Proposal: Better force-tag

Doug Ledford dledford at redhat.com
Mon Sep 15 18:15:15 UTC 2008 

On Sun, 2008-09-14 at 12:23 -0400, Brian Pepple wrote:
> On Sun, 2008-09-14 at 17:52 +0200, Denis Leroy wrote:
> > Ignacio Vazquez-Abrams wrote:
> > > Ultimately nothing can stop the user from using cvs tag -F, so any
> > > solution (including this one, which I like a lot) would have to be
> > > server-side.
> > 
> > That's what they're planning to do, despite many objections. When will 
> > the FeSCo minutes be available on the wiki ? I would like to know who 
> > voted for this.
> 
> I'm planning to write up the summary later today, but the IRC logs are
> available as soon as the meeting ends.
> 
> http://bpepple.fedorapeople.org/fesco/

So, this is to dgilmore, bpepple, jds2001, and nirik (the 4 people that
voted for this action):  you have just made it highly likely that you
will not ever get my vote to participate as a member of FESCo again (I
don't say this as a threat, just to let you know that your actions in
this endeavor so directly counter what I want/expect out of FESCo that I
don't consider you the right people for the job any more).

I don't want you to think that I make this out of some sort of emotional
response to the removal though (after all, I've been talking about
immutable tags in my various git-repo threads), so let me explain.

Of the various reasons discussed for removing the makefile options, it
was confirmed that removing the option does not actually stop people
from changing tags, it just keeps it from being "easy".  It was
confirmed that the change does not solve the GPL compliance issue.  In
this thread, it's been brought up that many, many developers use this
capability responsibly day in and day out, while we have had only a
handful of irresponsible uses.

Given these facts, we can draw the following conclusions:

1)  The change does not solve the one actual real problem that needs
solved, the GPL compliance issue.
2)  The change interrupts many developer's work flow in the name of a
non-solution to the one real problem, the GPL compliance issue.
3)  The change attempts to sweep the real problem under the rug and does
not give any date or time line for a *real* solution to be effected.

I hate to say this, but these quotes from the IRC log are really what
bother me:

<dgilmore> notting: it makes it not blatant and easy to do
...
<spoleeba> dgilmore, mmcgrath mentioned legal issues in the discussion
thread as a motivation
<bpepple> spoleeba: right, gpl compliance.
<jwb> that's a bit of a red herring
<spoleeba> bpepple, lets be clear....afaict..this one action doesnt
actually solve the problem 
<jwb> correct
...
<abadger1999> spoleeba: We can definitely make all tagging operations
immutable.  Making just some immutable would need some planning but
could be done as well.
<spoleeba> abadger1999, for a later discussion

To dgilmore: Make no mistake about it, this change is 100% pure security
by obscurity.  It doesn't solve the real problem, and everyone that
voted for it acknowledges it doesn't solve the real problem.  You're
just sweeping it under the rug.  I'm actually quite disappointed that
anyone in the open source community still thinks this way.

To abadger1999: you had the right idea, talk about the *real* solution
instead of this non-solution, but you didn't push the issue hard enough.
They should have never been allowed to sweep the real problem under the
rug without at least having a firm deadline to solve the problem for
real, and some would argue that it would even be better to make the
problem worse so as to make it unavoidable, that way that couldn't just
sweep it under the rug but would have to address it properly.

Look guys, maybe what we have here is a case of mis-communication.  So,
let me communicate what I expect out of FESCo/Fedora.  Maybe I'm wrong
and my expectations are unreasonable.  If so, I'll accept that answer.
But what I saw here was what I would expect to see in some proprietary
company under a self imposed deadline that cuts corners to get the job
done.  I don't participate in Fedora for that.  I participate in Fedora
because it's *supposed* to be the a place where we put quality above
expediency and we don't just do things, we do them right.  In fact, I
care about that so much that it is definitely a valid voting item as far
as I'm concerned.  I don't see this as being anywhere close to doing
things right, this is a sloppy, half-assed attempt to deal with a
legitimate problem by not actually dealing with it at all.  I won't vote
for that, so by extension I won't vote for people that support doing
things this way.  If I'm in the wrong place, and Fedora is about doing
things the expedient way instead of the right way, let me know and I'll
let you be.

-- 
Doug Ledford <dledford at redhat.com>
              GPG KeyID: CFBFF194
              http://people.redhat.com/dledford

Infiniband specific RPMs available at
              http://people.redhat.com/dledford/Infiniband

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080915/16a7c121/attachment.sig>

More information about the fedora-devel-list mailing list