Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 2 Nov 2020 14:45:58 -0500
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: Authorship/attribution and stalled patches

On Mon, Nov 02, 2020 at 08:40:28PM +0100, Markus Wichmann wrote:
> On Sun, Nov 01, 2020 at 08:16:32PM -0500, Rich Felker wrote:
> > It came to my attention that there are a few patches in limbo where,
> > after some discussion, it seems I was waiting for an updated patch
> > from the contributor to apply, and it never appeared. I could and
> > should just make the changes myself (this would have been more
> > efficient to begin with), but I'm not sure what to do about
> > authorship/attribution in that situation, and it probably deserves
> > community input.
> >
> > A while back, I started trying to make better use of git commit
> > authorship to credit contributors, rather than just mentioning "patch
> > by X" or "based on patch/idea by X" in commit messages. However I
> > still don't have a clear feel for how this should work in the case
> > where the patch is modified before being applied. Are there
> > established norms for the degree to which a patch should be modified
> > while leaving the author intact, or should it just always be converted
> > to commit authorship by the person who makes the final changes, with
> > original author in the description? It's really a tradeoff between
> > potential misattribution of mistakes or changes the original author
> > might not like, and failure to credit, and I don't know where the
> > right balance is.
> >
> > Rich
> 
> Why not just apply the patch as-is (leaving the patch author as
> committer), then commit the necessary changes afterwards (as yourself)?
> That way the original patch becomes its own commit, and we can see what
> had to be changed afterwards. If you want to make it extraordinarily
> clean, you could do all of that on a branch and merge the product
> afterwards. Seems to be the cleanest solution. If the patch is not yet
> in a form where the fixes are obvious (e.g. the reallocarray() patch we
> had a while back that either would give you horrible performance or
> copies of sensitive data lying around in address space), then the patch
> is probably not ripe, anyway.

This would be a major regression in maintainership quality. It
introduces versions that don't work/have new bugs that would not
otherwise be in the history, making it harder to bisect, harder for
patches to commute (and be backported etc.), harder to read and
understand, etc. The intent of the history is to be a history is
approved changes, with clearly documented motivations for each.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.