Hi hackers, In general it feels like the elfutils community is working well, there are regular releases with bug fixes and new features. Most patches are reviewed fairly quickly (although there are some exceptions where patches have been pending too long). So I don't want to change too much. But here are some small suggestions for changes to out processes that might be helpful:
- Get rid of ChangeLog files and trivial ChangeLog entries I personally love ChangeLog entries. Writing them helps me double check I actually intended to make the changes. And it is a great help reviewing patches. It helps having to guess if some specific change was an accident or intended. But patches that have changes against the ChangeLog files are sometimes hard to rebase or move between branches. The gnulib git-merge-changelog driver is awesome, but is not always able to help. Also some commit messages for smaller changes are already fine describing what changed. So I propose to drop ChangeLog files completely and only add a ChangeLog entry to the commit message for larger changes to help the review process. - Use patchwork more All patches sent to the mailing list are tracked at https://patchwork.sourceware.org/project/elfutils/list/ It has helped me a lot keeping track of patches that have been pending for some time. Also git-pw has been really nice for cherry-picking patches. https://patchwork.readthedocs.io/projects/git-pw/en/latest/ Please let me know if you would like to help maintain the pending patch list and I'll add your account as maintainer for the elfutils project. For using it with git-pw use these .git/config settings: [pw] server = https://patchwork.sourceware.org/api/1.2/ project = elfutils token = <hex-token> states = committed,accepted,superseded,deferred,rejected,under-review It would be nice if it was automated a bit more by have a git commit hook that flagged whether a patch was committed. And if the buildbot try-branch system would flag pass/fail on the patch. - Don't require "real names" in Signed-off-by lines. Our current CONTRIBUTING guide say that you have to use your your real name for the Signed-off-by line. This is sometimes problematic for people for who their real (legal) name is not how they identify themselves to others. I suggest to change the requirement as follows (this mimics what the linux kernel project did recently): diff --git a/CONTRIBUTING b/CONTRIBUTING index bb48975b..1a1c443f 100644 --- a/CONTRIBUTING +++ b/CONTRIBUTING @@ -45,7 +45,9 @@ then you just add a line saying Signed-off-by: Random J Developer <ran...@developer.example.org> -using your real name (sorry, no pseudonyms or anonymous contributions.) +using a known identity (sorry, no anonymous contributions.) +The name you use as your identity should not be an anonymous id +or false name that misrepresents who you are. git commit --signoff will add such a Signed-off-by line at the end of the commit log message for you. - "Security" bug guidance Here I don't have good guidance, but I have the feeling some of the bugs reported (especially by some fuzzers) are sometimes unnecessarily marked as security issues. Which causes lots of unnecessary work for downstream users of our code. Especially if someone starts assigning CVEs to them. It would be good to have some explicit text to point "security" bug reporters at on how we will handle their bugs. Cheers, Mark
