have a rewarding review experience,
> I knew these commits werent great, I have written about it here: <
> https://issues.guix.gnu.org/42958#67>.

I have to agree with everybody in this thead.

The commits in question were problematic (especially on core-updates,
which is not a "WIP" branch and thus cannot be rewritten to fix past
problems). I'm not confident that the security fixes would have been
reinstated on core-updates if Mark had not asked about them.

Léo and Raghav, you need to keep learning our workflow around security
updates.  It's not okay to remove security patches and later update a
package to a fixed version in a different commit. `git rebase` is the
tool to learn for cases like this one.

However, Mark, you have way more experience, and you need to handle
these things differently. If you don't trust certain Guix contributors,
take it up with the maintainers — in private. The style of communication
you used here is ineffective and will dissuade people from contributing
to Guix. Do you want Léo and Raghav to learn and improve? Or do you want
them to leave? Remember that we all begin as beginners.

Attachment: signature.asc
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]