Re: Formal declaration of weak package ownership in source packages (was: Replace the TC power to depose maintainers)

[Scott Kitterman]

On December 11, 2016 8:50:19 PM EST, Ian Jackson 
 wrote:
>Scott Kitterman writes ("Re: Formal declaration of weak package
>ownership in source packages (was: Replace the TC power to depose
>maintainers)"):
>> These changes will require, at the very least, policy changes.  We
>> have a process for that.
>> 
>> Unless this thing is somehow opt-in only, be prepared for a GR
>overriding it.
>
>It might be best to do it via a GR anyway.
>
>> P. S. In case you wonder how maintainerless works, go look at the
>dusty corners of the Ubuntu archive.
>
>I'm not in favour of abolishing amintainership.
>
>You don't explicitly say so but I get the impression from your mail
>that you think what I am suggesting is a bad idea.  I've read your
>other messages in this thread and they have significantly influenced
>my thinking.  So perhaps I have misunderstood you.

You may not think you are, but I believe that is the net effect.

If anyone can unilaterally add themselves as maintainer (to pick one proposal 
as an example) and make intrusive package changes (since they are a 
maintainer), there's really no maintainer at all.

Being maintainer means having responsibility for a package.  If anyone can add 
themselves as maintainer, then you've turned being maintainer into a position 
with responsibility, but no authority.  That's a recipe for disaster.

I confess to a difficulty keeping all the threads straight, so this might not 
be one of your proposals at all.

I do sense a general trend of the conversation towards the idea of undermining 
package maintainership.  Push to hard in that direction and you get revert wars 
and even larger chunks of the archive left to rot.

I think there are plenty of DDs who would find having their ability to control 
their packages taken away demotivating.  I don't see a crowd of new 
contributors just waiting to not have to deal with a maintainer to get involved 
in Debian development.

Running off or demotivating the people we have isn't a great way to make a 
better operating system.

Scott K

Re: Formal declaration of weak package ownership in source packages (was: Replace the TC power to depose maintainers)

[Ian Jackson]

Scott Kitterman writes ("Re: Formal declaration of weak package ownership in 
source packages (was: Replace the TC power to depose maintainers)"):
> These changes will require, at the very least, policy changes.  We
> have a process for that.
> 
> Unless this thing is somehow opt-in only, be prepared for a GR overriding it.

It might be best to do it via a GR anyway.

> P. S. In case you wonder how maintainerless works, go look at the dusty 
> corners of the Ubuntu archive.

I'm not in favour of abolishing amintainership.

You don't explicitly say so but I get the impression from your mail
that you think what I am suggesting is a bad idea.  I've read your
other messages in this thread and they have significantly influenced
my thinking.  So perhaps I have misunderstood you.

Ian.

-- 
Ian Jackson    These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

Re: Formal declaration of weak package ownership in source packages (was: Replace the TC power to depose maintainers)

[Scott Kitterman]

On December 11, 2016 8:25:05 PM EST, Ian Jackson 
 wrote:
>Enrico Zini writes ("Re: Formal declaration of weak package ownership
>in source packages (was: Replace the TC power to depose maintainers)"):
>> On Tue, Dec 06, 2016 at 03:42:57PM +, Ian Jackson wrote:
>> > > It's a lot simpler to keep this metadata outside source package.
>> > I endorse this product and/or service.
>> 
>> Here's one way to quickly build a service like this:
>
>Great, thanks for the technical tips.
>
>What's needed to make this actually happen ?
>
>I think the initial proposal is simply to move the metadata currently
>in Maintainers and Uploaders into a database which is separate from
>the archive.
>
>I guess the initial UI would mirror the existing "DD authority"
>process.
>
>Who in the project can decide to do this ?  I think this is probably
>the DPL.
>
>After that, we will probably want to further develop the UI and the
>maintainership accession flow.
>
>For example, my suggestion of having a "request to join team" button
>but allowing any DD to add themselves as a Maintainer of a
>solo-maintained package.  Presumably there would have to be a way for
>the MIA team to mark someone as "maintainer emeritus" (ie, used to be
>a maintainer).
>
>Who would make these UI decisions ?

These changes will require, at the very least, policy changes.  We have a 
process for that.

Unless this thing is somehow opt-in only, be prepared for a GR overriding it.

Scott K

P. S. In case you wonder how maintainerless works, go look at the dusty corners 
of the Ubuntu archive.

Re: Replace the TC power to depose maintainers

[Ian Jackson]

Philip Hands writes ("Re: Replace the TC power to depose maintainers"):
> Ian Jackson  writes:
> > I still don't understand why the TC is so crushingly slow to conter
> > maintainer power in Debian.  As I say in my other emails, a result of
> > the TC's inaction, maintainer power in Debian is nearly unassailable.
> 
> I wonder which column on your tally sheet you will put this outcome.

I think the maintainer saw the writing on the wall, so I count this as
a successful intervention by the TC.  (I hope the new maintainers will
prove me right.)  That there wasn't a formal vote is beside the point.

> In this particular instance, at least a week of the time spent on this
> mess was devoted to dealing with you -- don't do anything like that again.

FAOD I value your opinion, and it doesn't make me happy to hear that
from you.  I've been thinking about this and will think some more.

I still (perhaps, even more so) believe we need to have a better way
of dealing with these kind of disputes.

Regards,
Ian.

-- 
Ian Jackson    These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

Re: Formal declaration of weak package ownership in source packages (was: Replace the TC power to depose maintainers)

[Ian Jackson]

Enrico Zini writes ("Re: Formal declaration of weak package ownership in source 
packages (was: Replace the TC power to depose maintainers)"):
> On Tue, Dec 06, 2016 at 03:42:57PM +, Ian Jackson wrote:
> > > It's a lot simpler to keep this metadata outside source package.
> > I endorse this product and/or service.
> 
> Here's one way to quickly build a service like this:

Great, thanks for the technical tips.

What's needed to make this actually happen ?

I think the initial proposal is simply to move the metadata currently
in Maintainers and Uploaders into a database which is separate from
the archive.

I guess the initial UI would mirror the existing "DD authority"
process.

Who in the project can decide to do this ?  I think this is probably
the DPL.

After that, we will probably want to further develop the UI and the
maintainership accession flow.

For example, my suggestion of having a "request to join team" button
but allowing any DD to add themselves as a Maintainer of a
solo-maintained package.  Presumably there would have to be a way for
the MIA team to mark someone as "maintainer emeritus" (ie, used to be
a maintainer).

Who would make these UI decisions ?

Ian.

-- 
Ian Jackson    These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

Re: Replace the TC power to depose maintainers

[Ian Jackson]

Rhonda D'Vine writes ("Re: Replace the TC power to depose maintainers"):
>  Going towards an abolished maintainership
> area it will make it even less likely such needed communication with the
> people feeling emotionally attached to the package to happen.

This is a very good way of explaining the social reasons for retaining
something like maintainership.

>  It's already at the lower and every now and then that it hurts,

I think if one is very stubborn, and doesn't mind undoing other
people's work, etc., then maintainership is very strong.  If one cares
about doing what much the rest of the project says it wants,
maintainership is often quite weak.

This is not really a good combination.

Ideally maintainership would be strong for the maintainer who doesn't
like to argue much and who is easy to convince of true things, but
weak when used by a stubborn maintainer or one who communicates
poorly.

I have not much of an idea how to do that, but making _sole_
maintainership weaker is perhaps going in that direction.

Ian.

-- 
Ian Jackson    These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

Re: Formal declaration of weak package ownership in source packages (was: Replace the TC power to depose maintainers)

[Enrico Zini]

On Tue, Dec 06, 2016 at 03:42:57PM +, Ian Jackson wrote:

> > It's a lot simpler to keep this metadata outside source package.
> I endorse this product and/or service.

Here's one way to quickly build a service like this:

 - Configure the web server to accept Debian's SSO credentials:
   
https://wiki.debian.org/DebianSingleSignOn#Documentation_for_web_application_owners
 - Set up a Django site using RemoteUserMiddleware, but trusting
   SSL_CLIENT_S_DN_CN instead of REMOTE_USER:
   https://docs.djangoproject.com/en/1.10/howto/auth-remote-user/
   (see the CustomHeaderMiddleware example)
 - Create the model and CRUD pages for the extra info you want to
   maintain about developers, with ForeignKey to
   django.contrib.auth.get_user_model()
 - Export your data with django-rest-framework


Enrico

-- 
GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini 


signature.asc
Description: PGP signature