Do I understand your suggestion correctly that Apex should allow contributions that introduce dependencies with critical security CVE or that breaks CI build for the sake of not making contributions difficult for contributors that do not have appetite to deal with CI build or check dependencies for CVE? If yes, what is your proposal how those issues should be addressed if addressed at all?

Should PR reviews be also skipped? I've heard complains from contributors/committers that PR reviews make it difficult to contribute.

Thank you,

Vlad

On 9/14/17 05:38, Priyanka Gugale wrote:
I had one more point to add. During adding such checks we should think of
all types of contributors. We don't want to make it very difficult to
people to get in their PR, it will discourage people from putting any code
changes. Ultimately we want to grow as a community where we would like
people from different background and ideas to help us progress. All of them
may not have good appetite for resolving such issues. So would like to have
some process which is easy on contributors who are not well versed with
such problems.

Note: I don't want to say we don't do anything and let anyone put anything
just to grow. I just want to say, let's not make it too difficult.

-Priyanka

On Wed, Sep 13, 2017 at 1:35 AM, Sanjay Pujare <san...@datatorrent.com>
wrote:

For a vendor too, quality ought to be as important as security so I don't
think we disagree on the cost benefit analysis. But I get your drift.

By "creative incentive" I didn't imply any material incentive (although a
gift card would be nice :-)) but more along the lines of what a community
can do to recognize such contribution.

Sanjay

On Tue, Sep 12, 2017 at 8:10 AM, Vlad Rozov <vro...@apache.org> wrote:

I guess we have a different view on the benefit and cost definition. For
me the benefit of fixing CI build, flaky unit test, severe security issue
is huge for the community and is possibly small (except for a security
issues) for a vendor.

By "creative" I hope you don't mean that other community members, users
and customers send a contributor a gift cards to compensate for the cost
:). For me PR that is blocked on a failed CI build is sufficiently
incentive for a contributor to look into why it fails and fixing it.

Thank you,

Vlad

On 9/11/17 23:58, Sanjay Pujare wrote:

I don't want to speak for others and I don't want to generalize. But an
obvious answer could be "cost-benefit analysis".

In any case we should come up with a creative way to "incentivize"
members
to do these tasks.


Reply via email to