jdev - 2025-02-12

  1. Soni

    this is only vaguely relevant, but uh, have you heard of federated maintainership?

  2. moparisthebest

    No what is it

  3. lovetox

    Is that a fancy word for having multiple maintainers šŸ˜

  4. Soni

    are you familiar with the concept of open federation?

  5. Soni

    it's basically that, but for git repos. we deprecate the concept of "upstream" and require every git clone to be fully qualified, and use an interface that shows all repos as having more or less equal weight

  6. Soni

    anyone can become a maintainer by setting up an instance and putting their repo in it. every other instance will then list their repo alongside yours.

  7. Soni

    (and also, who are we kidding, this is xmpp, ofc you're familiar with open federation :p but anyway)

  8. qy

    isnt that just cooperative forking?

  9. Soni

    we don't know if it has an existing name. we've been calling it federated maintainership since a few days ago or so.

  10. Soni

    (tho the idea is much older, we came up with it around the time mastodon's BDFL model was still an issue)

  11. Soni

    we can't seem to find anything about cooperative forking

  12. Soni

    here's where we called it federated maintainership: https://github.com/tukaani-project/xz/issues/163

  13. moparisthebest

    Soni: isn't that just... git used how and for what it was created for ?

  14. Soni

    moparisthebest: (this is not meant to be combative) okay but, was it? we mean, even the kernel isn't open federation: there's a single upstream - linus' tree, and then there's a bunch of authorized maintainers, and they all use the same git host. no?

  15. Soni

    (linus's? something like that)

  16. Soni

    (and we think linux maintainers are a little elitist but we digress)

  17. moparisthebest

    They don't use a host at all really, just email (federated!) patches to a mailing list

  18. Soni

    no we're pretty sure linus pulls from other maintainers every now and then, it's not all email

  19. moparisthebest

    I don't see how you could have a project where anyone who wanted to could push code to a place distros would pull it?

  20. Soni

    we think they're called "octopus merges"

  21. singpolyma

    just because one tree chooses to issue releases doesnā€™t meant the other trees arenā€™t real

  22. Soni

    (sometimes spanning like 60 trees or something)

  23. singpolyma

    thatā€™s really all ā€œbeing an upstreamā€ is is someone willing to issue a release and give it a name

  24. moparisthebest

    Right individuals can host their git repos publicly in which case it's a full and complete copy and distros or whoever could use that instead

  25. moparisthebest

    In fact that's pretty common, for example linux-zen and linux-hardened in Arch Linux have a different upstream that is not kernel.org or Linus

  26. Soni

    moparisthebest: okay, but those are seen as "soft forks", not federated maintainers

  27. singpolyma

    Debian once used my fork to base xmpp-irssi package on and I didnā€™t even have releases

  28. Soni

    singpolyma: yeah, and you wouldn't even know about it until they told you?

  29. Soni

    and tried to upstream their patches and stuff

  30. singpolyma

    Soni: so in your model no one ever makes a release?

  31. Soni

    singpolyma: well, distros make packages. and that's the closest you'll get to a release

  32. moparisthebest

    How do they decide who's copy to package?

  33. Soni

    point being, why shouldn't you use debian as the upstream for your fork?

  34. moparisthebest

    And then like, what if Debian and redhat make different incompatible decisions?

  35. Soni

    they fork from you, you fork again from them, and it all explodes

  36. Soni

    (okay it doesn't explode, but like... they're making patches, right? why shouldn't they have a stake on it?)

  37. Soni

    moparisthebest: see also the github issue we linked, it (very) briefly discusses that issue

  38. singpolyma

    right but this is all how it works now, except for banning anyone to make a release or have a version number

  39. Soni

    you do still have a version number: the git commit

  40. Trung

    ā€¦ā€¦but why ?

  41. singpolyma

    thatā€™s not a number

  42. mathieui

    Soni, the issue with the model (as I understand it) is that in the end decisions must be made, and trust must exist. That can hinge on a single person, or many, but in the end you need a way to make decisions and communicate

  43. Soni

    a 160-bit number is still a number

  44. Soni

    mathieui: but it doesn't need to be middlemanned by an upstream, it can be ad-hoc

  45. singpolyma

    mathieui: well, do you?

  46. singpolyma

    like Debian has to decide what to package but thatā€™s up to the DM no one in the project *needs* to be involved

  47. Soni

    mastodon would benefit from it because everyone wants something different from the software but more importantly *nobody gets anything from the software*

  48. Soni

    (well, maybe that's gonna change now that mastodon is no longer BDFL-based, but still)

  49. singpolyma

    Iā€™m not saying I want to totally ban releases, but Iā€™ve done it for some stuff before and it can work I think

  50. Soni

    this is the problem it solves: different ppl have different expectations

  51. Soni

    (and we should embrace that instead of... steamrolling ppl's needs we guess?)

  52. singpolyma

    well you can still operate this way even if one person calls themself maintainer and makes releases. Just ignore them

  53. qy

    this would make more sense with a patch-oriented vcs

  54. jonasā€™

    I'm wondering how this general software maintenance philosophy discussion is on-topic for here?

  55. qy

    busted

  56. mathieui

    singpolyma, I mean, you donā€™t have to do releases, but you kind of need to have some level of cooperation between multiple actors if you donā€™t want things to be a pile of crap to maintain because patches donā€™t magically apply regardless of the history

  57. singpolyma

    jonasā€™: youā€™re right, itā€™s not. Sorry

  58. Soni

    well, we come here to wonder if any xmpp *devs* would be willing to try it for xmpp :p

  59. mathieui

    also yeah, thatā€™s not really XMPP development

  60. qy

    Soni: xmpp:dev@chat.moparisthe.best?join

  61. Soni

    (it'd be cool to try it for the protocol itself but, eh oh well)

  62. Soni

    (that's probably too hot of a take for this place)

  63. qy

    > Soni: xmpp:dev@chat.moparisthe.best?join that's a muc link, you can carry on there

  64. moparisthebest

    We can kinda see what happens in practice when distro maintainers (who are responsible for *a lot* of packages, and not experts in any one) make major decisions that contradict upstream (who *are* the experts for that project) That's how we got the fatal Debian key generation bug of 2008 that still haunts us https://16years.secvuln.info/ (Debian maintainer thought he knew better and broke everything) *and* it's what enabled the xz thing to be a problem (Debian and redhat maintainers thought they knew better and patched all these vulns into openssh)

  65. Soni

    qy: what should we call that room? (we need to give rooms names, because bitlbee)

  66. qy

    "Dev chat"

  67. Soni

    what kind of dev chat

  68. moparisthebest

    Just general dev chat, so this would be ontopic there

  69. jonasā€™

    thanks everyone for moving the discussion elsewhere :)

    šŸ‘ 2
  70. moparisthebest

    > thanks everyone for moving the discussion elsewhere :) šŸ‘

  71. qy

    > thanks everyone for moving the discussion elsewhere :) šŸ‘