[coreboot] Re: "Private" changes on Gerrit are now disabled and removed
Hi David, When this feature will be available in the gerrit? --sameer. On Tue, Dec 28, 2021, 9:49 PM David Hendricks wrote: > Hi Sameer, > > > hi Patrick, > > I will use this Private feature very badly in my daily job, for some > > critical code. I will create a private CL in gerrit and will build a > > Coreboot by using jenkins based on other builds by cherry picking > > this private CL. I am not from a developer background, i just want to > > know, if there is anyother alternative to this? > > --sameer. > > We ended up deciding to keep this feature enabled since others in the > community feel it's useful, and have documented it better. Patrick has > also reached out to the Gerrit team to see if the name can be changed > to not imply confidentiality. > > See the Nov. 17 2021 leaderhsip meeting notes for details: > > https://mail.coreboot.org/hyperkitty/list/coreboot@coreboot.org/message/QOMQ3DQCDO4OKFK4WTV5H7TF2MRJXRFY/ > ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] Re: "Private" changes on Gerrit are now disabled and removed
Hi Sameer, > hi Patrick, > I will use this Private feature very badly in my daily job, for some > critical code. I will create a private CL in gerrit and will build a > Coreboot by using jenkins based on other builds by cherry picking > this private CL. I am not from a developer background, i just want to > know, if there is anyother alternative to this? > --sameer. We ended up deciding to keep this feature enabled since others in the community feel it's useful, and have documented it better. Patrick has also reached out to the Gerrit team to see if the name can be changed to not imply confidentiality. See the Nov. 17 2021 leaderhsip meeting notes for details: https://mail.coreboot.org/hyperkitty/list/coreboot@coreboot.org/message/QOMQ3DQCDO4OKFK4WTV5H7TF2MRJXRFY/ ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] Re: "Private" changes on Gerrit are now disabled and removed
hi Patrick, I will use this Private feature very badly in my daily job, for some critical code. I will create a private CL in gerrit and will build a Coreboot by using jenkins based on other builds by cherry picking this private CL. I am not from a developer background, i just want to know, if there is anyother alternative to this? --sameer. On Sat, Nov 13, 2021 at 4:51 AM Patrick Georgi via coreboot wrote: > > 12. November 2021 20:35, "Felix Singer" schrieb: > > Is it possible to rename the label to something else, so that it > > doesn't sound so strong anymore? Like "hidden", for example. Or does > > this need changes in its code? > I was thinking about renaming the feature "hide from UI" or something like > that, too. > While it likely requires changes to the code, I think it could be argued that > this is a candidate for upstream to pick up so that Gerrit doesn't mislead > users, no matter the instance. > > > Patrick > ___ > coreboot mailing list -- coreboot@coreboot.org > To unsubscribe send an email to coreboot-le...@coreboot.org ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] Re: "Private" changes on Gerrit are now disabled and removed
12. November 2021 20:35, "Felix Singer" schrieb: > Is it possible to rename the label to something else, so that it > doesn't sound so strong anymore? Like "hidden", for example. Or does > this need changes in its code? I was thinking about renaming the feature "hide from UI" or something like that, too. While it likely requires changes to the code, I think it could be argued that this is a candidate for upstream to pick up so that Gerrit doesn't mislead users, no matter the instance. Patrick ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] Re: "Private" changes on Gerrit are now disabled and removed
In my experience, marking patches as WIP doesn't really help. I still get reviews and comments for these patches. While I appreciate that, it's also kind of annoying. The private feature allows me to draft my patches and to get them in a reviewable state without getting interrupted. Same if you want to work with other people on something, which is meant to be public later. Also this way, I don't create spam mails and I don't use the ressources of the build infrastructure unnecessarily. So I used the private feature a lot. I understand if people don't want this to be enable again, but I rather would like to have this than not. If people really want their patches to be private (for whatever reasons), then they shouldn't upload them anywhere. Or they should use their own repository, maybe on their own git server, where they have full control over the access permissions. In my case, this gives me more possibilities to collaborate with others and this is how I understand it. It's easier to add someone as reviewer than "create a gitlab/github account, pull the repository from there and create a pull request if you want". However, I think we should rather document that our Gerrit instance isn't the right place for hosting others critical content or actual private patches, that it shouldn't be used for such things and that it's a possibility for structuring and collaboration. Is it possible to rename the label to something else, so that it doesn't sound so strong anymore? Like "hidden", for example. Or does this need changes in its code? // Felix ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] Re: "Private" changes on Gerrit are now disabled and removed
Since this appears to be blowing up (because we didn't have enough crap this week already, right?), let me respond a bit longer to the list for completeness sake: 12. November 2021 11:05, "Keith Emery" schrieb: > But would anyone else like to explain why this isn't a GPL violation? Because > it really seems like > it is. The GPL is no magic fairy that does whatever you feel it should do. It has sufficiently precise meaning to _not_ require a few things, too. The only "you _must_ distribute source code" requirement in the GPL is for the GPL'd source code that made up a binary you shipped (https://review.coreboot.org/plugins/gitiles/coreboot.git/+/refs/heads/master/COPYING#134 [1]) and even that isn't unlimited: - You ship the sources with the binary -> no further responsibility (and especially not towards third parties outside that transaction) - You offer some means to obtain the sources -> must be valid for 3 years after shipping the binary. coreboot.org doesn't ship binaries of GPL code, so whenever we decide to distribute source code it's because we want to, not because we're obliged to do it. And when we decide not to distribute source code anymore, that's our right. Patrick [1] As you see, there wasn't a need to send a copy of the GPLv2 to everybody on the list, we had it already ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] Re: "Private" changes on Gerrit are now disabled and removed
Yes, private is a state in between but not a result. I may want to have a "private" commit first before set it to public visible. Christian Walter 于 2021年11月12日周五 下午6:18写道: > Yeah - no. > > The GPL allows you do keep your modifications private as long as you do > not release them in any way. So if these private changes are not released > somewhere they do not need to be public. > > Chris > > > > > Am 12.11.2021 um 11:06 schrieb Keith Emery >: > > > > Your well within your rights not to. I don't believe anyone should be > compelled to expend effort for which they are not compensated. > > > > But would anyone else like to explain why this isn't a GPL violation? > Because it really seems like it is. > > > > > >> On 12/11/21 8:44 pm, Patrick Georgi wrote: > >> 12. November 2021 10:31, "Keith Emery" > schrieb: > >>> I'm fairly sure it say's 'you must publish the source code AND any > changes'. Did that change at some point? > >> I'm fairly sure that you don't understand the conditions under which > the GPL takes effect. Since I'm not your lawyer, I won't discuss this with > you any further. > > ___ > > coreboot mailing list -- coreboot@coreboot.org > > To unsubscribe send an email to coreboot-le...@coreboot.org > ___ > coreboot mailing list -- coreboot@coreboot.org > To unsubscribe send an email to coreboot-le...@coreboot.org > ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] Re: "Private" changes on Gerrit are now disabled and removed
Yeah - no. The GPL allows you do keep your modifications private as long as you do not release them in any way. So if these private changes are not released somewhere they do not need to be public. Chris > > Am 12.11.2021 um 11:06 schrieb Keith Emery : > > Your well within your rights not to. I don't believe anyone should be > compelled to expend effort for which they are not compensated. > > But would anyone else like to explain why this isn't a GPL violation? Because > it really seems like it is. > > >> On 12/11/21 8:44 pm, Patrick Georgi wrote: >> 12. November 2021 10:31, "Keith Emery" >> schrieb: >>> I'm fairly sure it say's 'you must publish the source code AND any >>> changes'. Did that change at some point? >> I'm fairly sure that you don't understand the conditions under which the GPL >> takes effect. Since I'm not your lawyer, I won't discuss this with you any >> further. > ___ > coreboot mailing list -- coreboot@coreboot.org > To unsubscribe send an email to coreboot-le...@coreboot.org ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] Re: "Private" changes on Gerrit are now disabled and removed
Your well within your rights not to. I don't believe anyone should be compelled to expend effort for which they are not compensated. But would anyone else like to explain why this isn't a GPL violation? Because it really seems like it is. On 12/11/21 8:44 pm, Patrick Georgi wrote: 12. November 2021 10:31, "Keith Emery" schrieb: I'm fairly sure it say's 'you must publish the source code AND any changes'. Did that change at some point? I'm fairly sure that you don't understand the conditions under which the GPL takes effect. Since I'm not your lawyer, I won't discuss this with you any further. ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] Re: "Private" changes on Gerrit are now disabled and removed
I don't recall any section of the GPL that mentions 'private' repositories. I'm fairly sure it say's 'you must publish the source code AND any changes'. Did that change at some point? As it stands the commit that is known to be working with my hardware has just 'disappeared'. Thus making life more than a bit difficult for the best part of 5 years, maybe more. How many people have been making 'private' changes to GPL code? On 12/11/21 6:04 pm, Patrick Georgi wrote: 12. November 2021 03:47, "Keith Emery" schrieb: Um... It's said feature illegal? Sorry, but I don't understand what you mean. Could you elaborate? Regards, Patrick GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any
[coreboot] Re: "Private" changes on Gerrit are now disabled and removed
Nice catch, Patrick. I used this feature long ago [1], but as the Gerrit guidelines note we can now mark patches as WIP in the UI or just put [DONOTSUBMIT] in the summary line if a patch isn't ready for review. Furthermore, these days it's very easy to set up one's own git repo and access controls using services such as Github, Gitlab, etc. IMO it's best to keep the feature disabled so that people don't make wrong assumptions. [1] https://mail.coreboot.org/hyperkitty/list/coreboot@coreboot.org/message/XT25LVQE73DSBV3WP46RQRV3KAXO2SWG/ On Thu, Nov 11, 2021 at 3:05 PM Patrick Georgi via coreboot < coreboot@coreboot.org> wrote: > Hi everybody, > > it came to my attention that changes marked "private" on Gerrit are hidden > in the UI but easily accessible through gitiles and with "git fetch". > > I don't think it matters for most cases, but since we advertised it as > being accessible for the owner and individual reviewers, I didn't want to > keep things exposed, especially not after there's an announcement that such > access is possible (as through this email). Therefore I: > > - disabled the "private" CL feature in the Gerrit UI, so you can't mark > changes as private > - created per-account git bundles[1] of their private CLs. Since I don't > want to spam a few hundred users with stuff they might not care about, this > is a pull transaction: if you want them, reach out to me. > - removed the private commits and references from the coreboot.git repo. > You might still see the changes in the UI but that's due to its aggressive > caching: The UI actually honors the private flag, so that's not a concern > and all other means of accessing commits access the repo and will fail on > these now-gone commits. > > https://review.coreboot.org/c/coreboot/+/59229 also proposes updating the > docs to remove mentions of the "private change" feature. > > As an alternative we could also decide to re-enable the feature but with > documentation pointing out that there are ways for motivated > unauthenticated users to access these commits, which makes them more of a > structuring feature (keep things out of sight until they're ready). In that > case I could also reinstate the commits I deleted from the repo. > > > Thoughts? > > > Best regards, > Patrick > > [1] https://git-scm.com/docs/git-bundle > ___ > coreboot mailing list -- coreboot@coreboot.org > To unsubscribe send an email to coreboot-le...@coreboot.org > ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
