fesco

Clone
Source Code
GIT

#2589 Disallow "Block Un-Signed commits" hook in dist-git
Closed: Accepted 3 years ago by zbyszek. Opened 3 years ago by churchyard.

Closed: Accepted
Reopen Issue

Hello. 2+ weeks ago I've proposed this:

Some packages in dist-git have the "Block Un-Signed commits" hook enabled.
I find it really inconvenient for provenpackagers and not necessary or useful.

Example: https://pagure.io/releng/issue/10048

To contribute to Fedora, one needs to sign the Fedora Project Contributor Agreement anyway.

The dist git repos don't even have anything to sign off in them (e.g. DCO).

Would somebody mind if we just disable this hook in dist git, globally?

There was no pushback, so here I am, asking for a FESCo vote.

Proposal:

  • Using "Block Un-Signed commits" hook in dist-git is not allowed.
  • We'll ask dist-git admins to mass-disable the hook in all dist-git repos. If not possible, we declare that anybody who is affected by this hook can request disabling it in a specific repo via a ticket.
  • We'll ask dist-git admins to disallow the hook in dist-git / remove it from the list of available hooks. If not possible, see above.

+1

+1

+1

+1

+1, no added value :)

+1

There was no explanation on the list as to why that pre-receive hook was enabled. I would like to hear from the maintainer of at least the trousers package why it's enabled there. I am assuming the package maintainer did not see the message on the list.

My feeling here is that the hook is not being used to enforce something like the DCO, but rather to put up a barrier to drive-by commits on a potentially sensitive package. I would like to understand the reason behind using the commit and if there is any functional need for it in Fedora packages. If there is, we should think about the pp workflow and how it deals with packages that need this functionality.

-1

Metadata Update from @churchyard:
- Issue tagged with: meeting
3 years ago

Even if they want to put up a barrier to drive-by commits, this should not be the way of doing it.
Also, this only adds annoyance, not protection.

+1

In general I think these sorts of things are bad because:
They assume contributors are acting in bad faith unless they jump through a hoop to say they aren't
 They are a slippery slope to adding more similar such things (CLA for comments? Agreement for support chat? etc)
* They make it harder for new people / drive by contributors to contribute.

In specific in src.fedoraproject.org they are even less useful, since:

  • anyone who has a fedora account and has created a account has agreed to the fpca and (by default) is contributing under the MIT license.
  • It's inconsistent. If we allow it it should be globally enabled at least if it was needed / wanted.
  • Finally, the pagure check just checks that there is a signed-off-by in the commit, you can say 'signed-off-by: this signed off by thing is silly and a pointless hoop'

+1

+1

Thanks for the feedback and clarification.

This was discussed during the last FESCo meeting (2021-03-24), and we upheld the in-ticket vote here. So this was APPROVED (+9, 0, 0). To avoid doubts, I'll include it in the announcement mail.

@churchyard is to open infra ticket to do it.

Metadata Update from @zbyszek:
- Issue untagged with: meeting
3 years ago

Metadata Update from @churchyard:
- Issue tagged with: pending announcement
3 years ago

Metadata Update from @zbyszek:
- Issue untagged with: pending announcement
- Issue close_status updated to: Accepted
- Issue status updated to: Closed (was: Open)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.