On 21/03/18 12:45, Samuli Seppänen wrote:
> 
> Dazo informed that OpenVPN 3 developers will start using openvpn-devel
> for their patches. We will need to figure out how to make patchwork
> detech whether a patch belongs to openvpn2 or openvpn3.

Just to elaborate a bit more on this topic.  I will try to explain a bit more
in detail how OpenVPN Inc staffers will contribute to the development more
openly and in a publicly, auditable approach.

Current situation: OpenVPN Inc developers push changes to a private git
repository for peer-review, and at random intervals these changes are pushed
out to the public.  This is not considered a good long-term approach when
wanting to have the community involved in the further development.  So we are
adjusting our own processes to be far more community friendly.

This is our current proposal:

Patches submitted with the patch author carrying an @openvpn.net address will
in most cases have been through internal peer-review before being accepted.
These patches will thus have at minimum one "Approved-By:" tag line.  This is
similar to the Acked-by: tag-line used in OpenVPN 2 patches.  The reason
"Approved-by:" is used is simply due to the internal tools used by OpenVPN Inc
for peer-review - which adds this automatically.  But seeing an "Approved-by:"
line means the commit has been through peer-review by OpenVPN Inc developers
and was ACKed.

It is also preferred that OpenVPN Inc developers which have their patches
reviewed internally to make patches available in a publicly available git
repository (like GitHub, GitLab, Bitbucket, etc) - at any time.  This enables
the use of a git feature we've not used before for OpenVPN - git request-pull.
 This combined with git format-patch with the --cover-letter option will
generate a e-mail template where it is possible to validate the authenticity
of the patches on the ML against an external git repository.

Patches sent through the git request-pull approach can then be merged directly
into the official openvpn3 git repository.  We also try to ensure that as many
 commits as possible added to the openvpn3 git repository are PGP signed.  But
we have to find a good way to tackle this as automated as possible.

The community may, of course, dispute commits post-merge, where after a
discussion with the OpenVPN Inc developers will figure out if this needs to be
reverted or if it can be improved by adding another patch fixing issues.  But
we are open and happy to take those discussions whenever needed.


The rest of the OpenVPN community may also use the 'git request-pull'
approach, or take the approach used for OpenVPN 2.x patches over many years.
But all patches from the community [1] need to receive a public "Acked-by:"
response, sent explicitly to the mailing list.  We do not restrict the
Acked-by to be by OpenVPN Inc developers only; we use the same approach as
with OpenVPN 2 patches - contributors who have built up credibility among the
core developers over time will have their Acked-by responses handled easier
and quicker.  But any Acked-by: responses are valuable.


And even though a lot of the process is pretty much laid out - nothing is set
in stone yet.  But we (OpenVPN Inc) needed to find an approach which works
well for us and at the same time encourage the community to participate in the
development.  We do a lot of work on the OpenVPN 3 code base but also want
this development to happen in the open and public space as well.  But as we
gain experience, we will adopt this process to what works best for both the
community and OpenVPN Inc.  The main goal is to make OpenVPN 3 as attractive
for contribution as what we have managed with OpenVPN 2.

But see this mail as an early heads-up.  OpenVPN Inc is still adjusting the
internal tooling and processes.  But we expect to be ready internally in not
too long (a few weeks, not months - unless we hit some nasty challenges).  And
if there are ideas how to make things better, please let us know asap!

All this said ... In todays community meeting concerns about Patchwork was
raised.  We will need to ensure that OpenVPN 3 related patches won't affect
and make a big mess of the OpenVPN 2.x development and the Patchwork
integration used there.  And we (OpenVPN Inc) would like to make Patchwork
work well with OpenVPN 3 patches as well.  So this is something needed to be
handled properly before we start for real.  But we will do a few tests and see
what happens.


[1] With "the community" it is meant: Patch from a sender _not_ carrying an
    @openvpn.net address with at least one "Approved-by: " tag-line with an
    @openvpn.net address.  Both addresses needs to be well known OpenVPN Inc
    employees.



-- 
kind regards,

David Sommerseth
OpenVPN Inc


Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to