Hello. 2+ weeks ago I've proposed this:
Some packages in dist-git have the "Block Un-Signed commits" hook enabled. I find it really inconvenient for provenpackagers and not necessary or useful. Example: https://pagure.io/releng/issue/10048 To contribute to Fedora, one needs to sign the Fedora Project Contributor Agreement anyway. The dist git repos don't even have anything to sign off in them (e.g. DCO). Would somebody mind if we just disable this hook in dist git, globally?
Some packages in dist-git have the "Block Un-Signed commits" hook enabled. I find it really inconvenient for provenpackagers and not necessary or useful.
Example: https://pagure.io/releng/issue/10048
To contribute to Fedora, one needs to sign the Fedora Project Contributor Agreement anyway.
The dist git repos don't even have anything to sign off in them (e.g. DCO).
Would somebody mind if we just disable this hook in dist git, globally?
There was no pushback, so here I am, asking for a FESCo vote.
Proposal:
+1
+1, no added value :)
There was no explanation on the list as to why that pre-receive hook was enabled. I would like to hear from the maintainer of at least the trousers package why it's enabled there. I am assuming the package maintainer did not see the message on the list.
My feeling here is that the hook is not being used to enforce something like the DCO, but rather to put up a barrier to drive-by commits on a potentially sensitive package. I would like to understand the reason behind using the commit and if there is any functional need for it in Fedora packages. If there is, we should think about the pp workflow and how it deals with packages that need this functionality.
-1
Metadata Update from @churchyard: - Issue tagged with: meeting
Even if they want to put up a barrier to drive-by commits, this should not be the way of doing it. Also, this only adds annoyance, not protection.
In general I think these sorts of things are bad because: They assume contributors are acting in bad faith unless they jump through a hoop to say they aren't They are a slippery slope to adding more similar such things (CLA for comments? Agreement for support chat? etc) * They make it harder for new people / drive by contributors to contribute.
In specific in src.fedoraproject.org they are even less useful, since:
Thanks for the feedback and clarification.
This was discussed during the last FESCo meeting (2021-03-24), and we upheld the in-ticket vote here. So this was APPROVED (+9, 0, 0). To avoid doubts, I'll include it in the announcement mail.
@churchyard is to open infra ticket to do it.
Metadata Update from @zbyszek: - Issue untagged with: meeting
https://pagure.io/fedora-infrastructure/issue/9793
Metadata Update from @churchyard: - Issue tagged with: pending announcement
Announced: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/JPVDG4SQOBLF6HTLHXKIAXWH4QOHVSH7/.
Metadata Update from @zbyszek: - Issue untagged with: pending announcement - Issue close_status updated to: Accepted - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.