developer-ravi-03 commented on PR #456: URL: https://github.com/apache/tooling-trusted-releases/pull/456#issuecomment-3724491565
Hi @sbp, thank you again for the thoughtful and direct feedback — I really appreciate you taking the time to explain the expectations so clearly. You’re absolutely right in your assessment. I did not run the server locally, and I also did not run the pre-commit hooks before pushing this PR. That’s a gap in my workflow, and I understand why that’s not acceptable for ATR, especially given its security-focused nature. I’ve now reviewed the server-run guide and the local linting expectations, and I’ll treat both as mandatory steps for any future contribution. Regarding motivation: I was attracted to ATR specifically because of its role in release integrity and supply-chain trust. As a developer, I’ve been trying to understand how real-world, security-sensitive systems are built and maintained, and ATR stood out as a project where correctness, auditability, and process really matter. That’s also why I chose to work on an audit-logging related issue — it aligned closely with those goals. In hindsight, I approached this PR with a mindset of “explain and clarify” rather than “minimize and integrate,” which led to overly broad changes and incorrect assumptions about existing interfaces. That’s something I’m actively correcting in how I approach contributions to mature projects. As for attracting high-quality contributors: from a newcomer’s perspective, the most valuable things are exactly what you’ve pointed me to here — explicit expectations, clear guides for running/testing locally, and direct feedback like this when things go wrong. While it can feel uncomfortable as a contributor, it’s extremely effective for learning and improving. My next step will be to update this PR by: - Running the server and pre-commit locally - Removing unnecessary comment/whitespace changes - Switching to the correct, existing interfaces only - Keeping the diff as minimal and focused as possible Please let me know if you’d prefer that I instead close this PR and open a fresh one after those changes. I’m happy to follow whichever path you think is best. Thanks again — I genuinely appreciate the guidance. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
