David Golden wrote:
> I'm highlighting this for the full list to be aware of and contribute to.
>
> ---------- Forwarded message ----------
> From: "bulk88" <notificati...@github.com
<mailto:notificati...@github.com>>
> Date: Oct 28, 2015 6:27 PM
> Subject: [ExtUtils-MakeMaker] the future of EUMM's development model
(#242)
> To: "Perl-Toolchain-Gang/ExtUtils-MakeMaker"
> <extutils-makema...@noreply.github.com
> <mailto:extutils-makema...@noreply.github.com>>
> Cc:
>
***************CUT****************
> Since P5P perl relies on timely releases of EUMM, there are certain
> exceptions and responsibilities for planning and managing a project
> correctly. If the owners of EUMM can not meet those expectations, a new
> management structure and plan must be figured out for EUMM. If anyone
> with official power (PAUSE) over EUMM responds with "by Christmas", they
> are sanctioning a fork. I'll warn everyone ahead of time, think a little
> as to what you are really saying before you respond with the mantra "we
> have no time, we aren't paid".
>
> While I will obviously read responses of everyone who posts, responses
> from the general public (no PAUSE EUMM rights), aren't statements from
> the owner of EUMM (bingos) and his appointed comaints
> ANDK/CHORNY/ETHER/LEONT/MMML/MSCHWERN/MSTROUT.
>
> —
> Reply to this email directly or view it on GitHub
> <https://github.com/Perl-Toolchain-Gang/ExtUtils-MakeMaker/issues/242>.
>
I'll add some more details and expand outside of EUMM specfically, in
https://github.com/Perl-Toolchain-Gang/toolchain-site/blob/master/berlin-consensus.md#toolchain-charter-practices
it says
------------------------------------------------------------
2. Toolchain distributions should have more than one "primary"
maintainer (regardless of actual PAUSE permissions) and a list should be
published showing distributions and maintainers.
------------------------------------------------------------
5. If discussions about the evolution of toolchain distributions fail to
achieve consensus, toolchain authors agree to defer to a designated
"tie-breaker" authority. The Perl pumpking (regardless of who that may
be at any point in time) was the initial choice for tie-breaker.
------------------------------------------------------------
There are THIRTY people in
https://github.com/orgs/Perl-Toolchain-Gang/people .
So here are my questions.
Where is the list described in #2 for Perl-Toolchain-Gang controlled
modules?
Do all 30 people listed in PTG have the same perms and standing in PTG?
Are all 30 people free to push to all ~27 PTG repos at any time?
Technically free or socially free?
Who has the root password to the PTG github account to add and remove
members from that list? I'll assume there is more than 1 person.
BINGOS does many CPAN releases for PTG modules for a number of years now
but he rarely writes code. In PAUSE, there is a concept of owner, and
comaint. Do these have relevance to who is the owner of a PTG module? I
find any "Author" section in PTG module pod to be years or a decade out
of date. Is the Pod's author the "owner" of the module and still
responsible for it even though it is under PTG care?
If a PTG module is always released by one person, and nearly every
commit is by one person, page after page on GH, year after year, XDG's
modules for example, it is obvious that he, and not the PTG collective
is the owner of that.
But for ExtUtils::MakeMaker, Bingos does all the CPAN releases and is
the owner on PAUSE, but less than half of the commits, and less than
1/8th of the commits if you exclude merge commits and version bumps. Who
is the owner of ExtUtils::MakeMaker? Bingos alone? or all 30 members of
PTG are jointly and severally liable? I'll expand on this later.
Back to who is the owner, should the Author sections in PTG pod be
changed to "Creator" or "Original Author" or the section deleted and the
original author mentioned as the 1st line in in the pod's Contributors
section?
When a module is "donated" to PTG, is the donator still the owner of the
module, or is PTG collectively now the owner and author of the module,
and original owner can not be blamed for anything that happens under PTG
development model?
Who gets a free ride to the police station when a rootkit that calls
home was shipped to CPAN in a PTG tarball?
Now the chances of a rootkit shipping under PTG development is very low,
short of stolen passwords, since PTG members know each other offline and
there will be a camel stomping if someone does that if they are ever
found offline. If the rootkit appears in the CPAN tarball and never in
the PTG repo, it is obvious who to blame based on PAUSE ID, but for more
complicated cases,
The PTG member with a commit bit who pushed the rootkit to the PTG git
repo responsible?
Is the PTG member who published the tarball on CPAN (negligent to review
the git log before making a tarball)?
What are the responsibilities of a PTG member who cuts a CPAN tarball?
Are they a cron job whose only purpose is to bump version numbers and
verify the changelog contains a new version number, or are they required
to review the git history (and perhaps GH issues/PRs) since the last
CPAN release?
------------------------------------------------------------
5. If discussions about the evolution of toolchain distributions fail to
achieve consensus, toolchain authors agree to defer to a designated
"tie-breaker" authority. The Perl pumpking (regardless of who that may
be at any point in time) was the initial choice for tie-breaker.
------------------------------------------------------------
Bullet #5 says RJBS is the "tie breaker". I dont personally think that
sentence is the same as owner, but someone can interpret that sentence
as meaning RJBS is the final say on PTG, and therefore the owner of PTG.
I looked through a number of PTG module's PAUSE perms lists, local::lib
stood out. PTG's local::lib has 26 comaints on PAUSE.
userid: MSTROUT
userid: APEIRON
userid: ARCANEZ
userid: ASH
userid: BOBTFISH
userid: DGL
userid: DOY
userid: EDENC
userid: ELLIOTT
userid: ETHER
userid: FLORA
userid: FREW
userid: GETTY
userid: GRODITI
userid: HAARG
userid: ILMARI
userid: JBERGER
userid: JJNAPIORK
userid: LSAUNDERS
userid: MITHALDU
userid: PERIGRIN
userid: PHAYLON
userid: RIBASUSHI
userid: SSCAFFIDI
userid: VANSTYN
userid: WSHELDAHL
I understand if a module needs redundancy in maintainers, or for
emergency releases, but at a certain point, when the COMAINT list full
of people who haven't been active in the perl community in years, or are
active in perl community, but never write open source code, I start to
wonder about attack vectors. local::lib's perms list has many people not
in https://github.com/orgs/Perl-Toolchain-Gang/people . What is going on
with this module?
There is a PAUSE ID called MMML
http://www.nntp.perl.org/group/perl.modules/2000/10/msg3190.html A
number of PTG modules have this in PAUSE, but not all. Who is MMML? What
is the purpose of this account?
After MST in his official administrator powers decided that no tough
questions are allowed about EUMM,
https://github.com/Perl-Toolchain-Gang/ExtUtils-MakeMaker/issues/242
----------------------------------------------------------
shadowcat-mst commented 7 hours ago
I'm taking responsibility only for shutting this conversation down until
it can be restarted with a more constructive and less combative attitude.
----------------------------------------------------------
I will post the chatlog with mst from #toolchain.
[19:37] <@mst> issue cleared and closed.
[19:39] <@mst> leont: I hate github. you just replied to something I'd
already deleted.
[19:41] <@leont> I hate all bug-trackers, and have no illusion about
hating whatever I could come up with myself too.
[19:41] <@mst> of course.
[19:41] <@leont> From recent experience I can tell you github is still
better than gitlab :-/
[19:46] * @mst notes that apparently closing wasn't sufficient, clicks
the lock button
***cut***
[19:54] <@mst> bulk88: if you want to find mohawk and ask him when he's
going to fix the mess he caused, that would be helpful. otherwise I
guess we need a volunteer to back it out fully and restore master to
before the mess.
[19:55] <@haarg> afaik everything has basically been fixed except for
the _eumm thing
[19:57] <bulk88> someone gave mohawk permission to do his extensive
refactoring, and someone reviewed all his work, dont blame mohawk alone
for the development stall
[19:58] <@mst> we argued extensively against the changes being done the
way they did and he insisted on it anyway
[19:58] <@mst> ignoring about 98% of the advice given by the channel
[19:58] <@haarg> development hasn't even stalled really
[19:59] <@mst> hence why I edited out the conspiracy theory laden screed
that started the issue on github
[19:59] <@mst> I am only disappointed there's no 'tinfoil hat' badge
[20:00] <@haarg> maybe try filing an issue/PR about the change you want
before complaining that it isn't being done
[20:05] <@mst> 23:53 -!- Irssi: Starting query in perl with bulk88
[20:05] <@mst> 23:53 <bulk88> you realize trying to censor that
development stopped on EUM
[20:05] <@mst> isn't going to work out very well for you?
[20:05] <@mst> bulk88: lol.
[20:05] <bulk88> someone gave mohawk a commit bit, whether it is PTG in
a vote, or Bingos personally doesn't matter that (and maybe it is a
private discussion I dont need to know), but each piece of software has
an author, and that author is responsible for progress of the project,
if they can't continue progress on the project, they need to step aside,
or the software must be forked
[20:05] <@mst> (1) what haarg said (2) adjust your attitude
[20:06] <@mst> throwing random accusations around when you don't even
have an outstanding PR/issue that isn't being addressed is unconstructive
[20:07] <@mst> and wouldn't meet the standards for normal PAUSE adoption
given a vanished maintainer
[20:07] <@mst> let alone a dist where the team is still active and
specifically asking you for an actual problem
[20:08] <bulk88> why should I submit PRs on a branch that may take
months or a year or 2, or never before it is published? Blead has a code
freeze in Jan 2016, after that, I am blocked for 6-7 months from doing
veyr much.
[20:08] <bulk88> I asked specifically, should I be PRing the 7.10 branch?
[20:08] <@mst> so your complaint is "I have assumed my PR won't be
applied, therefore I haven't submitted it, therefore development has
stopped"
[20:08] <@mst> awesome
[20:08] <@mst> that makes *perfect* sense, clearly :P
[20:08] <bulk88> mst are you going to roll a release on CPAN if I ask
you to?
[20:09] <@mst> highly unlikely given the fact that you're doing more
dickwaving than contributing.
[20:09] <@mst> how about you file an issue describing that you believe
should be changed with a rough plan of how you'd change it, and then we
can figure out where the PR should go from there?
[20:09] <@mst> I mean, that would actually be constructive, no?
[20:10] <bulk88> I filed a plan for getting EUMM back onto monthly or
bimonthly releases and get the git repo back into sane plan, you deleted it.
[20:11] <@mst> I'm not asking you to monday morning quarterback our
branch management
[20:12] <@mst> I'm asking you to file an issue representing the
specific, concrete problem you're dealing with
[20:12] <@mst> this was my response to your "should I be PRing the 7.10
branch?" question
[20:12] <bulk88> so daily bumps are fine on RTs?
[20:12] <bulk88> *on PRs
[20:12] <@mst> ...
[20:13] <@mst> every time I answer your question, you move the goalposts
to a different zip code
[20:14] <@mst> until you have an issue number for a specific problem
you're experiencing plus a proposed solution - and I mean a problem with
the code, not your perception of the branch management process - there's
nothing further to discuss
[20:14] <bulk88> " <@mst> I'm not asking you to monday morning
quarterback our branch management" so your responses in this room today
officially reflect the decisions of PTG or not? can I quote everything
you said today in this room?
[20:18] <@mst> decisions are generally made by consensus, as you were
told already; as such, your question is at best nonsensical and at worst
intentionally disingenuous.
[20:19] <@mst> that said, you may quote anything I've said as a thing
I've said.
So from this conversation, MST has taken on the role as the
administrator and therefore owner of PTG. Is MST the actual owner of the
PTG account (root password for GH) or just one of 30 members?
[20:10] <bulk88> I filed a plan for getting EUMM back onto monthly or
bimonthly releases and get the git repo back into sane plan, you deleted it.
[20:11] <@mst> I'm not asking you to monday morning quarterback our
branch management
So MST says PTG is one closed group. In effect, a secret society, and it
is none of the business of the public to criticize or question that
secret society. And who is "our"? All 30 members?
Is PTG a secret society? There are 30 members publicly listed, when one
of you says something, if the other 29 don't say anything, are they
approving what the 1 member said? Every member in PTG has a choice to be
a member, and a choice to resign. In recent non-programming world
history, failure to resign, means you will be tried for the [war] crimes
of your peers. I am not saying "tried for the crimes of your peers"
applies to PTG, but that is a possible outcome of this discussion after
further posts.
Both MST and leont
https://github.com/Perl-Toolchain-Gang/ExtUtils-MakeMaker/issues/242#issuecomment-152031305
and
https://github.com/Perl-Toolchain-Gang/toolchain-site/blob/master/berlin-consensus.md#toolchain-charter-practices
section use the word "consensus" repeatedly.
I can lookup word consensus in a dictionary, but that definition doesn't
apply to PTG modules. Every software project has an human author or
owner (this bot better not be writing software
http://www.thegreenhead.com/imgs/xl/lifesize-terminator-t-800-endoskeleton-xl.jpg
). PTG is different, as leont said "but in practice most important
decisions would likely be made by the broader toolchain gang (that is
neither a complete subset not a complete superset of comaints)." To say
there is no owner of PTG, means it is time to shutdown CPAN/PAUSE, and
each perl user is to himself judge the provenance of each github fork of
perl software. That is anarchy and wont work.
As I see it (and someone correct me officially if I am wrong), everyone
falls into 3 groups
-root password holders of PTG
-members of PTG (30 listed)
-general public
Currently, if you want to win a fight on PTG, just make the most number
of posts in a ticket/issue/PR. Whether you are general public or PTG
regular or PTG admin, doesn't matter, you will win.
Currently, if you dont want to be held responsible for your words, just
say you are speaking for yourself and not PTG even if you are one of the
30 PTG members.
People chime in on PTG tickets, if they are one of the 30 PTG members,
are they talking as themselves, or are they talking in their capacity as
a PTG member and project owner? I can't tell. While not being to tell
who is PTG and who general public is an altruistic nice thing about perl
development, there isnt classism, there is a downside.
You can't identify any leadership for the software. There is no author.
There is no owner. There are 30 PTG members who could be the owner, but
none of them step up to take responsibility for the success or failure
of a project. Who gave each one a commit bit/membership? You can't
identify a scapegoat. For P5P, there is RJBS as the scapegoat, who is
the scapegoat for PTG?
There are 30 people, they hide behind the anonymous structure of PTG. If
PTG is really consensus, all 30 people must vote on each ticket/PR, with
their votes public record, and every member of the public has a right to
hold those 30 people and their votes responsible for API design/merges.
Step up and take responsibility for your work. If you don't like the
responsibility, step down from PTG and become a random member of the public.
If a quorum can't be assembled, nothing gets committed until one is
created. If you can't get enough member volunteers, PTG GH should be
disbanded to the actual day to day maintainers of each module and they
should keep the repos in their own names on GH.
Another way to disband PTG as it is currently structured is discard the
charter in
https://github.com/Perl-Toolchain-Gang/toolchain-site/blob/master/berlin-consensus.md#toolchain-charter-practices
and say PTG is a GH user/org, that is a permanent archive of PRs and
issues for high river CPAN modules, its only purpose it to permanently
archive PRs and issues, which is not possible with repos held by
individual people under their own name since if they leave, and delete
their GH account or repo, while the git repo will live on with the new
maintainer, the PRs and tickets are gone forever, which is not
acceptable, so PTG is simply an archive of discussions, like a mailing
list archive. Each PTG module has one owner/maintainer or atmost 3 of
them. That owner/maintainer owns the PTG repo, not PTG. Anyone who
thinks their module is high-river enough to need a permanent place to
store their issues/PRs can join PTG. A PTG member can not commit to any
repos but his own. The only difference with this hypothetical PTG, other
than the archiving discussion feature is
-------------------------------------------------------------------
7. Toolchain authors agreed that when a primary maintainer steps down or
becomes permanently unavailable, the toolchain authors as a group will
jointly agree on a successor. PAUSE administrators should defer to the
consensus (or decision of the tie-breaker) for handing over PAUSE
permissions as needed. Any successor should agree to the practices
described herein.
-------------------------------------------------------------------
which would say that a takeover happens in 1 or 2 weeks and without the
formalities of documentation of unreachability of old maintainer, and
not 1-6 months as with the public PAUSE takeover process.
Now onto EU::MM.
Here are some questions that do not necessarily need to be answered
publicly one by one, since some level of private debate and thinking has
to exist, but I've some of these seen them asked in IRC rooms before by
PTG or non-PTG general public
Why did EU::MM development stall (my question)?
Why did mohawk's changes went in unsupervised (not my question)?
Who gave him a commit bit (not my question)?
Why "bugs" instead of "notabug" preventing EUMM stable (my question)?
Why didnt mohawk take over releasing EUMM from bingos (my question)?
I am not blaming mohawk. He isn't the failure, someone or some other
people are.
I dont expect those questions to be answered publicly, but someone needs
to take responsibility for why EUMM dev stopped, and what the plan is
(including finding or donating volunteer hours) for getting it on track.
Hiding behind "I am a PTG member but I am not speaking for PTG just
myself" is not acceptable. Who is the owner or leader of EUMM?
If there is no owner, I'll file a takeover request on module-authors and
the problem is fixed in a heartbeat (not sure if I am joking).
ANY ONE PERSON in perl community can disappear forever at any time. The
maintainer or owner of a module is responsible for not letting things go
into a repo that they dont know how to maintain, and letting incomplete
buggy features get into the master/blead/whatever central branch of the
the repo. Experiments stay in branches, not the mainline repo. The
maintainer of the module must assume the member of the public that
submitted the patch will NOT provide followup support after it has been
committed and can't get into a situation where they at the mercy of a
member of the public who did the PTG patch on company time, and can't
respond any further as they have moved on. Most Perl devs leave after
2-3 years. 10 years of publishing FOSS makes you a senior citizen. The
people here today, won't be here in a couple years.
I don't like writing policy and regulations
https://www.youtube.com/watch?v=p5-5a6Q54BM but since the current
no-rules system failed for EUMM under PTG's watch, some reforms are
needed to prevent another EUMM from happening in the future.
