Re: [Nix-dev] Limiting access to only maintained packages and ensuring core packages are maintained

[Peter Hoeg]

If I’m set as maintainer for a package, what are the best ways
to get informed when new versions come out (e.g. RSS, announcement
mailinglists, nixos-monitor)?


If the software in question is released on github using their release
functionality, you can subscribe to an RSS feed in your reader of
choice. That's how I do it.

Example:
https://github.com/syncthing/syncthing/releases.atom
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Limiting access to only maintained packages and ensuring core packages are maintained

[Profpatsch]

On 16-09-03 07:24am, Shea Levy wrote:
> Any other ideas that might be useful here?

The nixpkgs-side is one dimension to what maintainers have to do,
but what I’m stubling upon is the update-information-side.

If I’m set as maintainer for a package, what are the best ways
to get informed when new versions come out (e.g. RSS, announcement
mailinglists, nixos-monitor)?
Providing help with that would be important too for people to easily
pick up one or two packages for maintenance.

What tools do you guys use?

-- 
Proudly written in Mutt with Vim on NixOS.
Q: Why is this email five sentences or less?
A: http://five.sentenc.es
May take up to five days to read your message. If it’s urgent, call me.
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Limiting access to only maintained packages and ensuring core packages are maintained

[Peter Simons]

laverne writes:

 > A "maintainer" that does not have commit access cannot maintain and
 > is thus not actually a maintainer.

Due to the wonders of Github, it's entirely feasible to maintain
packages without having commit access. A "maintainer" is not necessarily
the person who commits patches but rather the person who writes them
and/or helps other people write them. Once patches exist that improve
the package in some way, they are submitted for review in a Pull Request
via Github and -- assuming the patch is uncontroversial -- subsequently
merged to the distribution.


 > I don't really understand how NixOS's model works and am not
 > confident that anyone does.

If you have any specific question about the process used to develop Nix,
NixOS, and Nixpkgs then please don't hesitate to ask on this mailing
list or -- if you prefer -- on the #NixOS IRC channel. There are quite a
few people who understand how these processes work who will usually be
quite happy to help and share information.

Best regards,
Peter

___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Limiting access to only maintained packages and ensuring core packages are maintained

[Peter Hoeg]

Many meta.maintainers do not have commit access, that's the main
bottleneck that causes hours/days/weeks/months delay.


This should not be so. A "maintainer" that does not have commit
access cannot maintain and is thus not actually a maintainer.


I'm currently listed as maintainer (15 packages) or co-maintainer (1 package) 
and I do not have commit access. Generally, the guys with commit access are 
very quick to respond and turn things around.

Even if I had direct commit access, in the vast majority of cases, a change 
would still involve a public PR to solicit feedback (and the feedback is 
normally very constructive).

Exceptions are obviously security sensitive fixes.


Disclaimer: I'm coming from from the world of Debian which has a
drastically different maintenance model. I don't really understand
how NixOS's model works and am not confident that anyone does.


A public statement on the maintenance model (security issues) might not
be a bad idea.

/Peter
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Limiting access to only maintained packages and ensuring core packages are maintained

[laverne]

 On Sat, 03 Sep 2016 08:35:45 -0500 stewart mackenzie  wrote  
> Many meta.maintainers do not have commit access, that's the main 
> bottleneck that causes hours/days/weeks/months delay.

This should not be so. A "maintainer" that does not have commit 
access cannot maintain and is thus not actually a maintainer. 

Disclaimer: I'm coming from from the world of Debian which has a 
drastically different maintenance model. I don't really understand
how NixOS's model works and am not confident that anyone does.

-Laverne 


___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Limiting access to only maintained packages and ensuring core packages are maintained

[Shea Levy]

Layus  writes:

> Could you elaborate more on how you plan to implement this ?
> Who will be responsible to maintain maintainers ;-) ?
> Do you plan to automate it somehow ?

The first thing, straightforward to do, is add an option to not build
unmaintained packages and add a jobset to build this set. Second is to
publicize the decided-upon policies to devs and users through
documentation. Then there are a few routes that in some combination can
hopefully maintain maintainership:

1. Some people can regularly watch or even possibly subscribe to the
   "maintained" jobset. If something fails, they can reach out and
   eventually remove the maintainer from that package if appropriate
2. We can have issue tags differentiating issues with maintained vs
   unmaintained packages. For PRs this can even be automated. Again
   people watching those tags can make a change if there is an
   unresponsive maintainer
3. We can encourage users to first try to get the attention of the
   maintainers of the relevant packages and then escalate to a list of
   maintainer maintainers if no response is forthcoming.

Any other ideas that might be useful here?


signature.asc
Description: PGP signature
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Limiting access to only maintained packages and ensuring core packages are maintained

[Freddy Rietdijk]

We could let the mention-bot ignore certain files

  "fileBlacklist": ["*.md"], // mention-bot will ignore any files that
match these file globs

On Sat, Sep 3, 2016 at 1:03 PM, Shea Levy  wrote:

> No, not something automated like that. Though mention-bot seems to work
> decently well, it doesn't know for example that changes to
> all-packages.nix are much less useful than changes to a default.nix file
> in a package directory. A human can know that, and additionally look at
> the log messages to see the nature of the changes to see if they're
> likely to be relevant.
>
> Bardur Arantsson  writes:
>
> > On 2016-09-02 23:16, Shea Levy wrote:
> >> Why can't people use the commit logs to see who is knowledgeable?
> >
> > Are you thinking of something like https://github.com/facebook/
> mention-bot ?
> >
> > This fails in the case where someone does a big cross-cutting (i.e. not
> > concerned with particular packages) refactor which happens to touch a
> > lot of code. Suddenly you'd get a huge number of notifications about
> > *every package under the sun*.
> >
> > (Why, yes, I *have* been the 'victim' of this type of thing in a GitHub
> > repo where the project uses mention-bot. Now, some of that may simply be
> > due to the algorithm that mention-bot uses, but it's pretty hard to
> > avoid unless you're *somehow* able to algorithmically distinguish
> > large-scale cross-cutting refactors from actual package maintenance
> > changes.)
> >
> > Regards,
> >
> >
> > ___
> > nix-dev mailing list
> > nix-dev@lists.science.uu.nl
> > http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Limiting access to only maintained packages and ensuring core packages are maintained

[Shea Levy]

No, not something automated like that. Though mention-bot seems to work
decently well, it doesn't know for example that changes to
all-packages.nix are much less useful than changes to a default.nix file
in a package directory. A human can know that, and additionally look at
the log messages to see the nature of the changes to see if they're
likely to be relevant.

Bardur Arantsson  writes:

> On 2016-09-02 23:16, Shea Levy wrote:
>> Why can't people use the commit logs to see who is knowledgeable?
>
> Are you thinking of something like https://github.com/facebook/mention-bot ?
>
> This fails in the case where someone does a big cross-cutting (i.e. not
> concerned with particular packages) refactor which happens to touch a
> lot of code. Suddenly you'd get a huge number of notifications about
> *every package under the sun*.
>
> (Why, yes, I *have* been the 'victim' of this type of thing in a GitHub
> repo where the project uses mention-bot. Now, some of that may simply be
> due to the algorithm that mention-bot uses, but it's pretty hard to
> avoid unless you're *somehow* able to algorithmically distinguish
> large-scale cross-cutting refactors from actual package maintenance
> changes.)
>
> Regards,
>
>
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev


signature.asc
Description: PGP signature
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Limiting access to only maintained packages and ensuring core packages are maintained

[Shea Levy]

maintainers.nix contains email addresses and for many of us uses the
same as our github handles. So users should be told to ping on github
*and* email when they find an issue, and then if someone is unresponsive
through that we can (if we're sticking with 3) remove them after some
time.

Hydra will email you if the build status of a package you maintain
changes.


Thomas Hunger  writes:

> I'm mostly worried about leaning that I need to fix a package that I'm
> maintaining. I care about fixing bugs and purging unmaintaned packages, but
> most of the time I don't even see the report, or I know it's broken in
> hydra until I test again locally.
>
> Do you have any ideas around getting word out to maintainers sooner?
>
> On 2 September 2016 at 21:22, Shea Levy  wrote:
>
>> Hi all,
>>
>> I think a few changes might improve package stability a bit:
>>
>> 1. Add a nixpkgs config setting to throw an error on packages with no
>>meta.maintainers
>> 2. Work to reach a point where a significant subset of nixpkgs (say,
>>release-small) is allowed on this list.
>> 3. Remove maintainers after X weeks without reply on issues they're
>>tagged in about packages they maintain
>> 4. (Optional) Separate out maintainers by system
>>
>> Thoughts on these?
>>
>> ~Shea
>>
>> ___
>> nix-dev mailing list
>> nix-dev@lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
>>


signature.asc
Description: PGP signature
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Limiting access to only maintained packages and ensuring core packages are maintained

[Vladimír Čunát]

On 09/03/2016 01:21 AM, Bardur Arantsson wrote:
> On 2016-09-02 23:16, Shea Levy wrote:
>> > Why can't people use the commit logs to see who is knowledgeable?
> Are you thinking of something like https://github.com/facebook/mention-bot ?

Note that we *do* use that bot in nixpkgs for quite some time.

It suffers from those problems a bit, but overall it seems a clear win
to me.

--Vladimir




smime.p7s
Description: S/MIME Cryptographic Signature
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Limiting access to only maintained packages and ensuring core packages are maintained

[Bardur Arantsson]

On 2016-09-02 23:16, Shea Levy wrote:
> Why can't people use the commit logs to see who is knowledgeable?

Are you thinking of something like https://github.com/facebook/mention-bot ?

This fails in the case where someone does a big cross-cutting (i.e. not
concerned with particular packages) refactor which happens to touch a
lot of code. Suddenly you'd get a huge number of notifications about
*every package under the sun*.

(Why, yes, I *have* been the 'victim' of this type of thing in a GitHub
repo where the project uses mention-bot. Now, some of that may simply be
due to the algorithm that mention-bot uses, but it's pretty hard to
avoid unless you're *somehow* able to algorithmically distinguish
large-scale cross-cutting refactors from actual package maintenance
changes.)

Regards,


___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Limiting access to only maintained packages and ensuring core packages are maintained

[Thomas Hunger]

I'm mostly worried about leaning that I need to fix a package that I'm
maintaining. I care about fixing bugs and purging unmaintaned packages, but
most of the time I don't even see the report, or I know it's broken in
hydra until I test again locally.

Do you have any ideas around getting word out to maintainers sooner?

On 2 September 2016 at 21:22, Shea Levy  wrote:

> Hi all,
>
> I think a few changes might improve package stability a bit:
>
> 1. Add a nixpkgs config setting to throw an error on packages with no
>meta.maintainers
> 2. Work to reach a point where a significant subset of nixpkgs (say,
>release-small) is allowed on this list.
> 3. Remove maintainers after X weeks without reply on issues they're
>tagged in about packages they maintain
> 4. (Optional) Separate out maintainers by system
>
> Thoughts on these?
>
> ~Shea
>
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Limiting access to only maintained packages and ensuring core packages are maintained

[Layus]

Yes, using log info seems good enough for finding related users.
I was thinking to hydra notifications, which are also linked to this 
maintainer field.
But I guess that a maintainer not active on github will not want to 
receive hydra notifications,

so both are related.

Could you elaborate more on how you plan to implement this ?
Who will be responsible to maintain maintainers ;-) ?
Do you plan to automate it somehow ?

-- Layus.

On 02/09/16 23:16, Shea Levy wrote:

Why can't people use the commit logs to see who is knowledgeable? I
believe we should have some way to denote "this person has committed to
make reasonable efforts to keep this package working properly", and the
maintainers field seems the right fit.

But anyway, limiting 3 to release-small or whatever important subset we
choose is a good change even if we don't go all the way.

~Shea

Layus  writes:


Hi Shea,

I like this idea, except for the part where you forcefully remove
maintainers.
I have always seen maintainers as knowledgeable on the package, not
bound to reply on issues about it.
Just ensure that X is big enough :-).

I really like this idea if we limit (3.) to release-small packages or
some subset of core packages.

-- Layus.

On 02/09/16 22:22, Shea Levy wrote:

Hi all,

I think a few changes might improve package stability a bit:

1. Add a nixpkgs config setting to throw an error on packages with no
 meta.maintainers
2. Work to reach a point where a significant subset of nixpkgs (say,
 release-small) is allowed on this list.
3. Remove maintainers after X weeks without reply on issues they're
 tagged in about packages they maintain
4. (Optional) Separate out maintainers by system

Thoughts on these?

~Shea


___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev



___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Limiting access to only maintained packages and ensuring core packages are maintained

[Shea Levy]

Why can't people use the commit logs to see who is knowledgeable? I
believe we should have some way to denote "this person has committed to
make reasonable efforts to keep this package working properly", and the
maintainers field seems the right fit.

But anyway, limiting 3 to release-small or whatever important subset we
choose is a good change even if we don't go all the way.

~Shea

Layus  writes:

> Hi Shea,
>
> I like this idea, except for the part where you forcefully remove 
> maintainers.
> I have always seen maintainers as knowledgeable on the package, not 
> bound to reply on issues about it.
> Just ensure that X is big enough :-).
>
> I really like this idea if we limit (3.) to release-small packages or 
> some subset of core packages.
>
> -- Layus.
>
> On 02/09/16 22:22, Shea Levy wrote:
>> Hi all,
>>
>> I think a few changes might improve package stability a bit:
>>
>> 1. Add a nixpkgs config setting to throw an error on packages with no
>> meta.maintainers
>> 2. Work to reach a point where a significant subset of nixpkgs (say,
>> release-small) is allowed on this list.
>> 3. Remove maintainers after X weeks without reply on issues they're
>> tagged in about packages they maintain
>> 4. (Optional) Separate out maintainers by system
>>
>> Thoughts on these?
>>
>> ~Shea
>>
>>
>> ___
>> nix-dev mailing list
>> nix-dev@lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev


signature.asc
Description: PGP signature
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Limiting access to only maintained packages and ensuring core packages are maintained

[Layus]

Hi Shea,

I like this idea, except for the part where you forcefully remove 
maintainers.
I have always seen maintainers as knowledgeable on the package, not 
bound to reply on issues about it.

Just ensure that X is big enough :-).

I really like this idea if we limit (3.) to release-small packages or 
some subset of core packages.


-- Layus.

On 02/09/16 22:22, Shea Levy wrote:

Hi all,

I think a few changes might improve package stability a bit:

1. Add a nixpkgs config setting to throw an error on packages with no
meta.maintainers
2. Work to reach a point where a significant subset of nixpkgs (say,
release-small) is allowed on this list.
3. Remove maintainers after X weeks without reply on issues they're
tagged in about packages they maintain
4. (Optional) Separate out maintainers by system

Thoughts on these?

~Shea


___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev



___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] Limiting access to only maintained packages and ensuring core packages are maintained

[Shea Levy]

Hi all,

I think a few changes might improve package stability a bit:

1. Add a nixpkgs config setting to throw an error on packages with no
   meta.maintainers
2. Work to reach a point where a significant subset of nixpkgs (say,
   release-small) is allowed on this list.
3. Remove maintainers after X weeks without reply on issues they're
   tagged in about packages they maintain
4. (Optional) Separate out maintainers by system

Thoughts on these?

~Shea


signature.asc
Description: PGP signature
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev