[PATCH 0/3] Documenting commit reverts and revocation

Done

Details

7 participants

Julien Lepiller
Leo Famulari
Ludovic Courtès
Christopher Baines
Maxime Devos
Tobias Geerinckx-Rice
Xinglu Chen

Owner: unassigned

Submitted by: Ludovic Courtès

Severity: normal

Ludovic Courtès wrote on 27 May 2021 14:32

Recipients:(address . guix-patches@gnu.org)(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:20210527123259.4115-1-ludo@gnu.org

Hello Guix!

Attached is an attempt to:

1. Structure the “Commit Access” section of the manual;

2. Document how to address committers’ mistakes, when to revert

commits;

3. Explain under what circumstances maintainers may revoke commit

rights.

It essentially codifies unwritten rules, but as always, I think it’s

better to be explicit about the rules and community expectations.

Let me know what you think! I propose to leave a comment period

of at least one week, possibly iterating with new versions.

Ludo’.

Ludovic Courtès (3):

doc: Structure the "Commit Access" section.

doc: Add "Addressing Mistakes" section.

doc: Explain more reasons for commit revocation.

doc/contributing.texi | 114 ++++++++++++++++++++++++++++++++++--------

1 file changed, 93 insertions(+), 21 deletions(-)

2.31.1

Ludovic Courtès wrote on 27 May 2021 14:35

[PATCH 1/3] doc: Structure the "Commit Access" section.

Recipients:(address . 48696@debbugs.gnu.org)(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:20210527123554.4267-1-ludo@gnu.org

* doc/contributing.texi (Commit Access): Add introduction and section
heading.  Separate OpenPGP setup from commit policy.
---
 doc/contributing.texi | 59 ++++++++++++++++++++++++++++---------------
 1 file changed, 38 insertions(+), 21 deletions(-)

Toggle diff (99 lines)diff --git a/doc/contributing.texi b/doc/contributing.texi
index cfcae22502..7dc912b4de 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -1258,8 +1258,19 @@ this nifty tool!
 @section Commit Access
 
 @cindex commit access, for developers
-For frequent contributors, having write access to the repository is
-convenient.  When you deem it necessary, consider applying for commit
+Everyone can contribute to Guix without having commit access
+(@pxref{Submitting Patches}).  However, for frequent contributors,
+having write access to the repository can be convenient.  Commit access
+should not be thought of as a ``badge of honor'' but rather as a
+responsibility a contributor is willing to take to help the project.
+
+The following sections explain how to get commit access, how to be ready
+to push commits, and the policies and community expectations for commits
+pushed upstream.
+
+@subsection Applying for Commit Access
+
+When you deem it necessary, consider applying for commit
 access by following these steps:
 
 @enumerate
@@ -1331,6 +1342,27 @@ review and merging system, which, as a consequence, may lead us to have
 fewer people with commit access to the main repository.  Stay tuned!
 @end quotation
 
+All commits that are pushed to the central repository on Savannah must
+be signed with an OpenPGP key, and the public key should be uploaded to
+your user account on Savannah and to public key servers, such as
+@code{keys.openpgp.org}.  To configure Git to automatically sign
+commits, run:
+
+@example
+git config commit.gpgsign true
+git config user.signingkey CABBA6EA1DC0FF33
+@end example
+
+You can prevent yourself from accidentally pushing unsigned commits to
+Savannah by using the pre-push Git hook called located at
+@file{etc/git/pre-push}:
+
+@example
+cp etc/git/pre-push .git/hooks/pre-push
+@end example
+
+@subsection Commit Policy
+
 If you get commit access, please make sure to follow
 the policy below (discussions of the policy can take place on
 @email{guix-devel@@gnu.org}).
@@ -1349,25 +1381,6 @@ mailing list for commit notifications (@email{guix-commits@@gnu.org}),
 so people can notice.  Before pushing your changes, make sure to run
 @code{git pull --rebase}.
 
-All commits that are pushed to the central repository on Savannah must
-be signed with an OpenPGP key, and the public key should be uploaded to
-your user account on Savannah and to public key servers, such as
-@code{keys.openpgp.org}.  To configure Git to automatically sign
-commits, run:
-
-@example
-git config commit.gpgsign true
-git config user.signingkey CABBA6EA1DC0FF33
-@end example
-
-You can prevent yourself from accidentally pushing unsigned commits to
-Savannah by using the pre-push Git hook called located at
-@file{etc/git/pre-push}:
-
-@example
-cp etc/git/pre-push .git/hooks/pre-push
-@end example
-
 When pushing a commit on behalf of somebody else, please add a
 @code{Signed-off-by} line at the end of the commit log message---e.g.,
 with @command{git am --signoff}.  This improves tracking of who did
@@ -1389,12 +1402,16 @@ you're confident, it's OK to commit.
 That last part is subject to being adjusted, allowing individuals to commit
 directly on non-controversial changes on parts they’re familiar with.
 
+@subsection Commit Revocation
+
 In order to reduce the possibility of mistakes, committers will have
 their Savannah account removed from the Guix Savannah project and their
 key removed from @file{.guix-authorizations} after 12 months of
 inactivity; they can ask to regain commit access by emailing the
 maintainers, without going through the vouching process.
 
+@subsection Helping Out
+
 One last thing: the project keeps moving forward because committers not
 only push their own awesome changes, but also offer some of their time
 @emph{reviewing} and pushing other people's changes.  As a committer,
-- 
2.31.1

Ludovic Courtès wrote on 27 May 2021 14:35

[PATCH 2/3] doc: Add "Addressing Mistakes" section.

Recipients:(address . 48696@debbugs.gnu.org)(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:20210527123554.4267-2-ludo@gnu.org

* doc/contributing.texi (Addressing Mistakes): New section.

---

doc/contributing.texi | 34 ++++++++++++++++++++++++++++++++++

1 file changed, 34 insertions(+)

Toggle diff (47 lines)diff --git a/doc/contributing.texi b/doc/contributing.texi
index 7dc912b4de..8308551261 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -1402,6 +1402,40 @@ you're confident, it's OK to commit.
 That last part is subject to being adjusted, allowing individuals to commit
 directly on non-controversial changes on parts they’re familiar with.
 
+@subsection Addressing Mistakes
+
+We all make mistakes.  We expect peer review (@pxref{Submitting
+Patches}) and tools such as @command{guix lint} (@pxref{Invoking guix
+lint}) and the test suite (@pxref{Running the Test Suite}) to catch
+issues before they are pushed; yet, mistakes might go through---that
+happens to both newcomers and old-timers, and there is nothing to be
+ashamed of when it happens.  As a community, we expect committers to
+recognize and address mistakes as soon as possible.
+
+Some mistakes can directly affect all users---for instance because they
+make @command{guix pull} fail or break core functionality, because they
+break major packages (at build time or run time), or because they
+introduce known security vulnerabilities.
+
+@cindex reverting commits
+The person who pushed the faulty commit(s) should be at the forefront to
+address such an issue in a timely fashion: by pushing a followup commit
+to fix it (if possible), or by reverting it to leave time to come up
+with a proper fix, and by communicating with other developers about the
+problem.
+
+If the committer is unavailable to address the issue in time, other
+committers are entitled to revert the offending commit(s), explaining in
+the commit log and on the mailing list what the problem was, with the
+goal of leaving time to the original committer and author(s) to propose
+a way forward.
+
+The Guix project values friendly cooperation and a constant effort to
+focus on the way forward when issues arise.  Committers should lead by
+example, notably as a way to encourage contributors and contributors to
+be.  Blame as well as defensiveness do not have their place in Guix when
+addressing genuine mistakes.
+
 @subsection Commit Revocation
 
 In order to reduce the possibility of mistakes, committers will have
-- 
2.31.1

Ludovic Courtès wrote on 27 May 2021 14:35

[PATCH 3/3] doc: Explain more reasons for commit revocation.

Recipients:(address . 48696@debbugs.gnu.org)(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:20210527123554.4267-3-ludo@gnu.org

* doc/contributing.texi (Commit Revocation): Expound.

---

doc/contributing.texi | 21 +++++++++++++++++++++

1 file changed, 21 insertions(+)

Toggle diff (34 lines)diff --git a/doc/contributing.texi b/doc/contributing.texi
index 8308551261..ec649c8e13 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -1444,6 +1444,27 @@ key removed from @file{.guix-authorizations} after 12 months of
 inactivity; they can ask to regain commit access by emailing the
 maintainers, without going through the vouching process.
 
+Maintainers@footnote{See @uref{https://guix.gnu.org/en/about} for the
+current list of maintainers.  You can email them privately at
+@email{guix-maintainers@@gnu.org}.} may also revoke an individual's
+commit rights, as a last resort, if cooperation with the rest of the
+community has caused too much friction---even within the bounds of the
+project's code of conduct (@pxref{Contributing}).  They would only do so
+after public or private discussion with the individual and a clear
+notice.  Examples of behavior that hinders cooperation and could lead to
+such a decision include:
+
+@itemize
+@item repeated violation of the commit policy stated above;
+@item repeated failure to take peer criticism into account;
+@item breaching trust through a series of grave incidents.
+@end itemize
+
+When maintainers resort to such a decision, they notify developers on
+@email{guix-devel@@gnu.org}; inquiries may be sent to
+@email{guix-maintainers@@gnu.org}.  Depending on the situation, the
+individual may still be welcome to contribute.
+
 @subsection Helping Out
 
 One last thing: the project keeps moving forward because committers not
-- 
2.31.1

Julien Lepiller wrote on 27 May 2021 15:55

Re: [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section.

Recipients:

Message-ID:8FB0AFE9-B53B-42F7-8635-D6B4DA763FC3@lepiller.eu

Le 27 mai 2021 08:35:52 GMT-04:00, "Ludovic Courtès" <ludo@gnu.org> a écrit :

Toggle quote (56 lines)>* doc/contributing.texi (Commit Access): Add introduction and section
>heading.  Separate OpenPGP setup from commit policy.
>---
> doc/contributing.texi | 59 ++++++++++++++++++++++++++++---------------
> 1 file changed, 38 insertions(+), 21 deletions(-)
>
>diff --git a/doc/contributing.texi b/doc/contributing.texi
>index cfcae22502..7dc912b4de 100644
>--- a/doc/contributing.texi
>+++ b/doc/contributing.texi
>@@ -1258,8 +1258,19 @@ this nifty tool!
> @section Commit Access
> 
> @cindex commit access, for developers
>-For frequent contributors, having write access to the repository is
>-convenient.  When you deem it necessary, consider applying for commit
>+Everyone can contribute to Guix without having commit access
>+(@pxref{Submitting Patches}).  However, for frequent contributors,
>+having write access to the repository can be convenient.  Commit
>access
>+should not be thought of as a ``badge of honor'' but rather as a
>+responsibility a contributor is willing to take to help the project.
>+
>+The following sections explain how to get commit access, how to be
>ready
>+to push commits, and the policies and community expectations for
>commits
>+pushed upstream.
>+
>+@subsection Applying for Commit Access
>+
>+When you deem it necessary, consider applying for commit
> access by following these steps:
> 
> @enumerate
>@@ -1331,6 +1342,27 @@ review and merging system, which, as a
>consequence, may lead us to have
> fewer people with commit access to the main repository.  Stay tuned!
> @end quotation
> 
>+All commits that are pushed to the central repository on Savannah must
>+be signed with an OpenPGP key, and the public key should be uploaded
>to
>+your user account on Savannah and to public key servers, such as
>+@code{keys.openpgp.org}.  To configure Git to automatically sign
>+commits, run:
>+
>+@example
>+git config commit.gpgsign true
>+git config user.signingkey CABBA6EA1DC0FF33
>+@end example
>+
>+You can prevent yourself from accidentally pushing unsigned commits to
>+Savannah by using the pre-push Git hook called located at
>+@file{etc/git/pre-push}:

This sentence sounds weird. Isn't "called" superfluous?

Toggle quote (56 lines)>+
>+@example
>+cp etc/git/pre-push .git/hooks/pre-push
>+@end example
>+
>+@subsection Commit Policy
>+
> If you get commit access, please make sure to follow
> the policy below (discussions of the policy can take place on
> @email{guix-devel@@gnu.org}).
>@@ -1349,25 +1381,6 @@ mailing list for commit notifications
>(@email{guix-commits@@gnu.org}),
> so people can notice.  Before pushing your changes, make sure to run
> @code{git pull --rebase}.
> 
>-All commits that are pushed to the central repository on Savannah must
>-be signed with an OpenPGP key, and the public key should be uploaded
>to
>-your user account on Savannah and to public key servers, such as
>-@code{keys.openpgp.org}.  To configure Git to automatically sign
>-commits, run:
>-
>-@example
>-git config commit.gpgsign true
>-git config user.signingkey CABBA6EA1DC0FF33
>-@end example
>-
>-You can prevent yourself from accidentally pushing unsigned commits to
>-Savannah by using the pre-push Git hook called located at
>-@file{etc/git/pre-push}:
>-
>-@example
>-cp etc/git/pre-push .git/hooks/pre-push
>-@end example
>-
> When pushing a commit on behalf of somebody else, please add a
> @code{Signed-off-by} line at the end of the commit log message---e.g.,
> with @command{git am --signoff}.  This improves tracking of who did
>@@ -1389,12 +1402,16 @@ you're confident, it's OK to commit.
>That last part is subject to being adjusted, allowing individuals to
>commit
> directly on non-controversial changes on parts they’re familiar with.
> 
>+@subsection Commit Revocation
>+
> In order to reduce the possibility of mistakes, committers will have
>their Savannah account removed from the Guix Savannah project and their
> key removed from @file{.guix-authorizations} after 12 months of
> inactivity; they can ask to regain commit access by emailing the
> maintainers, without going through the vouching process.
> 
>+@subsection Helping Out
>+
>One last thing: the project keeps moving forward because committers not
> only push their own awesome changes, but also offer some of their time
> @emph{reviewing} and pushing other people's changes.  As a committer,

Leo Famulari wrote on 27 May 2021 16:16

Re: [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 48696@debbugs.gnu.org)

Message-ID:YK+pvNseB4Oc05Qc@jasmine.lan

On Thu, May 27, 2021 at 02:32:59PM +0200, Ludovic Courtès wrote:

Toggle quote (18 lines)> Hello Guix!
> 
> Attached is an attempt to:
> 
>   1. Structure the “Commit Access” section of the manual;
> 
>   2. Document how to address committers’ mistakes, when to revert
>      commits;
> 
>   3. Explain under what circumstances maintainers may revoke commit
>      rights.
> 
> It essentially codifies unwritten rules, but as always, I think it’s
> better to be explicit about the rules and community expectations.
> 
> Let me know what you think!  I propose to leave a comment period
> of at least one week, possibly iterating with new versions.

Thanks for putting this together. It looks good to me!

Maxime Devos wrote on 27 May 2021 21:10

Re: [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section.

Recipients:

Message-ID:53c9218bbf5b72e0b159014e424aeb8782d4d457.camel@telenet.be

Ludovic Courtès schreef op do 27-05-2021 om 14:35 [+0200]:

Toggle quote (11 lines)> +All commits that are pushed to the central repository on Savannah must
> +be signed with an OpenPGP key, and the public key should be uploaded to
> +your user account on Savannah and to public key servers, such as
> +@code{keys.openpgp.org}.  To configure Git to automatically sign
> +commits, run:
> +
> +@example
> +git config commit.gpgsign true
> +git config user.signingkey CABBA6EA1DC0FF33
> +@end example

Is that meant to represent ‘cabbage and coffee’ in l33t?

Maybe replace this with something like

+@example

Toggle quote (5 lines)

> +git config commit.gpgsign true

> +# Substitute the fingerprint of your public PGP key

> +git config user.signingkey CABBA6EA1DC0FF33

> +@end example

Basic, I know, but people have to learn the basics from

somewhere, so maybe best be explicit here.

Toggle quote (2 lines)

> + [... some newlines after @section{...} ]

These extra newlines could go directly into 'master' I guess.

The rest of [PATCH 1/3] seems ok to me?

Greetings,

Maxime.

-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYK/ujRccbWF4aW1lZGV2

b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7jmZAQD7TBUVWashoIa/4RIpvybic5d5

ijDr/rwVbqww95XoCgD+KNwzET8g3Dw9rsMSmO+g5wS3mmvf0KVNSdPPYQlOTwM=

=FryL

-----END PGP SIGNATURE-----

Maxime Devos wrote on 27 May 2021 21:13

Re: [bug#48696] [PATCH 3/3] doc: Explain more reasons for commit revocation.

Recipients:

Message-ID:1e92fa266926fc0bba560f9775727e518f8f9a9e.camel@telenet.be

PATCH 2/3 and PATCH 3/3 also seem good to me.

Greetings,

Maxime.

-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYK/vSBccbWF4aW1lZGV2

b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7ggfAP9eO0a/rRsugyGa2W7KVI7VTrOt

njXQUh5O6bD4jlf2xwD/bdy/h2XHO/CB01P6j03dZjS0Y/aRFmloRJCYPqTT5QM=

=MDbW

-----END PGP SIGNATURE-----

Christopher Baines wrote on 27 May 2021 21:19

Re: [bug#48696] [PATCH 2/3] doc: Add "Addressing Mistakes" section.

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 48696@debbugs.gnu.org)

Message-ID:87y2c0f0i4.fsf@cbaines.net

Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (47 lines)> * doc/contributing.texi (Addressing Mistakes): New section.
> ---
>  doc/contributing.texi | 34 ++++++++++++++++++++++++++++++++++
>  1 file changed, 34 insertions(+)
>
> diff --git a/doc/contributing.texi b/doc/contributing.texi
> index 7dc912b4de..8308551261 100644
> --- a/doc/contributing.texi
> +++ b/doc/contributing.texi
> @@ -1402,6 +1402,40 @@ you're confident, it's OK to commit.
>  That last part is subject to being adjusted, allowing individuals to commit
>  directly on non-controversial changes on parts they’re familiar with.
>  
> +@subsection Addressing Mistakes
> +
> +We all make mistakes.  We expect peer review (@pxref{Submitting
> +Patches}) and tools such as @command{guix lint} (@pxref{Invoking guix
> +lint}) and the test suite (@pxref{Running the Test Suite}) to catch
> +issues before they are pushed; yet, mistakes might go through---that
> +happens to both newcomers and old-timers, and there is nothing to be
> +ashamed of when it happens.  As a community, we expect committers to
> +recognize and address mistakes as soon as possible.
> +
> +Some mistakes can directly affect all users---for instance because they
> +make @command{guix pull} fail or break core functionality, because they
> +break major packages (at build time or run time), or because they
> +introduce known security vulnerabilities.
> +
> +@cindex reverting commits
> +The person who pushed the faulty commit(s) should be at the forefront to
> +address such an issue in a timely fashion: by pushing a followup commit
> +to fix it (if possible), or by reverting it to leave time to come up
> +with a proper fix, and by communicating with other developers about the
> +problem.
> +
> +If the committer is unavailable to address the issue in time, other
> +committers are entitled to revert the offending commit(s), explaining in
> +the commit log and on the mailing list what the problem was, with the
> +goal of leaving time to the original committer and author(s) to propose
> +a way forward.
> +
> +The Guix project values friendly cooperation and a constant effort to
> +focus on the way forward when issues arise.  Committers should lead by
> +example, notably as a way to encourage contributors and contributors to
> +be.  Blame as well as defensiveness do not have their place in Guix when
> +addressing genuine mistakes.

I too would like to see less blame, but one factor is how things are
framed and the language used.

On the language here, "mistake" is a word I would generally avoid if the
aim is avoid blaming someone, since mistakes are made by a person or set
of people. I'd prefer a term like "problem", since I don't perceieve
that as directly linked to a person or set of people.

On the bit about the "person who pushed the faulty commits" (so, person
to blame...) I'd much prefer an emphisis on group responsibility to
mitigate the impact of problems quickly, and understand the factors that
led to that problems in the first place. That avoids assigning blame,
rather than the process pushing responsibility to the person to blame
("person who pushed the faulty commit(s)").

On this same thread, I'd like to see less blaming in the form of asking
people to "explain". When there's a problem, and you ask someone to
explain, I would interpret that as "I'm blaming you for this, please
give your account of how the mistake was made", to which the person can
either answer explaining the details as to why they are to blame, or can
disagree with the implicit assertion that they are to blame. To avoid
assigning blame, one can just ask someone to "describe" what happened,
which I wouldn't interpret as being loaded with the same implicit
assertion.

Christopher Baines wrote on 27 May 2021 22:07

Re: [bug#48696] [PATCH 3/3] doc: Explain more reasons for commit revocation.

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 48696@debbugs.gnu.org)

Message-ID:87v974ey8y.fsf@cbaines.net

Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (38 lines)> * doc/contributing.texi (Commit Revocation): Expound.
> ---
>  doc/contributing.texi | 21 +++++++++++++++++++++
>  1 file changed, 21 insertions(+)
>
> diff --git a/doc/contributing.texi b/doc/contributing.texi
> index 8308551261..ec649c8e13 100644
> --- a/doc/contributing.texi
> +++ b/doc/contributing.texi
> @@ -1444,6 +1444,27 @@ key removed from @file{.guix-authorizations} after 12 months of
>  inactivity; they can ask to regain commit access by emailing the
>  maintainers, without going through the vouching process.
>
> +Maintainers@footnote{See @uref{https://guix.gnu.org/en/about} for the
> +current list of maintainers.  You can email them privately at
> +@email{guix-maintainers@@gnu.org}.} may also revoke an individual's
> +commit rights, as a last resort, if cooperation with the rest of the
> +community has caused too much friction---even within the bounds of the
> +project's code of conduct (@pxref{Contributing}).  They would only do so
> +after public or private discussion with the individual and a clear
> +notice.  Examples of behavior that hinders cooperation and could lead to
> +such a decision include:
> +
> +@itemize
> +@item repeated violation of the commit policy stated above;
> +@item repeated failure to take peer criticism into account;
> +@item breaching trust through a series of grave incidents.
> +@end itemize
> +
> +When maintainers resort to such a decision, they notify developers on
> +@email{guix-devel@@gnu.org}; inquiries may be sent to
> +@email{guix-maintainers@@gnu.org}.  Depending on the situation, the
> +individual may still be welcome to contribute.
> +
>  @subsection Helping Out
>
>  One last thing: the project keeps moving forward because committers not

Since the project code of conduct sets out behavioural standards,

including mandating "Gracefully accepting constructive criticism" and

"Showing empathy towards other community members", I think that combined

with "following the relevant processes" already covers what you're

setting out here?

I was shocked by [1], which from memory is the first time a technical

measure has been used to push a contributor away from the project (at

least that's my interpretation of the effect/intent). I think the future

use of revoking individuals commit access would be good to discuss.

1: https://lists.gnu.org/archive/html/guix-devel/2021-04/msg00489.html

In abstract, in my opinion, I can only think of three scenarios for

removing someones commit access when they're actively using it:

- Clear violation of the code of conduct

I don't think it's helpful to set out stuff about conduct in other

places, particularly bits about unacceptable conduct. If the code of

conduct is wrong or not sufficient, it should be revised.

- Suspected malicious intent

Like they didn't just introduce some reference to some dodgy release

tarball for a package, but it seems like this could have been done

intentionally.

- Process problem for giving out commit access

There's a process and people involved, so it's fair to say that

problems can occur. Obviously it's not ideal, but if the process

wasn't followed correctly, or if it's been updated and in hindsight

different decisions would have been made, I think that's reason

enough to apologise, and remove someones commit access.

Ludovic Courtès wrote on 29 May 2021 11:30

Re: [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section.

Recipients:(address . 48696@debbugs.gnu.org)

Message-ID:878s3xhopf.fsf@gnu.org

Hi Julien & Maxime,

Julien Lepiller <julien@lepiller.eu> skribis:

Toggle quote (11 lines)>>+@example
>>+git config commit.gpgsign true
>>+git config user.signingkey CABBA6EA1DC0FF33
>>+@end example
>>+
>>+You can prevent yourself from accidentally pushing unsigned commits to
>>+Savannah by using the pre-push Git hook called located at
>>+@file{etc/git/pre-push}:
>
> This sentence sounds weird. Isn't "called" superfluous?

[...]

Toggle quote (17 lines)>> +@example
>> +git config commit.gpgsign true
>> +git config user.signingkey CABBA6EA1DC0FF33
>> +@end example
>
> Is that meant to represent ‘cabbage and coffee’ in l33t?
> Maybe replace this with something like
>
> +@example
>> +git config commit.gpgsign true
>> +# Substitute the fingerprint of your public PGP key
>> +git config user.signingkey CABBA6EA1DC0FF33
>> +@end example
>
> Basic, I know, but people have to learn the basics from
> somewhere, so maybe best be explicit here.

Yes, that makes sense to me.

Note that this text is not new, the patch merely shuffles it around.

But I agree, I’ll address the two issues above once we’ve agreed on the

rest.

Toggle quote (5 lines)

>> + [... some newlines after @section{...} ]

> These extra newlines could go directly into 'master' I guess.

> The rest of [PATCH 1/3] seems ok to me?

I don’t know. :-)

Patch #1 just moves text around and adds sectioning.

BTW, the whole patch series targets ‘master’ (there’s no point in

documenting our procedures in a branch other than ‘master’).

Thanks,

Ludo’.

Ludovic Courtès wrote on 29 May 2021 11:58

Re: [bug#48696] [PATCH 3/3] doc: Explain more reasons for commit revocation.

Recipients:(name . Christopher Baines)(address . mail@cbaines.net)(address . 48696@debbugs.gnu.org)

Message-ID:87k0nhg8uh.fsf@gnu.org

Christopher Baines <mail@cbaines.net> skribis:

Toggle quote (2 lines)

> Ludovic Courtès <ludo@gnu.org> writes:

[...]

Toggle quote (16 lines)>> +Maintainers@footnote{See @uref{https://guix.gnu.org/en/about}for the
>> +current list of maintainers.  You can email them privately at
>> +@email{guix-maintainers@@gnu.org}.} may also revoke an individual's
>> +commit rights, as a last resort, if cooperation with the rest of the
>> +community has caused too much friction---even within the bounds of the
>> +project's code of conduct (@pxref{Contributing}).  They would only do so
>> +after public or private discussion with the individual and a clear
>> +notice.  Examples of behavior that hinders cooperation and could lead to
>> +such a decision include:
>> +
>> +@itemize
>> +@item repeated violation of the commit policy stated above;
>> +@item repeated failure to take peer criticism into account;
>> +@item breaching trust through a series of grave incidents.
>> +@end itemize

[...]

Toggle quote (6 lines)

> Since the project code of conduct sets out behavioural standards,

> including mandating "Gracefully accepting constructive criticism" and

> "Showing empathy towards other community members", I think that combined

> with "following the relevant processes" already covers what you're

> setting out here?

Note that the code of conduct does not “mandate” gracefully accepting

constructive criticism; it merely gives it as an example of expected

behavior.

Toggle quote (7 lines)

> I was shocked by [1], which from memory is the first time a technical

> measure has been used to push a contributor away from the project (at

> least that's my interpretation of the effect/intent). I think the future

> use of revoking individuals commit access would be good to discuss.

> 1: https://lists.gnu.org/archive/html/guix-devel/2021-04/msg00489.html

Yes, it was the first time; it was a tough decision for us

co-maintainers because it was a last resort we were not prepared for.

Part of the reason for this patch is to document this possibility so we

all know what to expect.

Toggle quote (5 lines)

> In abstract, in my opinion, I can only think of three scenarios for

> removing someones commit access when they're actively using it:

> - Clear violation of the code of conduct

Yes, that’s already covered by the code of conduct.

The section above is explicitly about cases where the individual did not

violate the code of conduct (hence “even within the bounds of the

project's code of conduct” in the text above), but instead broke

community expectations.

Toggle quote (2 lines)

> - Suspected malicious intent

Put this way, the question becomes who is suspecting that. Instead I

wrote “breaching trust” in the bullet list above; the intent is to

describe a situation where the individual and other committers no longer

trust each other, there’s no judgment involved.

Toggle quote (2 lines)

> - Process problem for giving out commit access

The process for giving commit access is already documented (info "(guix)

Commit Access"); my intent here was not to change it.

Thanks,

Ludo’.

Ludovic Courtès wrote on 29 May 2021 12:22

Re: [bug#48696] [PATCH 2/3] doc: Add "Addressing Mistakes" section.

Recipients:(name . Christopher Baines)(address . mail@cbaines.net)(address . 48696@debbugs.gnu.org)

Message-ID:87eedpet69.fsf@gnu.org

Hi Chris,

Christopher Baines <mail@cbaines.net> skribis:

Toggle quote (2 lines)

> Ludovic Courtès <ludo@gnu.org> writes:

[...]

Toggle quote (9 lines)

>> +The Guix project values friendly cooperation and a constant effort to

>> +focus on the way forward when issues arise. Committers should lead by

>> +example, notably as a way to encourage contributors and contributors to

>> +be. Blame as well as defensiveness do not have their place in Guix when

>> +addressing genuine mistakes.

> I too would like to see less blame, but one factor is how things are

> framed and the language used.

Point taken!

Toggle quote (12 lines)> On the language here, "mistake" is a word I would generally avoid if the
> aim is avoid blaming someone, since mistakes are made by a person or set
> of people. I'd prefer a term like "problem", since I don't perceieve
> that as directly linked to a person or set of people.
>
> On the bit about the "person who pushed the faulty commits" (so, person
> to blame...) I'd much prefer an emphisis on group responsibility to
> mitigate the impact of problems quickly, and understand the factors that
> led to that problems in the first place. That avoids assigning blame,
> rather than the process pushing responsibility to the person to blame
> ("person who pushed the faulty commit(s)").

I get what you say and very much like the idea of focusing on group

responsibility.

There’s blame, and there’s accountability. I see group responsibility

in setting up processes and carrying out proper peer review to avoid

problems. I see accountability when it comes to commits actually

pushed—in the end, it’s one person running ‘git push’. In my view,

“mistake” can be a way to name a “problem” that someone created and is

accountable for (Jelle wrote a nice message on this topic a while back).

This is getting a bit philosophical though, and I’m not sure my

understanding of English is good enough to go any further. :-)

I think you have a point though. Could you propose different wording

for this section?

(My goal for this section was to (1) spell out circumstances that may

lead to reverts, (2) explain the implications of committer

accountability, and (3) define our community standards in terms of

focusing on addressing issues and not on blaming individuals.)

Toggle quote (10 lines)> On this same thread, I'd like to see less blaming in the form of asking
> people to "explain". When there's a problem, and you ask someone to
> explain, I would interpret that as "I'm blaming you for this, please
> give your account of how the mistake was made", to which the person can
> either answer explaining the details as to why they are to blame, or can
> disagree with the implicit assertion that they are to blame. To avoid
> assigning blame, one can just ask someone to "describe" what happened,
> which I wouldn't interpret as being loaded with the same implicit
> assertion.

I agree with what you write in general, though my understanding is that

you’re not referring to the text in this patch, right?

Thanks for your feedback,

Ludo’.

Christopher Baines wrote on 29 May 2021 13:28

Re: [bug#48696] [PATCH 3/3] doc: Explain more reasons for commit revocation.

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 48696@debbugs.gnu.org)

Message-ID:87sg25g4ni.fsf@cbaines.net

Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (34 lines)> Christopher Baines <mail@cbaines.net> skribis:
>
>> Ludovic Courtès <ludo@gnu.org> writes:
>
> [...]
>
>>> +Maintainers@footnote{See @uref{https://guix.gnu.org/en/about} for the
>>> +current list of maintainers.  You can email them privately at
>>> +@email{guix-maintainers@@gnu.org}.} may also revoke an individual's
>>> +commit rights, as a last resort, if cooperation with the rest of the
>>> +community has caused too much friction---even within the bounds of the
>>> +project's code of conduct (@pxref{Contributing}).  They would only do so
>>> +after public or private discussion with the individual and a clear
>>> +notice.  Examples of behavior that hinders cooperation and could lead to
>>> +such a decision include:
>>> +
>>> +@itemize
>>> +@item repeated violation of the commit policy stated above;
>>> +@item repeated failure to take peer criticism into account;
>>> +@item breaching trust through a series of grave incidents.
>>> +@end itemize
>
> [...]
>
>> Since the project code of conduct sets out behavioural standards,
>> including mandating "Gracefully accepting constructive criticism" and
>> "Showing empathy towards other community members", I think that combined
>> with "following the relevant processes" already covers what you're
>> setting out here?
>
> Note that the code of conduct does not “mandate” gracefully accepting
> constructive criticism; it merely gives it as an example of expected
> behavior.

Yeah, maybe you're right. While there's a pledge regarding harassment,

and the example behaviours are given in a section titled "Standards",

the example behaviours are called that, examples.

Toggle quote (12 lines)>> In abstract, in my opinion, I can only think of three scenarios for
>> removing someones commit access when they're actively using it:
>>
>> - Clear violation of the code of conduct
>
> Yes, that’s already covered by the code of conduct.
>
> The section above is explicitly about cases where the individual did not
> violate the code of conduct (hence “even within the bounds of the
> project's code of conduct” in the text above), but instead broke
> community expectations.

I'd like to say that the code of conduct should encapsulate community

expectations, but it does seem just to set out a strong position on

harassment, and I would like to think that the community expectations

are more than just making sure people feel that they're not being

harassed.

Is your intent here for "community expectations" to be/remain abstract,

or for them to be explicitly set out somewhere?

Toggle quote (7 lines)

>> - Suspected malicious intent

> Put this way, the question becomes who is suspecting that. Instead I

> wrote “breaching trust” in the bullet list above; the intent is to

> describe a situation where the individual and other committers no longer

> trust each other, there’s no judgment involved.

I think the "who" here would be the people looking at removing someones

commit access.

I like this framing because it's more specific than "breaching trust

through a series of grave incidents". Do you have other things in mind

that this third point as you put it would cover?

Toggle quote (5 lines)

>> - Process problem for giving out commit access

> The process for giving commit access is already documented (info "(guix)

> Commit Access"); my intent here was not to change it.

My point here is just that I think it's reasonable to remove someones
commit access if it was effectively given out in error (because the
process wasn't followed properly, or has been since revised).

Ludovic Courtès wrote on 29 May 2021 22:36

Recipients:(name . Christopher Baines)(address . mail@cbaines.net)(address . 48696@debbugs.gnu.org)

Message-ID:87lf7x5lb5.fsf@gnu.org

Hello!

Christopher Baines <mail@cbaines.net> skribis:

Toggle quote (2 lines)

> Ludovic Courtès <ludo@gnu.org> writes:

[...]

Toggle quote (11 lines)>> The section above is explicitly about cases where the individual did not
>> violate the code of conduct (hence “even within the bounds of the
>> project's code of conduct” in the text above), but instead broke
>> community expectations.
>
> I'd like to say that the code of conduct should encapsulate community
> expectations, but it does seem just to set out a strong position on
> harassment, and I would like to think that the community expectations
> are more than just making sure people feel that they're not being
> harassed.

Yes, that’s what the code of conduct is about, mostly.  It does not say
how a development community should cooperate, how it can maximize
benefits for everyone involved.  I found this article by a Rust
developer inspiring:
https://aturon.github.io/tech/2018/06/02/listening-part-2/.

Toggle quote (3 lines)

> Is your intent here for "community expectations" to be/remain abstract,

> or for them to be explicitly set out somewhere?

My intent with this patch is to spell out expectations for committers,

with a concrete implementation. It’s one particular aspect of

“community expectations”, but one that I think ought to be written down,

because committers (and maintainers) have a higher responsibility.

Toggle quote (10 lines)>>> - Suspected malicious intent
>>
>> Put this way, the question becomes who is suspecting that.  Instead I
>> wrote “breaching trust” in the bullet list above; the intent is to
>> describe a situation where the individual and other committers no longer
>> trust each other, there’s no judgment involved.
>
> I think the "who" here would be the people looking at removing someones
> commit access.

Removing someone’s commit access can never be a goal. However,

maintainers, like everyone else, can witness a breach of trust at some

point.

Toggle quote (4 lines)

> I like this framing because it's more specific than "breaching trust

> through a series of grave incidents". Do you have other things in mind

> that this third point as you put it would cover?

If repeated incidents happen, some may presume malice, while others may
still see “mere mistakes”—we have different thresholds.  Breach of trust
concerns the group as a whole: once there’s mutual suspicion among some
in the group, we can say that cooperation “doesn’t work” anymore, that
there’s too much friction.

Toggle quote (9 lines)

>>> - Process problem for giving out commit access

>> The process for giving commit access is already documented (info "(guix)

>> Commit Access"); my intent here was not to change it.

> My point here is just that I think it's reasonable to remove someones

> commit access if it was effectively given out in error (because the

> process wasn't followed properly, or has been since revised).

Oh, got it.  To me it’s implicit that commit access can only be obtained
by following the documented process (that’s indeed be the case since
it’s in place); do you think we should be more explicit?

Thanks,
Ludo’.

Christopher Baines wrote on 30 May 2021 12:29

Re: [bug#48696] [PATCH 2/3] doc: Add "Addressing Mistakes" section.

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 48696@debbugs.gnu.org)

Message-ID:87k0ngfra8.fsf@cbaines.net

Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (43 lines)> Hi Chris,
>
> Christopher Baines <mail@cbaines.net> skribis:
>
>> Ludovic Courtès <ludo@gnu.org> writes:
>
> [...]
>
>>> +The Guix project values friendly cooperation and a constant effort to
>>> +focus on the way forward when issues arise.  Committers should lead by
>>> +example, notably as a way to encourage contributors and contributors to
>>> +be.  Blame as well as defensiveness do not have their place in Guix when
>>> +addressing genuine mistakes.
>>
>> I too would like to see less blame, but one factor is how things are
>> framed and the language used.
>
> Point taken!
>
>> On the language here, "mistake" is a word I would generally avoid if the
>> aim is avoid blaming someone, since mistakes are made by a person or set
>> of people. I'd prefer a term like "problem", since I don't perceieve
>> that as directly linked to a person or set of people.
>>
>> On the bit about the "person who pushed the faulty commits" (so, person
>> to blame...) I'd much prefer an emphisis on group responsibility to
>> mitigate the impact of problems quickly, and understand the factors that
>> led to that problems in the first place. That avoids assigning blame,
>> rather than the process pushing responsibility to the person to blame
>> ("person who pushed the faulty commit(s)").
>
> I get what you say and very much like the idea of focusing on group
> responsibility.
>
> There’s blame, and there’s accountability.  I see group responsibility
> in setting up processes and carrying out proper peer review to avoid
> problems.  I see accountability when it comes to commits actually
> pushed—in the end, it’s one person running ‘git push’.  In my view,
> “mistake” can be a way to name a “problem” that someone created and is
> accountable for (Jelle wrote a nice message on this topic a while back).
> This is getting a bit philosophical though, and I’m not sure my
> understanding of English is good enough to go any further.  :-)

I guess part of what I'm getting at here is using language and the

perspective to try and delay that inference about individual

accountability, until the discussion around a problem has reached a

clear conclusion about what happened.

In doing so, opportunity is left open to actually consider the full

situation, rather than immediately narrowing it down to what a

particular individual or group did or didn't do.

Toggle quote (8 lines)

> I think you have a point though. Could you propose different wording

> for this section?

> (My goal for this section was to (1) spell out circumstances that may

> lead to reverts, (2) explain the implications of committer

> accountability, and (3) define our community standards in terms of

> focusing on addressing issues and not on blaming individuals.)

What I would like to see is more like this:

  Problems happen, while minimising there occurrence is important, it's
  also important to respond to problems in a useful way. There are two
  priorities, mitigating the impact and understanding what happened in
  order to reduce the chance of similar incidents in the future. The
  responsibility for both these things primarily lies with those
  involved, but like everything this is a group effort.

  When working to mitigate the impact of a problem, obviously the
  response is very much dependent on the situation. If it's possible to
  fix things that are broken, that's preferable. If that's infeasible,
  then promptly reverting changes to return to a working state is
  justified (as with any commit, note why the change is being made in
  the commit message).

  Once the problem has been dealt with to some extent, then it's the
  responsibility of those involved to make sure the situation is
  understood. If you are working to understand what happened, focus on
  gathering information and avoid assigning any blame. Do ask those
  involved to describe what has happened, don't ask them to explain the
  situation, even if you think they have something to explain, as this
  implicitly blames them, which is unhelpful. Accountability comes from
  a consensus about the problem, learning from it and improving
  processes so that it's less likely to reoccur.

I'm not sure how much needs saying about reverts, but I did include
something.

For committer accountability, that's where I'm talking about the
"responsibilities of those involved". I guess that's a little vague, but
what I'm trying to do there is trying to capture the group of relevant
people, for example, the person who proposed the breaking change, the
committer who pushed it, and the other person that reverted it.

In terms of trying to focus on addressing issues and not blaming
individuals, I think just avoiding language that implicitly blames
people would be a big step forward. Whether that's enough, I'm unsure.

Toggle quote (13 lines)>> On this same thread, I'd like to see less blaming in the form of asking
>> people to "explain". When there's a problem, and you ask someone to
>> explain, I would interpret that as "I'm blaming you for this, please
>> give your account of how the mistake was made", to which the person can
>> either answer explaining the details as to why they are to blame, or can
>> disagree with the implicit assertion that they are to blame. To avoid
>> assigning blame, one can just ask someone to "describe" what happened,
>> which I wouldn't interpret as being loaded with the same implicit
>> assertion.
>
> I agree with what you write in general, though my understanding is that
> you’re not referring to the text in this patch, right?

Yeah, although I think something to this effect might be worth

including.

Tobias Geerinckx-Rice wrote on 30 May 2021 14:49

Re: [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:87wnrgs7yb.fsf@nckx

Ludovic Courtès ???

Toggle quote (5 lines)

> It essentially codifies unwritten rules, but as always, I think

> it’s

> better to be explicit about the rules and community

> expectations.

Looks good to me modulo obvious typos like the ‘called’ pointed

out by Julien.

I *don't* think the text assigns too much potential blame.

Responsibility, yes.

Thanks Ludo'!

T G-R

-----BEGIN PGP SIGNATURE-----

iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCYLOJvA0cbWVAdG9iaWFz

LmdyAAoJEA2w/4hPVW15nCEBAJCQXqDsk05JSkMY5Fred19XhZQwFpu20IHhvGNx

VXIvAP9H4Rt8mIq04zTr4/q3XVnhh7Pqj1PYLu5Z1xd8aIL+DQ==

=ifZ8

-----END PGP SIGNATURE-----

Ludovic Courtès wrote on 2 Jun 2021 11:22

Re: bug#48696: [PATCH 0/3] Documenting commit reverts and revocation

Recipients:(name . Christopher Baines)(address . mail@cbaines.net)(address . 48696@debbugs.gnu.org)

Message-ID:87tumgwrhh.fsf_-_@gnu.org

Hi Chris,

Christopher Baines <mail@cbaines.net> skribis:

Toggle quote (2 lines)

> Ludovic Courtès <ludo@gnu.org> writes:

[...]

Toggle quote (47 lines)>> I think you have a point though.  Could you propose different wording
>> for this section?
>>
>> (My goal for this section was to (1) spell out circumstances that may
>> lead to reverts, (2) explain the implications of committer
>> accountability, and (3) define our community standards in terms of
>> focusing on addressing issues and not on blaming individuals.)
>
> What I would like to see is more like this:
>
>   Problems happen, while minimising there occurrence is important, it's
>   also important to respond to problems in a useful way. There are two
>   priorities, mitigating the impact and understanding what happened in
>   order to reduce the chance of similar incidents in the future. The
>   responsibility for both these things primarily lies with those
>   involved, but like everything this is a group effort.
>
>   When working to mitigate the impact of a problem, obviously the
>   response is very much dependent on the situation. If it's possible to
>   fix things that are broken, that's preferable. If that's infeasible,
>   then promptly reverting changes to return to a working state is
>   justified (as with any commit, note why the change is being made in
>   the commit message).
>
>   Once the problem has been dealt with to some extent, then it's the
>   responsibility of those involved to make sure the situation is
>   understood. If you are working to understand what happened, focus on
>   gathering information and avoid assigning any blame. Do ask those
>   involved to describe what has happened, don't ask them to explain the
>   situation, even if you think they have something to explain, as this
>   implicitly blames them, which is unhelpful. Accountability comes from
>   a consensus about the problem, learning from it and improving
>   processes so that it's less likely to reoccur.
>
> I'm not sure how much needs saying about reverts, but I did include
> something.
>
> For committer accountability, that's where I'm talking about the
> "responsibilities of those involved". I guess that's a little vague, but
> what I'm trying to do there is trying to capture the group of relevant
> people, for example, the person who proposed the breaking change, the
> committer who pushed it, and the other person that reverted it.
>
> In terms of trying to focus on addressing issues and not blaming
> individuals, I think just avoiding language that implicitly blames
> people would be a big step forward. Whether that's enough, I'm unsure.

OK.

I like what you wrote; I think it addresses #3 and a bit of #2 above,
but I find a bit too abstract, not sufficiently hands-on (when can
commits be reverted? what’s the timeframe? who’s involved?), and lacking
examples.  “Problems happen” sounds unspecific to me (it reminds me of
Forest Gump :-)) and I’m uncomfortable with the passive voice that tends
to erase individuals.

  @subsection Addressing Issues
  
  Peer review (@pxref{Submitting Patches}) and tools such as
  @command{guix lint} (@pxref{Invoking guix lint}) and the test suite
  (@pxref{Running the Test Suite}) should catch issues before they are
  pushed.  Yet, commits that ``break'' functionality might occasionally
  go through.  When that happens, there are two priorities: mitigating
  the impact, and understanding what happened to reduce the chance of
  similar incidents in the future.  The responsibility for both these
  things primarily lies with those involved, but like everything this is
  a group effort.
  
  Some issues can directly affect all users---for instance because they
  make @command{guix pull} fail or break core functionality, because they
  break major packages (at build time or run time), or because they
  introduce known security vulnerabilities.
  
  @cindex reverting commits
  The people involved in authoring, reviewing, and pushing such
  commit(s) should be at the forefront to mitigate their impact in a
  timely fashion: by pushing a followup commit to fix it (if possible),
  or by reverting it to leave time to come up with a proper fix, and by
  communicating with other developers about the problem.
  
  If these persons are unavailable to address the issue in time, other
  committers are entitled to revert the commit(s), explaining in the
  commit log and on the mailing list what the problem was, with the goal
  of leaving time to the original committer, reviewer(s), and author(s)
  to propose a way forward.
  
  Once the problem has been dealt with, it is the responsibility of
  those involved to make sure the situation is understood.  If you are
  working to understand what happened, focus on gathering information
  and avoid assigning any blame.  Do ask those involved to describe what
  happened, do not ask them to explain the situation---this would
  implicitly blame them, which is unhelpful.  Accountability comes from
  a consensus about the problem, learning from it and improving
  processes so that it's less likely to reoccur.

There’s still “the people involved”, “these persons”, and “such commits”
(I removed “faulty”), because I couldn’t think of a way of avoiding
these without making the text too abstract or dismissing the idea
entirely (the idea that if I push a breaking change, others can expect
me to be spend time “mitigating the effort”).

Also, I think it’s useful to distinguish between “I revert my commit”
and “someone reverts my commit” due to their different social and
emotional implications (our goal is precisely to suggest that these
implications are out of place in this group effort that Guix is, but we
can’t deny that they preexist).

WDYT?

Thanks for taking the time to work on it!

Ludo’.

Christopher Baines wrote on 8 Jun 2021 16:02

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 48696@debbugs.gnu.org)

Message-ID:87bl8gtpxk.fsf@cbaines.net

Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (81 lines)> Hi Chris,
>
> Christopher Baines <mail@cbaines.net> skribis:
>
>> Ludovic Courtès <ludo@gnu.org> writes:
>
> [...]
>
>>> I think you have a point though.  Could you propose different wording
>>> for this section?
>>>
>>> (My goal for this section was to (1) spell out circumstances that may
>>> lead to reverts, (2) explain the implications of committer
>>> accountability, and (3) define our community standards in terms of
>>> focusing on addressing issues and not on blaming individuals.)
>>
>> What I would like to see is more like this:
>>
>>   Problems happen, while minimising there occurrence is important, it's
>>   also important to respond to problems in a useful way. There are two
>>   priorities, mitigating the impact and understanding what happened in
>>   order to reduce the chance of similar incidents in the future. The
>>   responsibility for both these things primarily lies with those
>>   involved, but like everything this is a group effort.
>>
>>   When working to mitigate the impact of a problem, obviously the
>>   response is very much dependent on the situation. If it's possible to
>>   fix things that are broken, that's preferable. If that's infeasible,
>>   then promptly reverting changes to return to a working state is
>>   justified (as with any commit, note why the change is being made in
>>   the commit message).
>>
>>   Once the problem has been dealt with to some extent, then it's the
>>   responsibility of those involved to make sure the situation is
>>   understood. If you are working to understand what happened, focus on
>>   gathering information and avoid assigning any blame. Do ask those
>>   involved to describe what has happened, don't ask them to explain the
>>   situation, even if you think they have something to explain, as this
>>   implicitly blames them, which is unhelpful. Accountability comes from
>>   a consensus about the problem, learning from it and improving
>>   processes so that it's less likely to reoccur.
>>
>> I'm not sure how much needs saying about reverts, but I did include
>> something.
>>
>> For committer accountability, that's where I'm talking about the
>> "responsibilities of those involved". I guess that's a little vague, but
>> what I'm trying to do there is trying to capture the group of relevant
>> people, for example, the person who proposed the breaking change, the
>> committer who pushed it, and the other person that reverted it.
>>
>> In terms of trying to focus on addressing issues and not blaming
>> individuals, I think just avoiding language that implicitly blames
>> people would be a big step forward. Whether that's enough, I'm unsure.
>
> OK.
>
> I like what you wrote; I think it addresses #3 and a bit of #2 above,
> but I find a bit too abstract, not sufficiently hands-on (when can
> commits be reverted? what’s the timeframe? who’s involved?), and lacking
> examples.  “Problems happen” sounds unspecific to me (it reminds me of
> Forest Gump :-)) and I’m uncomfortable with the passive voice that tends
> to erase individuals.
>
>   @subsection Addressing Issues
>
>   Peer review (@pxref{Submitting Patches}) and tools such as
>   @command{guix lint} (@pxref{Invoking guix lint}) and the test suite
>   (@pxref{Running the Test Suite}) should catch issues before they are
>   pushed.  Yet, commits that ``break'' functionality might occasionally
>   go through.  When that happens, there are two priorities: mitigating
>   the impact, and understanding what happened to reduce the chance of
>   similar incidents in the future.  The responsibility for both these
>   things primarily lies with those involved, but like everything this is
>   a group effort.
>   
>   Some issues can directly affect all users---for instance because they
>   make @command{guix pull} fail or break core functionality, because they
>   break major packages (at build time or run time), or because they
>   introduce known security vulnerabilities.

I'm not sure what this paragraph is getting at?

In any case, for security vulnerabilities, to affect all users they

would also have to occur in major packages.

Toggle quote (36 lines)>   @cindex reverting commits
>   The people involved in authoring, reviewing, and pushing such
>   commit(s) should be at the forefront to mitigate their impact in a
>   timely fashion: by pushing a followup commit to fix it (if possible),
>   or by reverting it to leave time to come up with a proper fix, and by
>   communicating with other developers about the problem.
>   
>   If these persons are unavailable to address the issue in time, other
>   committers are entitled to revert the commit(s), explaining in the
>   commit log and on the mailing list what the problem was, with the goal
>   of leaving time to the original committer, reviewer(s), and author(s)
>   to propose a way forward.
>   
>   Once the problem has been dealt with, it is the responsibility of
>   those involved to make sure the situation is understood.  If you are
>   working to understand what happened, focus on gathering information
>   and avoid assigning any blame.  Do ask those involved to describe what
>   happened, do not ask them to explain the situation---this would
>   implicitly blame them, which is unhelpful.  Accountability comes from
>   a consensus about the problem, learning from it and improving
>   processes so that it's less likely to reoccur.
>
> There’s still “the people involved”, “these persons”, and “such commits”
> (I removed “faulty”), because I couldn’t think of a way of avoiding
> these without making the text too abstract or dismissing the idea
> entirely (the idea that if I push a breaking change, others can expect
> me to be spend time “mitigating the effort”).
>
> Also, I think it’s useful to distinguish between “I revert my commit”
> and “someone reverts my commit” due to their different social and
> emotional implications (our goal is precisely to suggest that these
> implications are out of place in this group effort that Guix is, but we
> can’t deny that they preexist).
>
> WDYT?

I think the above text looks good. As noted above, I'm unsure about the

second paragraph, but that's not a big issue.

Ludovic Courtès wrote on 11 Jun 2021 16:05

Recipients:(name . Christopher Baines)(address . mail@cbaines.net)(address . 48696@debbugs.gnu.org)

Message-ID:87lf7g7azx.fsf@gnu.org

Hi Chris,

Christopher Baines <mail@cbaines.net> skribis:

Toggle quote (2 lines)

> Ludovic Courtès <ludo@gnu.org> writes:

[...]

Toggle quote (19 lines)>>   @subsection Addressing Issues
>>
>>   Peer review (@pxref{Submitting Patches}) and tools such as
>>   @command{guix lint} (@pxref{Invoking guix lint}) and the test suite
>>   (@pxref{Running the Test Suite}) should catch issues before they are
>>   pushed.  Yet, commits that ``break'' functionality might occasionally
>>   go through.  When that happens, there are two priorities: mitigating
>>   the impact, and understanding what happened to reduce the chance of
>>   similar incidents in the future.  The responsibility for both these
>>   things primarily lies with those involved, but like everything this is
>>   a group effort.
>>   
>>   Some issues can directly affect all users---for instance because they
>>   make @command{guix pull} fail or break core functionality, because they
>>   break major packages (at build time or run time), or because they
>>   introduce known security vulnerabilities.
>
> I'm not sure what this paragraph is getting at?

It’s supposed to be provide concrete guidance to a committer wondering

whether they can/should/are entitled to revert a given commit.

Toggle quote (3 lines)

> In any case, for security vulnerabilities, to affect all users they

> would also have to occur in major packages.

Agreed. The word “known” is important here: if I remove *-CVE-*.patch,

or if I downgrade a package, I’m likely introducing a “known”

vulnerability; if I’m adding a new package that later happens to be

vulnerable, it’s not a “known” vulnerability (it’s just routine ;-)).

Toggle quote (3 lines)

> I think the above text looks good. As noted above, I'm unsure about the

> second paragraph, but that's not a big issue.

OK, thanks for taking the time to discuss it. I’ll send a v2 so

everyone gets a chance to chime in.

Ludo’.

Ludovic Courtès wrote on 13 Jun 2021 12:15

[PATCH v2 0/4] Documenting commit reverts and revocation

Recipients:(address . 48696@debbugs.gnu.org)(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:20210613101538.10668-1-ludo@gnu.org

Hi!

Changes since the initial version:

1. “Addressing Mistakes” section replaced by “Addressing Issues”

following suggestions by Chris Baines at

https://issues.guix.gnu.org/48696#17.

2. Fix typo and clarify Git commit signing instructions as

reported by Julien and Maxime (these were in pre-existing

text).

If there are no objections, I’d like to push within a couple of

days.

Thanks,

Ludo’.

Ludovic Courtès (4):

doc: Structure the "Commit Access" section.

doc: Add "Addressing Issues" section.

doc: Explain more reasons for commit revocation.

doc: Clarify Git commit signing; fix typo.

doc/contributing.texi | 121 ++++++++++++++++++++++++++++++++++--------

1 file changed, 100 insertions(+), 21 deletions(-)

2.32.0

Ludovic Courtès wrote on 13 Jun 2021 12:15

[PATCH v2 1/4] doc: Structure the "Commit Access" section.

Recipients:(address . 48696@debbugs.gnu.org)(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:20210613101538.10668-2-ludo@gnu.org

* doc/contributing.texi (Commit Access): Add introduction and section
heading.  Separate OpenPGP setup from commit policy.
---
 doc/contributing.texi | 59 ++++++++++++++++++++++++++++---------------
 1 file changed, 38 insertions(+), 21 deletions(-)

Toggle diff (99 lines)diff --git a/doc/contributing.texi b/doc/contributing.texi
index d67e632520..4ab489173b 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -1275,8 +1275,19 @@ this nifty tool!
 @section Commit Access
 
 @cindex commit access, for developers
-For frequent contributors, having write access to the repository is
-convenient.  When you deem it necessary, consider applying for commit
+Everyone can contribute to Guix without having commit access
+(@pxref{Submitting Patches}).  However, for frequent contributors,
+having write access to the repository can be convenient.  Commit access
+should not be thought of as a ``badge of honor'' but rather as a
+responsibility a contributor is willing to take to help the project.
+
+The following sections explain how to get commit access, how to be ready
+to push commits, and the policies and community expectations for commits
+pushed upstream.
+
+@subsection Applying for Commit Access
+
+When you deem it necessary, consider applying for commit
 access by following these steps:
 
 @enumerate
@@ -1348,6 +1359,27 @@ review and merging system, which, as a consequence, may lead us to have
 fewer people with commit access to the main repository.  Stay tuned!
 @end quotation
 
+All commits that are pushed to the central repository on Savannah must
+be signed with an OpenPGP key, and the public key should be uploaded to
+your user account on Savannah and to public key servers, such as
+@code{keys.openpgp.org}.  To configure Git to automatically sign
+commits, run:
+
+@example
+git config commit.gpgsign true
+git config user.signingkey CABBA6EA1DC0FF33
+@end example
+
+You can prevent yourself from accidentally pushing unsigned commits to
+Savannah by using the pre-push Git hook called located at
+@file{etc/git/pre-push}:
+
+@example
+cp etc/git/pre-push .git/hooks/pre-push
+@end example
+
+@subsection Commit Policy
+
 If you get commit access, please make sure to follow
 the policy below (discussions of the policy can take place on
 @email{guix-devel@@gnu.org}).
@@ -1366,25 +1398,6 @@ mailing list for commit notifications (@email{guix-commits@@gnu.org}),
 so people can notice.  Before pushing your changes, make sure to run
 @code{git pull --rebase}.
 
-All commits that are pushed to the central repository on Savannah must
-be signed with an OpenPGP key, and the public key should be uploaded to
-your user account on Savannah and to public key servers, such as
-@code{keys.openpgp.org}.  To configure Git to automatically sign
-commits, run:
-
-@example
-git config commit.gpgsign true
-git config user.signingkey CABBA6EA1DC0FF33
-@end example
-
-You can prevent yourself from accidentally pushing unsigned commits to
-Savannah by using the pre-push Git hook called located at
-@file{etc/git/pre-push}:
-
-@example
-cp etc/git/pre-push .git/hooks/pre-push
-@end example
-
 When pushing a commit on behalf of somebody else, please add a
 @code{Signed-off-by} line at the end of the commit log message---e.g.,
 with @command{git am --signoff}.  This improves tracking of who did
@@ -1406,12 +1419,16 @@ you're confident, it's OK to commit.
 That last part is subject to being adjusted, allowing individuals to commit
 directly on non-controversial changes on parts they’re familiar with.
 
+@subsection Commit Revocation
+
 In order to reduce the possibility of mistakes, committers will have
 their Savannah account removed from the Guix Savannah project and their
 key removed from @file{.guix-authorizations} after 12 months of
 inactivity; they can ask to regain commit access by emailing the
 maintainers, without going through the vouching process.
 
+@subsection Helping Out
+
 One last thing: the project keeps moving forward because committers not
 only push their own awesome changes, but also offer some of their time
 @emph{reviewing} and pushing other people's changes.  As a committer,
-- 
2.32.0

Ludovic Courtès wrote on 13 Jun 2021 12:15

[PATCH v2 3/4] doc: Explain more reasons for commit revocation.

Recipients:(address . 48696@debbugs.gnu.org)(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:20210613101538.10668-4-ludo@gnu.org

* doc/contributing.texi (Commit Revocation): Expound.

---

doc/contributing.texi | 21 +++++++++++++++++++++

1 file changed, 21 insertions(+)

Toggle diff (34 lines)diff --git a/doc/contributing.texi b/doc/contributing.texi
index 00962be11e..5e59278534 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -1466,6 +1466,27 @@ key removed from @file{.guix-authorizations} after 12 months of
 inactivity; they can ask to regain commit access by emailing the
 maintainers, without going through the vouching process.
 
+Maintainers@footnote{See @uref{https://guix.gnu.org/en/about} for the
+current list of maintainers.  You can email them privately at
+@email{guix-maintainers@@gnu.org}.} may also revoke an individual's
+commit rights, as a last resort, if cooperation with the rest of the
+community has caused too much friction---even within the bounds of the
+project's code of conduct (@pxref{Contributing}).  They would only do so
+after public or private discussion with the individual and a clear
+notice.  Examples of behavior that hinders cooperation and could lead to
+such a decision include:
+
+@itemize
+@item repeated violation of the commit policy stated above;
+@item repeated failure to take peer criticism into account;
+@item breaching trust through a series of grave incidents.
+@end itemize
+
+When maintainers resort to such a decision, they notify developers on
+@email{guix-devel@@gnu.org}; inquiries may be sent to
+@email{guix-maintainers@@gnu.org}.  Depending on the situation, the
+individual may still be welcome to contribute.
+
 @subsection Helping Out
 
 One last thing: the project keeps moving forward because committers not
-- 
2.32.0

Ludovic Courtès wrote on 13 Jun 2021 12:15

[PATCH v2 4/4] doc: Clarify Git commit signing; fix typo.

Recipients:(address . 48696@debbugs.gnu.org)(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:20210613101538.10668-5-ludo@gnu.org

Suggested by Maxime Devos <maximedevos@telenet.be>

and Julien Lepiller <julien@lepiller.eu>.

* doc/contributing.texi (Commit Access): Clarify Git commit signing

setup and fix typo.

---

doc/contributing.texi | 4 +++-

1 file changed, 3 insertions(+), 1 deletion(-)

Toggle diff (21 lines)diff --git a/doc/contributing.texi b/doc/contributing.texi
index 5e59278534..a8bc279936 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -1367,11 +1367,13 @@ commits, run:
 
 @example
 git config commit.gpgsign true
+
+# Substitute the fingerprint of your public PGP key.
 git config user.signingkey CABBA6EA1DC0FF33
 @end example
 
 You can prevent yourself from accidentally pushing unsigned commits to
-Savannah by using the pre-push Git hook called located at
+Savannah by using the pre-push Git hook located at
 @file{etc/git/pre-push}:
 
 @example
-- 
2.32.0

Ludovic Courtès wrote on 13 Jun 2021 12:15

[PATCH v2 2/4] doc: Add "Addressing Issues" section.

Recipients:(address . 48696@debbugs.gnu.org)

Message-ID:20210613101538.10668-3-ludo@gnu.org

* doc/contributing.texi (Addressing Mistakes): New section.

Co-authored-by: Christopher Baines <mail@cbaines.net>

---

doc/contributing.texi | 39 +++++++++++++++++++++++++++++++++++++++

1 file changed, 39 insertions(+)

Toggle diff (52 lines)diff --git a/doc/contributing.texi b/doc/contributing.texi
index 4ab489173b..00962be11e 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -1419,6 +1419,45 @@ you're confident, it's OK to commit.
 That last part is subject to being adjusted, allowing individuals to commit
 directly on non-controversial changes on parts they’re familiar with.
 
+@subsection Addressing Issues
+
+Peer review (@pxref{Submitting Patches}) and tools such as
+@command{guix lint} (@pxref{Invoking guix lint}) and the test suite
+(@pxref{Running the Test Suite}) should catch issues before they are
+pushed.  Yet, commits that ``break'' functionality might occasionally
+go through.  When that happens, there are two priorities: mitigating
+the impact, and understanding what happened to reduce the chance of
+similar incidents in the future.  The responsibility for both these
+things primarily lies with those involved, but like everything this is
+a group effort.
+
+Some issues can directly affect all users---for instance because they
+make @command{guix pull} fail or break core functionality, because they
+break major packages (at build time or run time), or because they
+introduce known security vulnerabilities.
+
+@cindex reverting commits
+The people involved in authoring, reviewing, and pushing such
+commit(s) should be at the forefront to mitigate their impact in a
+timely fashion: by pushing a followup commit to fix it (if possible),
+or by reverting it to leave time to come up with a proper fix, and by
+communicating with other developers about the problem.
+
+If these persons are unavailable to address the issue in time, other
+committers are entitled to revert the commit(s), explaining in the
+commit log and on the mailing list what the problem was, with the goal
+of leaving time to the original committer, reviewer(s), and author(s)
+to propose a way forward.
+
+Once the problem has been dealt with, it is the responsibility of
+those involved to make sure the situation is understood.  If you are
+working to understand what happened, focus on gathering information
+and avoid assigning any blame.  Do ask those involved to describe what
+happened, do not ask them to explain the situation---this would
+implicitly blame them, which is unhelpful.  Accountability comes from
+a consensus about the problem, learning from it and improving
+processes so that it's less likely to reoccur.
+
 @subsection Commit Revocation
 
 In order to reduce the possibility of mistakes, committers will have
-- 
2.32.0

Xinglu Chen wrote on 13 Jun 2021 13:50

Re: [bug#48696] [PATCH v2 1/4] doc: Structure the "Commit Access" section.

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:87pmwq7zkx.fsf@yoctocell.xyz

On Sun, Jun 13 2021, Ludovic Courtès wrote:

Toggle quote (51 lines)> * doc/contributing.texi (Commit Access): Add introduction and section
> heading.  Separate OpenPGP setup from commit policy.
> ---
>  doc/contributing.texi | 59 ++++++++++++++++++++++++++++---------------
>  1 file changed, 38 insertions(+), 21 deletions(-)
>
> diff --git a/doc/contributing.texi b/doc/contributing.texi
> index d67e632520..4ab489173b 100644
> --- a/doc/contributing.texi
> +++ b/doc/contributing.texi
> @@ -1275,8 +1275,19 @@ this nifty tool!
>  @section Commit Access
>  
>  @cindex commit access, for developers
> -For frequent contributors, having write access to the repository is
> -convenient.  When you deem it necessary, consider applying for commit
> +Everyone can contribute to Guix without having commit access
> +(@pxref{Submitting Patches}).  However, for frequent contributors,
> +having write access to the repository can be convenient.  Commit access
> +should not be thought of as a ``badge of honor'' but rather as a
> +responsibility a contributor is willing to take to help the project.
> +
> +The following sections explain how to get commit access, how to be ready
> +to push commits, and the policies and community expectations for commits
> +pushed upstream.
> +
> +@subsection Applying for Commit Access
> +
> +When you deem it necessary, consider applying for commit
>  access by following these steps:
>  
>  @enumerate
> @@ -1348,6 +1359,27 @@ review and merging system, which, as a consequence, may lead us to have
>  fewer people with commit access to the main repository.  Stay tuned!
>  @end quotation
>  
> +All commits that are pushed to the central repository on Savannah must
> +be signed with an OpenPGP key, and the public key should be uploaded to
> +your user account on Savannah and to public key servers, such as
> +@code{keys.openpgp.org}.  To configure Git to automatically sign
> +commits, run:
> +
> +@example
> +git config commit.gpgsign true
> +git config user.signingkey CABBA6EA1DC0FF33
> +@end example
> +
> +You can prevent yourself from accidentally pushing unsigned commits to
> +Savannah by using the pre-push Git hook called located at
> +@file{etc/git/pre-push}:

I think you forgot to remove “called” :)

Xinglu Chen wrote on 13 Jun 2021 13:56

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:87lf7e7zb9.fsf@yoctocell.xyz

On Sun, Jun 13 2021, Xinglu Chen wrote:

Toggle quote (55 lines)> On Sun, Jun 13 2021, Ludovic Courtès wrote:
>
>> * doc/contributing.texi (Commit Access): Add introduction and section
>> heading.  Separate OpenPGP setup from commit policy.
>> ---
>>  doc/contributing.texi | 59 ++++++++++++++++++++++++++++---------------
>>  1 file changed, 38 insertions(+), 21 deletions(-)
>>
>> diff --git a/doc/contributing.texi b/doc/contributing.texi
>> index d67e632520..4ab489173b 100644
>> --- a/doc/contributing.texi
>> +++ b/doc/contributing.texi
>> @@ -1275,8 +1275,19 @@ this nifty tool!
>>  @section Commit Access
>>  
>>  @cindex commit access, for developers
>> -For frequent contributors, having write access to the repository is
>> -convenient.  When you deem it necessary, consider applying for commit
>> +Everyone can contribute to Guix without having commit access
>> +(@pxref{Submitting Patches}).  However, for frequent contributors,
>> +having write access to the repository can be convenient.  Commit access
>> +should not be thought of as a ``badge of honor'' but rather as a
>> +responsibility a contributor is willing to take to help the project.
>> +
>> +The following sections explain how to get commit access, how to be ready
>> +to push commits, and the policies and community expectations for commits
>> +pushed upstream.
>> +
>> +@subsection Applying for Commit Access
>> +
>> +When you deem it necessary, consider applying for commit
>>  access by following these steps:
>>  
>>  @enumerate
>> @@ -1348,6 +1359,27 @@ review and merging system, which, as a consequence, may lead us to have
>>  fewer people with commit access to the main repository.  Stay tuned!
>>  @end quotation
>>  
>> +All commits that are pushed to the central repository on Savannah must
>> +be signed with an OpenPGP key, and the public key should be uploaded to
>> +your user account on Savannah and to public key servers, such as
>> +@code{keys.openpgp.org}.  To configure Git to automatically sign
>> +commits, run:
>> +
>> +@example
>> +git config commit.gpgsign true
>> +git config user.signingkey CABBA6EA1DC0FF33
>> +@end example
>> +
>> +You can prevent yourself from accidentally pushing unsigned commits to
>> +Savannah by using the pre-push Git hook called located at
>> +@file{etc/git/pre-push}:
>
> I think you forgot to remove “called” :)

Oh, I see that you fixed it in 4/4...

Ludovic Courtès wrote on 18 Jun 2021 14:37

Re: bug#48696: [PATCH 0/3] Documenting commit reverts and revocation

Recipients:(address . 48696-done@debbugs.gnu.org)

Message-ID:87eeczfivx.fsf_-_@gnu.org

Hi!

Ludovic Courtès <ludo@gnu.org> skribis:

Toggle quote (3 lines)

> If there are no objections, I’d like to push within a couple of

> days.

[...]

Toggle quote (5 lines)

> doc: Structure the "Commit Access" section.

> doc: Add "Addressing Issues" section.

> doc: Explain more reasons for commit revocation.

> doc: Clarify Git commit signing; fix typo.

Pushed as b5b9266e409abb18970bd34557cf087eb29fa713.

Thanks Chris and everyone for your feedback!

Ludo’.

Closed

Your comment

This issue is archived.

To comment on this conversation send an email to 48696@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it

mumi current 48696

Then, you may apply the latest patchset in this issue (with sign off)

mumi am -- -s

Or, compose a reply to this issue

mumi compose

Or, send patches to this issue

mumi send-email *.patch

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date