[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A "cosmetic changes" commit that removes security fixes
From: |
Giovanni Biscuolo |
Subject: |
Re: A "cosmetic changes" commit that removes security fixes |
Date: |
Mon, 26 Apr 2021 19:06:33 +0200 |
Hello Guix,
Leo Famulari <leo@famulari.name> writes:
[...]
> And in the case of GNOME, we have already fallen short of our goals
> several times, having missed multiple upgrades.
I regret not to be able to contribute more to Guix, but please nobody
should feel guilty not to be able to keep-up with upstream's upgrading
rate (whatever rate it is), better safe than up-to-date :-)
> I too have felt the temptation to cut corners with Git when I know that
> the final result will be "okay". But Guix is not just about the final
> product (a release, or a merge). We also have the --commit option to
> Guix commands, and `guix time-machine`. So the Git history is important
> too.
Yes, please this should be stressed: Guix *is* it's official (master,
core-updates...) git repo branches.
Just to understand: /if/ at any point in time a user is able to afford
the effort to build the entire core-updates /or/ staging branch she
should be confident the result is state-of-the-art secure. Am I wrong
with this assumption?
> And I have also spent several hours at a time, focused on completing
> (after several restarts) a complicated rebase involving dozens of
> commits. And I've done that many times.
I think this is the most expensive activity of Guix maintainers, for the
very reason that Guix *is* git
> I do think that Mark is being hyperbolic about the wip-gnome branch. The
> name says "work in progress" and we don't hold those branches to a high
> standard.
I understand your point but please consider that /unless/ a wip-branch
is private (or privately shared out-of-Guix-git) that branch it's a
pubblic collective work in progress and sometimes (seldom? often? I
really don't know) that work could be completed by someone else, so even
in wip- branches committers should exercise some degree of discipline,
especially when dealing with "commit message completeness" and more with
security related patches. In other words, IMHO a certain degree of
safety must be assured also on wip- branches.
Probably the policy about wip-branches, whatever it is ("do what you
want" or something in line with my comments above), should be documented
in the contributing section of the Guix manual.
> But what happened on core-updates *must not happen again*.
Please no.
> For a task as large as "updating GNOME in Guix", history tells me that
> it has to be a group effort. In many cases, the hardest part of a
> project is coordination and leadership, not coding. I hope that this
> current effort continues, and that more people decide to join.
OK but please consider that /if/ Guix cannot "update GNOME in Guix" for
whatever reason, GNOME should not be updated.
Thanks! Giovanni.
--
Giovanni Biscuolo
Xelera IT Infrastructures
signature.asc
Description: PGP signature
- Re: A "cosmetic changes" commit that removes security fixes, (continued)
- Re: A "cosmetic changes" commit that removes security fixes, Mark H Weaver, 2021/04/22
- Re: A "cosmetic changes" commit that removes security fixes, Maxim Cournoyer, 2021/04/23
- Re: A "cosmetic changes" commit that removes security fixes, Raghav Gururajan, 2021/04/23
- Re: A "cosmetic changes" commit that removes security fixes, Maxim Cournoyer, 2021/04/23
- Re: A "cosmetic changes" commit that removes security fixes, Raghav Gururajan, 2021/04/23
- Re: A "cosmetic changes" commit that removes security fixes, Léo Le Bouter, 2021/04/23
- Re: A "cosmetic changes" commit that removes security fixes, Leo Prikler, 2021/04/23
- Re: A "cosmetic changes" commit that removes security fixes, Leo Famulari, 2021/04/23
- Re: A "cosmetic changes" commit that removes security fixes, Léo Le Bouter, 2021/04/23
- Re: A "cosmetic changes" commit that removes security fixes, Leo Famulari, 2021/04/23
- Re: A "cosmetic changes" commit that removes security fixes,
Giovanni Biscuolo <=
- Re: A "cosmetic changes" commit that removes security fixes, Leo Famulari, 2021/04/26
- Re: A "cosmetic changes" commit that removes security fixes, Giovanni Biscuolo, 2021/04/26
- Re: A "cosmetic changes" commit that removes security fixes, Leo Famulari, 2021/04/26
- Re: A "cosmetic changes" commit that removes security fixes, Mark H Weaver, 2021/04/24
- Re: A "cosmetic changes" commit that removes security fixes, Léo Le Bouter, 2021/04/26
- Re: A "cosmetic changes" commit that removes security fixes, Tobias Geerinckx-Rice, 2021/04/26
- Re: A "cosmetic changes" commit that removes security fixes, Ludovic Courtès, 2021/04/26
- Re: A "cosmetic changes" commit that removes security fixes, Pjotr Prins, 2021/04/26
- Re: A "cosmetic changes" commit that removes security fixes, Léo Le Bouter, 2021/04/26
- Re: A "cosmetic changes" commit that removes security fixes, Marius Bakke, 2021/04/28