Re: KDE Review: Hash-o-Matic
Hi, thanks for CCing me, Justin. I took a look at the wiki page history, at past mailing list discussions about KDE Review, and at the issues on Invent tagged with KDE Review, and I see three things: * The majority of new projects since 2020 up until this year did not have an issue for tracking the KDE Review checklist at all, despite the checklist existing for more than that * The wiki is indeed ambiguous about when the checklist needs to be filled in * It's not really well defined who actually gets to check items in the checklist, both allowing the author and not allowing the author were common occurrences Personally, I think it is fine for the checklist to be filled by the original author too. Some checkboxes do not apply to all cases (we could make this clearer), and the review is supposed to be about having developers address issues in a project before it becomes part of KDE. We just need to have a final check be done by the reviewers before the project passes the review so that there's nothing missing. The important thing is that it the issues are addressed. >From what I've seen in the mailing list, the checklist ends up being part of the review whether the actual checklist issue exists (Invent process) or not (mailing list process). Requiring the checklist to be filled before sending to the mailing list is probably too much and only works if the developer is already familiar with REUSE, Docbook, Gitlab CI, Appstream, Localization, etc. It makes more sense to me to have the checklist be filled gradually during the KDE Review, and by the end of the review most or all checkboxes should be ticked. Or is it expected that by the end of an Incubation but before the KDE Review takes place the project developer should already be familiar with all these? On the matter of the checkboxes being less optimal, we could just remove the ambiguities in the docs and make it a guideline that the developer, when creating an issue for KDE Review, should start the issue with all checkboxes blank so the activity history shows up properly and everyone knows who ticked what. Cheers, Thiago Em seg., 2 de out. de 2023 às 22:31, Justin Zobel escreveu: > I think it's clear we need some sort of process documentation for KDE > Review, who is expected to do what, and in which order. > > I've cc'd Thiago on this as they are KDE's documentation writer, let's > see if we can get something together. > > On 3/10/23 07:42, Carl Schwan wrote: > > On Monday, 2 October 2023 21:53:06 CEST Albert Astals Cid wrote: > >> This method of review is really sub-optiomal. > >> > >> Who checked all those marks? There's no way to know. > >> > >> Was it someone expert in the area? > >> > >> Was it someone that knows has no idea what the checks mean? > >> > >> Or was it the submitter of review? If it's the submitter for review it's > >> worthless (nothing against Carl, you're great) but one doesn't review > their > >> own MRs, so one shouldn't probably review this kind of checks either. > > I now unchecked all the checkmarks. For me I see these checkmarks as > stuff I > > need to do before sending a mail to kde-core-devel, as it is just the > basic > > stuff and it doesn't make sense to request a review if this is not done. > > > > Cheers, > > Carl > > > > > > > > >
Re: KDE Review: Hash-o-Matic
On Tuesday, 3 October 2023 08:33:02 CEST Benson Muite wrote: > On 10/2/23 09:52, Sune Vuorela wrote: > > On 2023-10-01, Carl Schwan wrote: > >> Hello, > >> > >> I started writting a small application to generate and compare files with > >> their checksum two years. I piked it up again recently and I think this > >> is now ready for a kde review. > > > > Even two years ago, checking stuff with md5 was not a good idea, unless > > just for checking for transfer errors. > > > > But maybe add a sha3 variant instead? > > It may be helpful to include sha3 and blake2 > https://doc.qt.io/qt-6/qcryptographichash.html > Can make a pull request with these if of interest. Merge requests are always welcome ;) > > /Sune
Re: KDE Review: Hash-o-Matic
On Tuesday, 3 October 2023 03:31:26 CEST Justin Zobel wrote: > I think it's clear we need some sort of process documentation for KDE > Review, who is expected to do what, and in which order. > > I've cc'd Thiago on this as they are KDE's documentation writer, let's > see if we can get something together. Before documenting a process, we first need to decide on the process itself, which seems to be the point of confussion here. We actually already have documentation on the process, but it doesn't make it clear who is responsible to fill the checklist: https://community.kde.org/Policies/Application_Lifecycle#kdereview
Re: KDE Review: Hash-o-Matic
On 10/2/23 09:52, Sune Vuorela wrote: > On 2023-10-01, Carl Schwan wrote: >> Hello, >> >> I started writting a small application to generate and compare files with >> their >> checksum two years. I piked it up again recently and I think this is now >> ready >> for a kde review. > > Even two years ago, checking stuff with md5 was not a good idea, unless > just for checking for transfer errors. > > But maybe add a sha3 variant instead? It may be helpful to include sha3 and blake2 https://doc.qt.io/qt-6/qcryptographichash.html Can make a pull request with these if of interest. > > /Sune >
Re: KDE Review: Hash-o-Matic
I think it's clear we need some sort of process documentation for KDE Review, who is expected to do what, and in which order. I've cc'd Thiago on this as they are KDE's documentation writer, let's see if we can get something together. On 3/10/23 07:42, Carl Schwan wrote: On Monday, 2 October 2023 21:53:06 CEST Albert Astals Cid wrote: This method of review is really sub-optiomal. Who checked all those marks? There's no way to know. Was it someone expert in the area? Was it someone that knows has no idea what the checks mean? Or was it the submitter of review? If it's the submitter for review it's worthless (nothing against Carl, you're great) but one doesn't review their own MRs, so one shouldn't probably review this kind of checks either. I now unchecked all the checkmarks. For me I see these checkmarks as stuff I need to do before sending a mail to kde-core-devel, as it is just the basic stuff and it doesn't make sense to request a review if this is not done. Cheers, Carl
Re: KDE Review: Hash-o-Matic
On Monday, 2 October 2023 21:53:06 CEST Albert Astals Cid wrote: > > This method of review is really sub-optiomal. > > Who checked all those marks? There's no way to know. > > Was it someone expert in the area? > > Was it someone that knows has no idea what the checks mean? > > Or was it the submitter of review? If it's the submitter for review it's > worthless (nothing against Carl, you're great) but one doesn't review their > own MRs, so one shouldn't probably review this kind of checks either. I now unchecked all the checkmarks. For me I see these checkmarks as stuff I need to do before sending a mail to kde-core-devel, as it is just the basic stuff and it doesn't make sense to request a review if this is not done. Cheers, Carl
Re: KDE Review: Hash-o-Matic
El dilluns, 2 d’octubre de 2023, a les 22:55:05 (CEST), Nate Graham va escriure: > On 10/2/23 13:53, Albert Astals Cid wrote: > > El diumenge, 1 d’octubre de 2023, a les 21:49:36 (CEST), Carl Schwan va > > Who checked all those marks? There's no way to know. > > If you scroll down to "Activity", it says who checked them after the > issue was opened. When i complained [almost] all the checkmarks where checked and it didn't say anything about who checked them. See how there's a "marked the checklist item Passing CI job for Reuse linting as incomplete" but there's no "marked as complete" before it. > > I agree that the person who opened the Issue should not check anything > themselves before opening the Issue up, though. This seems like a > sensible policy. > > Nate
Re: KDE Review: Hash-o-Matic
On 10/2/23 13:53, Albert Astals Cid wrote: El diumenge, 1 d’octubre de 2023, a les 21:49:36 (CEST), Carl Schwan va Who checked all those marks? There's no way to know. If you scroll down to "Activity", it says who checked them after the issue was opened. I agree that the person who opened the Issue should not check anything themselves before opening the Issue up, though. This seems like a sensible policy. Nate
Re: KDE Review: Hash-o-Matic
El diumenge, 1 d’octubre de 2023, a les 21:49:36 (CEST), Carl Schwan va escriure: > Hello, > > I started writting a small application to generate and compare files with > their checksum two years. I piked it up again recently and I think this is > now ready for a kde review. > > Features includes: > - Generate checksum from a file > - Compare two files > - Verify a file with a given checksum > - Verify a file with a given .sig file with GPG and show the signature info > > Here is the kde review checklist: > https://invent.kde.org/utilities/hash-o-matic/-/issues/1 > > It would be great if someone could create a product on bugs.kde.org and > assign myself to the product. This method of review is really sub-optiomal. Who checked all those marks? There's no way to know. Was it someone expert in the area? Was it someone that knows has no idea what the checks mean? Or was it the submitter of review? If it's the submitter for review it's worthless (nothing against Carl, you're great) but one doesn't review their own MRs, so one shouldn't probably review this kind of checks either. I'm abstaining from this review and any coming reviews due to the medium being worse that the old "Have an email thread on k-c-d". Cheers, Albert > > Cheers, > Carl
Re: KDE Review: Hash-o-Matic
On 2023-10-01, Carl Schwan wrote: > Hello, > > I started writting a small application to generate and compare files with > their > checksum two years. I piked it up again recently and I think this is now > ready > for a kde review. Even two years ago, checking stuff with md5 was not a good idea, unless just for checking for transfer errors. But maybe add a sha3 variant instead? /Sune
Re: KDE Review: Hash-o-Matic
On Mon, Oct 2, 2023 at 10:16 AM Ingo Klöcker wrote: > On Sonntag, 1. Oktober 2023 21:49:36 CEST Carl Schwan wrote: > > It would be great if someone could create a product on bugs.kde.org and > > assign myself to the product. > > Are you sure you cannot create the product yourself? > > https://bugs.kde.org/editproducts.cgi Only a small number of people have the 'editcomponents' permission on Bugzilla (of which it appears you are one of those) Carl - we'll need a bit more information to create a product, such as a list of components and the descriptions that should be set on both the product and the various components, then we can set this up. > > Regards, > Ingo Cheers, Ben
Re: KDE Review: Hash-o-Matic
On Sonntag, 1. Oktober 2023 21:49:36 CEST Carl Schwan wrote: > It would be great if someone could create a product on bugs.kde.org and > assign myself to the product. Are you sure you cannot create the product yourself? https://bugs.kde.org/editproducts.cgi Regards, Ingo signature.asc Description: This is a digitally signed message part.
KDE Review: Hash-o-Matic
Hello, I started writting a small application to generate and compare files with their checksum two years. I piked it up again recently and I think this is now ready for a kde review. Features includes: - Generate checksum from a file - Compare two files - Verify a file with a given checksum - Verify a file with a given .sig file with GPG and show the signature info Here is the kde review checklist: https://invent.kde.org/utilities/hash-o-matic/-/issues/1 It would be great if someone could create a product on bugs.kde.org and assign myself to the product. Cheers, Carl
