[bug#47111] doc: Document the guidelines for removing inactive committers.

As suggested by the maintainer collective, this establishes some clear
guidelines for when and how to remove inactive committers from the
project. We already do this, in an ad-hoc way, but it's better to make
it explicit.

* doc/contributing.texi (Commit Access): Add paragraph about removing
inactive committers.
---
 doc/contributing.texi | 5 +++++
 1 file changed, 5 insertions(+)

Hello,

Leo Famulari <leo@famulari.name> writes:

> +Committers will have their Savannah account removed from the Guix
> +Savannah project and their key removed from @file{.guix-authorizations}
> +after 12 months of inactivity; they can ask to regain commit access by
> +emailing the maintainers.

What about softening it a bit?

  For security concerns, committers will have [...] inactivity; they can
  regain commit access at any time by emailing the maintainers.

Regards,

Leo, Nicolas,

Leo Famulari <leo@famulari.name> writes:
> +Committers will have their Savannah account removed from the 
> Guix
> +Savannah project and their key removed from 
> @file{.guix-authorizations}
> +after 12 months of inactivity; they can ask to regain commit 
> access by
> +emailing the maintainers.

LGTM!

Nicolas Goaziou 写道：
> What about softening it a bit?
>
>   For security concerns, committers will have [...]

I'd prefer it not justifying itself nor making more claims than 
strictly necessary.

Kind regards,

T G-R

On Sat, Mar 13, 2021 at 12:51:45AM +0100, Nicolas Goaziou wrote:
> Hello,
> 
> Leo Famulari <leo@famulari.name> writes:
> 
> > +Committers will have their Savannah account removed from the Guix
> > +Savannah project and their key removed from @file{.guix-authorizations}
> > +after 12 months of inactivity; they can ask to regain commit access by
> > +emailing the maintainers.
> 
> What about softening it a bit?
> 
>   For security concerns, committers will have [...] inactivity; they can
>   regain commit access at any time by emailing the maintainers.

To me, security is less of a concern that potential for making mistakes.
If someone is out of the loop and the committer workflow changes, they
won't have noticed and could push commits that don't work for `guix
pull`, or that cause too many rebuilds, or whatever.

How about this:

"In order to reduce the possibility of mistakes, committers will have
..."

Hi,

On Fri, 12 Mar 2021 at 15:32, Leo Famulari <leo@famulari.name> wrote:
> As suggested by the maintainer collective, this establishes some clear
> guidelines for when and how to remove inactive committers from the
> project. We already do this, in an ad-hoc way, but it's better to make
> it explicit.

[...]

> +Committers will have their Savannah account removed from the Guix
> +Savannah project and their key removed from @file{.guix-authorizations}
> +after 12 months of inactivity; they can ask to regain commit access by
> +emailing the maintainers.

Making it explicit, what does it mean “inactivity” in “after 12 months
of inactivity”?  Instead why not «after 12 months without using their
commit access rights»?


Cheers,
simon

On Sat, Mar 13, 2021 at 01:46:35AM +0100, zimoun wrote:
> On Fri, 12 Mar 2021 at 15:32, Leo Famulari <leo@famulari.name> wrote:
> Making it explicit, what does it mean “inactivity” in “after 12 months
> of inactivity”?  Instead why not «after 12 months without using their
> commit access rights»?

They might have been highly active on the mailing lists and the bug
tracker, in which case there may not be any reason to remove them. These
are just guidelines, they will not be enforced exactly.

Hi,

On Fri, 12 Mar 2021 at 20:14, Leo Famulari <leo@famulari.name> wrote:
> On Sat, Mar 13, 2021 at 01:46:35AM +0100, zimoun wrote:
>> On Fri, 12 Mar 2021 at 15:32, Leo Famulari <leo@famulari.name> wrote:
>> Making it explicit, what does it mean “inactivity” in “after 12 months
>> of inactivity”?  Instead why not «after 12 months without using their
>> commit access rights»?
>
> They might have been highly active on the mailing lists and the bug
> tracker, in which case there may not be any reason to remove them. These
> are just guidelines, they will not be enforced exactly.

In the issue [1] introducing the Commit Access section, there is a
discussion.  Anyway. :-)

In my views, they do not need commit access to be active on the mailing
lists and/or the bug tracker.  The set of people with commit access
should be restricted to people who effectively commit; especially with
the authentication dance.  Well, if in the past 12 (or 18?) months, they
are not able to push couple* of patches waiting in the tracker or update
couple* of packages or push a fix or … I miss why do they need a commit
access, i.e., in my views they are inactive as committer.  It’s fine,
life happens.  And since commit access is about trust and they are
already trusted, they can request later a commit access if they are able
to be active again.

*couple meaning here 2 or more. :-)


I agree that these are just guidelines and they will not be enforced
exactly, e.g., counting the number of days of “inactivity”. :-)

Well, I am only suggesting something that appeared vague when I read
it.  Otherwise, LGTM. :-)


1: <http://issues.guix.gnu.org/issue/38846>


Cheers,
simon

Hello,

Tobias Geerinckx-Rice <me@tobias.gr> writes:

> I'd prefer it not justifying itself nor making more claims than
> strictly necessary.

My concern is that removing commit access is also a symbolic act, which
could be taken personally. I think it is necessary to explain the reason
behind it. IOW, I suggest to make sure the message is not understood as
"you are deemed useless after 12 months not working for us".

Minimal explanation leads to maximal interpretation, and not everyone
has the same English command.

Regards,

Hello,

Leo Famulari <leo@famulari.name> writes:

> To me, security is less of a concern that potential for making mistakes.
> If someone is out of the loop and the committer workflow changes, they
> won't have noticed and could push commits that don't work for `guix
> pull`, or that cause too many rebuilds, or whatever.
>
> How about this:
>
> "In order to reduce the possibility of mistakes, committers will have
> ..."

Sure, if that's the reason why. 

Also, about my second suggestion at the end of the message, I want to
make it clear that regaining commit access is trivial, and does not
imply another vouching process (IIUC), i.e., "you can ask to..." sounds
like it could be refused.

Regards,

On Sat, Mar 13, 2021 at 09:07:16AM +0100, Nicolas Goaziou wrote:
> Also, about my second suggestion at the end of the message, I want to
> make it clear that regaining commit access is trivial, and does not
> imply another vouching process (IIUC), i.e., "you can ask to..." sounds
> like it could be refused.

It could be refused. It really depends on the situation, and the
decision is at the discretion of the maintainers. In many cases a simple
"Hi, I'm back!" email will be enough, but the text I propose is not
offering a guarantee.

Hello,

Leo Famulari <leo@famulari.name> writes:

> It could be refused. It really depends on the situation, and the
> decision is at the discretion of the maintainers.

Oh! I cannot foresee a situation where this could occur. I'm probably
lacking of imagination here. I'll trust you on this.

> In many cases a simple "Hi, I'm back!" email will be enough, but the
> text I propose is not offering a guarantee.

Naively, I was hoping for another interpretation. Then, I agree your
text is sufficient.

Regards,

Hi Nicolas,

Nicolas Goaziou <mail@nicolasgoaziou.fr> skribis:

> My concern is that removing commit access is also a symbolic act, which
> could be taken personally. I think it is necessary to explain the reason
> behind it. IOW, I suggest to make sure the message is not understood as
> "you are deemed useless after 12 months not working for us".

In my view, documenting it is precisely a way to make sure no one takes
it personally: the rules are known beforehand, no one is caught by
surprise.  That also means maintainers don’t have to hesitate,
negotiate, worry, and all that.

> Minimal explanation leads to maximal interpretation, and not everyone
> has the same English command.

True.  I think the suggestion you and Leo made to add “In order to avoid
mistakes” can clarify that.

To me that’s the main reason for this policy.  Another one is security
(someone has their laptop stolen, for instance), but similar security
risks exist while the person is active.

Thanks,
Ludo’.

Hi Leo,

Leo Famulari <leo@famulari.name> skribis:

> How about this:
>
> "In order to reduce the possibility of mistakes, committers will have
> ..."

I like this.

> On Sat, Mar 13, 2021 at 09:07:16AM +0100, Nicolas Goaziou wrote:
>> Also, about my second suggestion at the end of the message, I want to
>> make it clear that regaining commit access is trivial, and does not
>> imply another vouching process (IIUC), i.e., "you can ask to..." sounds
>> like it could be refused.
>
> It could be refused. It really depends on the situation, and the
> decision is at the discretion of the maintainers. In many cases a simple
> "Hi, I'm back!" email will be enough, but the text I propose is not
> offering a guarantee.

Perhaps, after “they can ask to regain commit access by emailing the
maintainers” we can add “without going through the vouching process”?
Would that address your concerns, Nicolas?

To be clear, I think this would be dealt with on a case-by-case basis.
I expect that by far the most frequent situation would be one where
maintainers know the person and immediately restore their access.  In
other cases, as the project gets older, maintainers could feel the need
to go through the regular contribution and vouching process.

IOW, I think this process should be as smooth as possible, but we should
not suggest it’s automatic.

Thoughts?

Ludo’.

Hi,

The patch LGTM, even better with the tweaks.


On Wed, 17 Mar 2021 at 11:05, Ludovic Courtès <ludo@gnu.org> wrote:

> IOW, I think this process should be as smooth as possible, but we should
> not suggest it’s automatic.

I agree.  It should not be automatic, and dropping a private email
asking some news is what I would do (if I had to do :-)).  Life happens,
and asking news to someone with who I had some interactions appears to
me a normal human interaction. :-)

Cheers,
simon

On Wed, Mar 17, 2021 at 01:12:34PM +0100, zimoun wrote:
> The patch LGTM, even better with the tweaks.

Alright, I have taken all the comments into account and pushed a revised
patch as commit 9ade2b720af91acecf76278b4d9b99ace406781e.