-
-
Notifications
You must be signed in to change notification settings - Fork 14.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
treewide: decomissionate urandom #337478
treewide: decomissionate urandom #337478
Conversation
Since urandom is inactive.
🤡 |
Funny, "inactive": nixpkgs/maintainers/maintainer-list.nix Lines 21464 to 21471 in 94930d4
https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+involves%3Aurandom2 |
How in the world did you manage to try to "decomissionate" someone who made a PR two days ago? Do you even try to see if someone is actually inactive before making these PRs? |
Usually I do not care about aggressive behavior, because I am not aware of subtexts most of time. However, this is our second interaction in a little more than a month in which you did not spare harsh words in rebuking my reprehensible behavior, while taking the least charitable interpretation available. Is there anything I can do to amend my failures on our interactions? |
@AndersonTorres this level of carelessness is not what I'm expecting to see, when approaching an issue where we as a community essentially say to a person: "We don't need you any more, you can go"
I have been less active in nixpkgs at times and I can tell you for sure that I'd have been greatly offended if I woke up to some rando removing me from my packages and the organization, without even proper community backing. I understand if there is a language barrier when trying to communicate effectively, but this is not a simple technical issue, where we can easily fix stuff afterwards, or play around with changes. Therefore, in an abundance of caution, I'll close down your other related PRs for the time being and I'll ask you to work in a more consensus - oriented fashion, if you feel you have to question people's roles with the project in the future. |
@superherointj since you seem to disagree with closing down the PRs where approval by the targeted maintainers had been given, would you mind sketching out what benefit you see in removing maintainers at all? |
Users ask maintainers for reviews and wait long for reviews that never materialize. Committers have to wait for package maintainers to answer for a week even which delays merging PRs. See: https://github.com/NixOS/nixpkgs/tree/master/maintainers#definition-and-role-of-the-maintainer It's best to know no one is taking care of a package. On breakage, instead of forever spending build resources, the package should be removed, since no one cares about it. |
Let me reply a few of those points that I think it is relevant considering I merged some of those cleaning up PRs.
Yes, +1 for being grateful for those that did some job in nixpkgs. But I think we also need to keep in mind that @AndersonTorres is a human like any other, and putting pressure on they without further discussion (and closing their PRs preemptively, again, without at least some discussion) is not the kind of reply I expected from someone that is against the idea.
There are a few downsides of an inactive maintainer that I can think:
Also, I disagree about the part of "actively harming community". If the member ever wants their maintainer bit back, they can be re-added. Again, I agree that maybe this should be more clear, probably putting a message in the PR making it clear, e.g.: "if you ever want to come back
I think this is mostly a communication problem. We definitely need to have a guideline on how to do those kind of clean-ups, but I still think, IMO, we should have them often. |
This is neither the intention nor the message those pull requests are passing. This is a practical issue: there are maintainers not interacting with Nixpkgs in a long span of time.
The issue pointed by emilylange deals mostly with commit status. I gave a terse and direct answer to emilylange, not because I dismissed his information as not important, but because it was orthogonal.
As I said above, it is a practical issue: maintainers not interacting with the codebase in a long span of time.
As I said above, not duplicate but orthogonal.
I disagree on both accounts:
However, I will not elaborate here - since I will close the main issue.
My intention is not a violent kick as your wording is suggesting here.
This was a failure from my part. However I was careless in recent PRs by not doing this upfront.
To be honest, I never thought this is necessary. To me, in Nixpkgs anyone is welcome by default.
I did this in some cases when the person answered the PR, not as an afterthought but as a sincere acknowledgement.
As I said before, despite recent events, Nixpkgs is very welcoming. Since I will not disagree with your final paragraphs, I will not pursue this further. |
Oh I almost forgot this:
Maintainers are also security-relevant. A maintainer is formally invited to the team, having some mild moderation powers. Just to be sure, you, in an abundance of caution, closed my other PRs. So the possibility exists. Especifically for @urandom2 |
Can I ask honest ask the reason why we are focusing in keeping inactive maintainers? From what I understand (and I may be wrong), However, by keeping inactive maintainers, we can't rely in this mechanism anymore since there is no guarantee that pinging a maintainer will get an answer. It does seem to me that we are relying in |
Here is one example that the even the maintainer concur that they're inactive: #330232 (review) (not sure @bendlas you decided to ping the maintainer again in this instance). You can see that even sometimes the maintainer themselves concur that they should be removed. Maybe they don't want to bother to open a PR (this is clearly the case here) or even answer the topic because they don't remember their password account/lost access to e-mail for example. But I still think we should be removing those cases. Again, if they ever want to come back, they should feel free to do so. |
REMARK I mixed quotes from different people in this reply, please don't nail me to it. I tried to keep each answer self-contained.
I already gave one reason: Another one is, that being in
A fair enough point. Also a few other good points, all around. And yet, a PR for removing somebody is still not the place for making them.
It is at least part of the message, though. No matter how much legitimacy the process has (which in this case it didn't), that message will always be part of the mix. Which is why I want us as a community to deal with this with matters like this in the most mindful and empathetic way possible.
Even when looking at everything I could find (let alone just looking at this PR) I didn't feel at risk of being over-explained to. In fact, I would have wished for some reasoning (e.g. many of the arguments now made in these comments). Was there a link to an RFC that I might have missed?
Not fully orthogonal either: There may be many differences between contributors and maintainers, but a few similarities remain:
We need to be aware of this dimension when asking people to step out!
I can empathize with getting frustrated over the RFC not moving forward and wanting to take matters into your own hand. However, there is a reason that people felt the need to do an RFC around an issue very similar to this: This is not about just another list in source code: This is about just another list in source code with human names on it. Why not at (the very) least publish the method that you use for selecting the people that you want to take off the list?
I appreciate your use of irony. I'll repeat my explaination from one of the closed PRs here: In essence, I was trying to make a point of inviting people back in, when they might have felt pressured to agree without due process.
Again, appreciate the irony. And again I did what I did in attempt to undo some of the damage I saw in front of me and to take the opportunity to make it into an invitation to contribute again.
I'd argue that asking people to leave in such a careless way, is making it less so.
See, here is something I'm honestly not getting: If we deem it necessary to tidy up. Why not go the extra mile to make sure that people know what is what, when they are removed from a list? Why go with bland statements like Also about the usefulness of this cleanup: In #290642 (comment), you state Here #290642 (comment) you state
Have you written out this deliberation of yours somewhere? Because that's What I would have suggested. I imagine an
There would be more to respond to, but I'll stop now. I hope that my stance is clear: I'm not against cleaning up our maintainers list, per se. But I would like us to at least leave an appropriate paper trail, when having to do the open-source equivalent of HR, and better yet, actually take the human element into consideration -- which we can do precisely because we're not about money. |
The "kick as a putrid corpse" spin you are conveying here - it is not.
I
Since we are talking about barriers of communication here, I dare to disagree. RFCs are reserved for structural changes - as explained in the README, section When this process is followed. On the other hand, not a long time ago, in a heated discussion I suggested that adding meta.repository should be the subject of an RFC. Well, the code adding meta.repo was merged. Maybe RFC process was unneeded after all... Oh! A couple of weeks later it was reverted because it caused a bug that broke evaluation of some closed-source binary-only packages.
I was initially polishing some ideas for a shell script, but it was basically filtering people with commits older than a threshold, like 12 or 18 months. This can be done in a local checkout of code.
It would be a nice idea!
Some packages were adopted while I did some cleanups.
Feel free to suggest it again: #310759 |
The problem I see in nixpkgs:
There are things you can only understand with experience. There is a reason the active reviewers/commiters want to get rid of inactive maintainers. It doesn't help! Since you claim there isn't consensus in favor of removing INACTIVE maintainers. And I'm quite tired of nixpkgs by now. I'm out of this madness. Good luck pleasing your inactive maintainers. Feel free to review my PR removing myself. Since we disagree about direction of things. And I'm honestly too tired for everything negative comings from nixpkgs. The amount of negativity I receive from here is surreal. Also, this is not your fault. It is just that I don't want to continuously live sudden crisis that require having to debate everything until exhausting for bad reasons. Or be blamed for anything. My reasons. No worry. I'm not merging anymore PRs. Peace. Update: I'm sorry for pointing out the stats like that. I guess, I was mad. My bad. I ask for forgiveness. |
I know it's not meant as such. It's still a credible emotional worst-case scenario for somebody on the receiving end. And the more I think about it, the more I actually do find the
See, even this We are interested in whether we can expect somebody to react to issues and PRs that they might be pinged into. Or if it's time to start advertising an open maintainership for a package, to the users of that package (which is, btw, a much gentler way to find new maintainers, than to delete stuff out from under them). And even if we end up deleting packages: Isn't the information who used to maintain them, valuable until the very last second?
If your point is that I could have stepped into the RFC process at any point: Touché!
Establishing a process for phasing out software and people from the organization arguably is, though. And by getting started on removal PRs, you did exactly that. Look, I'm not even about the RFC, necessarily. What I am about is treating people with dignity (yes, kill me for the irony). And when dealing with human names on lists, it is imperative that we operate transparently, even-handedly, and with explicit intent. People can easily get touchy about group memberships, believe it or not. Tons of subtext involved. And saying goodbye is always hard, even if it has been a few years. Whole documentation pages have been written and subsequently ignored for much less.
Yeah, but like .... how did you do it? Or rather: Do you agree that it's important to let people know how they were selected for removal? Even if it's just an english sentence of the criteria you used? Can you imagine how the criteria that are being communicated at that point, are the criteria that the person will seek to fulfill in case they want to be let back in? And so if their criterium was somebody named Charlie opening up a removal PR without further elaboration, how they could easily see no choice other than to go to Charlie personally and beg him to let them have their maintainership back?
OK, good to know they weren't just abandoned. This information would btw also be nice to pass to someone, who's being replaced as a maintainer for a package: Who is stepping up for it.
You know what? I will! |
While clearly there is nuance to how to go about dealing with inactive maintainers, and obviously this PR was totally incorrect, I think there is no rational reason to keep maintainers around when they have signalled agreement with their removal. Maintainers are allowed to remove themselves! I don’t think @bendlas’s unilateral closures of PRs where the inactive maintainers approved them were at all appropriate and I hope those PRs can be revived. We have an opt‐in eval warning for unmaintained packages for a reason. We have an RFC for removing unmaintained and broken packages for a reason. When a maintainer list contains names but those names are not active in the project and won’t respond to pings, the package is effectively unmaintained. Leaving names in there and expecting people to just know – or spend time looking up – who isn’t active makes the maintenance problems in the tree less legible, both to human contributors and to the policies and automated systems we have built up around packages being unmaintained. |
You don't think my "due process" argument, has any merit, and that without any information about the "how" and "why" somebody might feel pressured to say "sure, remove me", instead of feeling encouraged to step back up? |
Anyway, it’s really unfortunate that we have lost an active committer over this PR and I hope we do not lose any more. While there is clearly scope for legitimate disagreement here, please consider if this matter really needs more 10‐paragraph replies with every sentence from the previous messages quoted and responded to… I hate to be blunt, but given the patterns at play here I think it is necessary: @AndersonTorres, you really need to get better at taking feedback on your actions and attitude in Nixpkgs. I’ve seen many people try to do so in various different ways but I’ve not seen your behaviour change as a result of any of it. You make a lot of valuable contributions to the project, but people find you difficult to work with, and I know there are multiple people who have burned out on the project in part because of your interactions. @bendlas, this isn’t the first or second thread I’ve seen recently that became full of heated and very long back and forth messages going nowhere once you jumped in. Please try to contribute more light than heat. You’re talking about being welcoming and not offending contributors, but if you can’t keep civil and avoid hostility that rings hollow. |
@emilazy while I appreciate that you're saying that you find my arguments too heated and my methods to crass, I'll ask you to not derail this conversation (admittedly happening on an already derailed PR) by going meta like this. I'll be happy to answer for anything that you or anyone may feel I need to answer for, in a new thread, be it on discourse or zulip. It should also be easier to establish patterns this way, no?
EDIT oh, I see it now |
@superherointj it's clear to me, that I've hurt you with something, so I'll not ask any further questions about this. But that is low. My number of reviews merged, that is.
See, that pain that I'm hearing through this statement. I understand it. I've felt it. It's not a good basis for decisions. I've always been a big fan of stepping away, touching some grass and coming back refreshed.
Well, is there? How does the consensus say it's supposed to be done? Can I read about it? Why didn't we link it in the PRs that were opened?
You know, that comparison that you drew up there, between our numbers, I found that kind of hurtful. So I'm a little bit mad at you as well right now. So I'll not review your PR now. Feel free to ping me if you still want to leave in a week. I hope you'll reconsider staying. |
There are better venues to have this conversation (feel free to email me or PM me on Matrix), but my frustration boils down to this:
You're right that I probably shouldn't use such harsh words, but when your interactions with the project have never changed as a result of many comments from many people, I have no reason not to. |
No, thank you. I think someone had to say something and the behaviour from both parties here demanded comment but I’m content to have tried and I don’t think it’s my role to get into the weeds about this with you when you’ve already been warned about this kind of conduct recently by a member of the moderation team. |
You have not hurt me. What I can't handle is the amount of extra-work, back-tracking happening in nixpkgs, necro-bumping and second guessing. The more contributions, the more the odds of someone digging up something and starting a thread arguing whatever and then being forced to participate/answer in a crisis mode. Also, no merit. Then we end up in this situation that, people claim whatever, and whatever so be it. Say the words, RFC, 'consensus', process and nothing moves forward ever. And people that have put the work gets punished many times over. (Not that I am putting that much work, I stopped long ago, other people do a lot more than me, I'm a minor contributor). I'm just trying to explain the issue.
Well, I don't know what you mean by that. I only tried to convey the idea that people that have reviewed more think differently. A better awareness of pain points. And then, those 'useless PRs' are actually meaningful considering the amount of 'ghosting' we see.
I honestly don't know.
Well, ... I'm tired, so I'm no longer interested in discussing what should/shouldn't be. People usually think 'rigidity' is a solution, but then, it also doesn't work as well as people think. The more bureaucracy there is, the harder it is for those that actually doing the work. I don't know the right answer. Things just feel miserable.
Just facts. If you want to be really hurt, see @SuperSandro2000, and he got suspended and had a lot of trouble to get back. lol I only used that to try to convey why the difference in thinking. One is trying to optimize for what is best for whom is active. You wanted to optimize for the inactive. Time is scarce resource. You took time from me today, that I have to answer all these messages, read, think, etc. (And vice-versa.) It's a trade-off. Things won't be perfect.
I'm not mad at you. I'm at peace. I invite you to calm yourself. And just reflect about whatever is bothering you. Then, grow wiser. (This is a general solution for such problem.)
I won't be staying, but not because of you specifically, I understand you had your reasons to try to move things to a certain direction. That makes sense for you. I just can't handle nixpkgs anymore because I don't have the bandwidth for it. I was already 'slowing down' before you pinged me 10x today (lol. You went over that many PRs and re-posted the same messages.) I'm all good. I hope you are well too. Btw, I like Anderson Torres here. And I never had any communication problem with him. I think, it is a bit unfair the much bashing he gets. I think, often people misread things. No bad feeling from me about anything. I'm just at my edge here. Just that. I wish you all the best. And I hope you contribute more than Sandro ever did. Then, you laugh at us with our humble stats. :-) Best regards. |
Even if you can bypass the lock, please consider if this is the best venue to spend your time and energy. We won't solve these problems buried in a random PR. |
Sorry to bypass the lock, my last reply in this discussion. Anyone that wants to discuss this further, please ping me on Matrix, not that this will happen, because I think the objective was already done (derailing an otherwise peacefully clean-up of maintainers that don't care about nixpkgs to discuss yet another process that will probably never gain traction). And yes, I concur with
I contribute for a bunch of open source projects and have a few of my own (they're definitely not big or anything). I also work as a professional developer for at least 8 years. If someone asks me about a piece of code that I contributed 6 months ago and didn't touch it anymore, there is a good chance that I will just say "I don't remember". However, if I am still interested on it, I will definitely say something. I think this is way more likely to be the case with an inactive maintainer: even if they want to contribute, they have nothing to add to the discussion because they don't remember anymore. It is also very common for inactive maintainers that they stopped using the package in case or even nixpkgs at all. I don't think expecting maintainers show that they're still interested in the package by replying a (friendly) call if they didn't contribute in the last X months, something like: "Hey Keep in mind this is an example, the wording could be improved.
I really don't think we should use
There is no problem of stepping out. We are not removing maintainers forever. If they ever want to come back, the process is exactly the same as it was: open a PR adding themselves to
@superherointj did a honest comparison to show what a person that is a long time in nixpkgs has as a vision vs. a newcomer, and even if maybe it was not the best way to do so, it is still a valid argument that if we want to have a proper discussion, should be considered. What I mean by that is that someone that is longer in nixpkgs will probably have more context about the kind of issues a package having inactive maintainers will have them someone that is new. But this is not to make your contributions lower or anything @bendlas (I don't know you and this is my first interaction with you AFAIR). So again, while we are talking about the human aspect here, I think we should also consider how people replying here are also human and consider this instead of making the whole reply about one point. Edit: keep in mind that I put my professional and open-source experience there not to say that I have more say in this matter than anyone or anything like that. The only reason I put it there is that I think with experience you get to... experience more things, that's it. I don't think people with more experience are necessary more technical or anything like that (I even know some people that has less experience than me that I consider more technical), but having more experience helps in cases like "getting in a heated discussion with a maintainer because I merged a PR without the maintainer approval because I can't just trust that the maintainer is active or not by looking at the I seriously considered creating a spreadsheet of active maintainers (yes, this looks as crazy as it sounds) before deciding it was best to stop contributing to Nixpkgs for a while, same as you @bendlas, but I definitely wouldn't feel bad if someone decided to remove myself from Nixpkgs at the time. |
Since urandom is inactive.
Description of changes
Things done
nix.conf
? (See Nix manual)sandbox = relaxed
sandbox = true
nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)Add a 👍 reaction to pull requests you find important.