Hey Everyone, On behalf of the CPE team I want to draw the communities attention to a recent blog post which you may be impacted by: https://communityblog.fedoraproject.org/git-forge-requirements/ We will be seeking input and requirements in an open and transparent manner on the future of a git forge solution which will be run by the CPE team on behalf of the Fedora Community. This mail is being sent to the devel, mindshare and council-discuss lists for maximum visibility on a BCC to allow each list have their own views. Please forward it to any other list you may feel is relevant to maximise the exposure. Thanks in advance, Leigh

On Tue, Jan 21, 2020, 17:17 Fabio Valentini <decathorpe(a)gmail.com&gt; wrote: > > On Tue, Jan 21, 2020 at 5:40 PM Leigh Griffin <lgriffin(a)redhat.com&gt; wrote: > > > > Hey Everyone, > > > > On behalf of the CPE team I want to draw the communities attention to a recent blog post which you may be impacted by: > > https://communityblog.fedoraproject.org/git-forge-requirements/ > > > > We will be seeking input and requirements in an open and transparent manner on the future of a git forge solution which will be run by the CPE team on behalf of the Fedora Community. This mail is being sent to the devel, mindshare and council-discuss lists for maximum visibility on a BCC to allow each list have their own views. Please forward it to any other list you may feel is relevant to maximise the exposure. > > > > Thanks in advance, > > Leigh > > Alright, I have some questions that are not answered by the blog post. > > - What is going to happen to the two pagure instances at pagure.io, > and src.fedoraproject.org? > > I think pagure.io is a good home for fedora-related projects (it was > the successor to fedorahosted.org, after all, IIRC). I know that many > group efforts are hosting their source code, ticketing system, etc. > there (Go SIG, Stewardship SIG, FPC, FESCo, etc.). If it is decided to > shut down pagure.io, I assume those projects will have to be moved > somewhere?

That scenario assumes a certain result and decision from the requirements analysis so I genuinely have no answer here. Whatever choice we make, an impact analysis would be needed in some shape or form. That (and our next steps) will be done collaboratively in the open.

On Tue, Jan 21, 2020, 20:02 Fabio Valentini <decathorpe(a)gmail.com&gt; wrote: > > On Tue, Jan 21, 2020 at 8:30 PM Leigh Griffin <lgriffin(a)redhat.com&gt; wrote: > > > > > > > > On Tue, Jan 21, 2020, 17:17 Fabio Valentini <decathorpe(a)gmail.com&gt; wrote: > >> > >> On Tue, Jan 21, 2020 at 5:40 PM Leigh Griffin <lgriffin(a)redhat.com&gt; wrote: > >> > > >> > Hey Everyone, > >> > > >> > On behalf of the CPE team I want to draw the communities attention to a recent blog post which you may be impacted by: > >> > https://communityblog.fedoraproject.org/git-forge-requirements/ > >> > > >> > We will be seeking input and requirements in an open and transparent manner on the future of a git forge solution which will be run by the CPE team on behalf of the Fedora Community. This mail is being sent to the devel, mindshare and council-discuss lists for maximum visibility on a BCC to allow each list have their own views. Please forward it to any other list you may feel is relevant to maximise the exposure. > >> > > >> > Thanks in advance, > >> > Leigh > >> > >> Alright, I have some questions that are not answered by the blog post. > >> > >> - What is going to happen to the two pagure instances at pagure.io, > >> and src.fedoraproject.org? > >> > >> I think pagure.io is a good home for fedora-related projects (it was > >> the successor to fedorahosted.org, after all, IIRC). I know that many > >> group efforts are hosting their source code, ticketing system, etc. > >> there (Go SIG, Stewardship SIG, FPC, FESCo, etc.). If it is decided to > >> shut down pagure.io, I assume those projects will have to be moved > >> somewhere? > > (snip) > > > That scenario assumes a certain result and decision from the requirements analysis so I genuinely have no answer here. Whatever choice we make, an impact analysis would be needed in some shape or form. That (and our next steps) will be done collaboratively in the open. > > I'm sorry, but I'm genuinely confused now. Maybe I'm tired, or maybe > this is a language barrier issue ... but I'd hope that an impact > analysis of the different possibilities would be done *before* making > a decision, not after? > > I mean, whatever the "Git Forge Requirements" will be, we'd need to > know how any change will affect the projects and groups that are > currently using pagure ...

Sorry I should have been more detailed on the steps, that's on me. So we have a few steps in this process, first and foremost is this ODF document to figure out what are the real requirements/ use cases / features of a git forge. We gather and analyze that, combining the multiple stakeholder views and have our requirements to base an analysis on. We then evaluate what solution(s) meets the requirements and bring those solutions forward. We then perform impact analysis on what each path might look like from multiple perspectives which will include obvious costs from a time, money, resources perspective of using a git forge. A decision can be made then in an informed way as we know what we want to have, why we want it and what the cost may be. We haven't fully defined the criteria for that analysis yet as the requirements will no doubt throw up use cases and scenarios that we have to factor in. So this is very much a call to arms to help inform us of how you use a git forge and what your requirements are for one. Hope that clears it up and sorry for the lack of clarity.

Aside from GitLab being very anti-integration

Unfortunately, this is very difficult to manage with GitLab Omnibus based deployments

On Tue, Jan 21, 2020 at 4:04 pm, Neal Gompa <ngompa13(a)gmail.com&gt; wrote: > And any discussion of GitHub isn't going to involve self-hosted, it's > going to involve GitHub.com, which means we're talking about losing > more of our independence as a project. This is one of those things > that I'm not sure is a wise move. Well since we have a request for requirements: I propose requirements #1 and #2 are to be self-hosted and open source. I'm suspect the Fedora community would be outraged if we fail to meet either requirement.

From: "Michael Catanzaro" <mcatanzaro(a)gnome.org&gt; To: "Development discussions related to Fedora" <devel(a)lists.fedoraproject.org&gt; Sent: Tuesday, January 21, 2020 4:31:47 PM Subject: Re: Git Forge Requirements: Please see the Community Blog On Tue, Jan 21, 2020 at 4:04 pm, Neal Gompa <ngompa13(a)gmail.com&gt; wrote: > And any discussion of GitHub isn't going to involve self-hosted, it's > going to involve GitHub.com, which means we're talking about losing > more of our independence as a project. This is one of those things > that I'm not sure is a wise move. Well since we have a request for requirements: I propose requirements #1 and #2 are to be self-hosted and open source. I'm suspect the Fedora community would be outraged if we fail to meet either requirement. So if we can agree on that much, then we can avoid wasting time by including GitHub in the list of options. That would bring us to a choice between GitLab CE and Pagure. (Are there any other serious options?)

Michael _______________________________________________ devel mailing list -- devel(a)lists.fedoraproject.org To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

Am 21.01.20 um 22:31 schrieb Michael Catanzaro: > Well since we have a request for requirements: I propose requirements #1 and > #2 are to be self-hosted and open source. +1

I am with you on open source, but I don't understand the 'self-hosted' requirement. I guess I agree that self hosting should be possible, in case someone wants to fork our distro and use our tools, but if we can convince a open source project to maintain our dist git for us, why is that bad?

On Tue, Jan 21, 2020 at 4:04 pm, Neal Gompa <ngompa13(a)gmail.com&gt; wrote: > And any discussion of GitHub isn't going to involve self-hosted, it's > going to involve GitHub.com, which means we're talking about losing > more of our independence as a project. This is one of those things > that I'm not sure is a wise move. Well since we have a request for requirements: I propose requirements #1 and #2 are to be self-hosted and open source. I'm suspect the Fedora community would be outraged if we fail to meet either requirement. So if we can agree on that much, then we can avoid wasting time by including GitHub in the list of options. That would bring us to a choice between GitLab CE and Pagure. (Are there any other serious options?) Michael

Both Gitea and Gogs are potential options, in my opinion, both are lightweight and easy to extend.

If we go this way, in a few years we will end up in the same situation as with Pagure today. We will have many custom patches (which we need to take care of) and we will not have manpower to compete with the features of other major git forges.

We don't need to. There are improvements that people would like, and that does take development effort. That's the piece that requires manpower to go faster.

including GitHub in the list of options. That would bring us to a choice between GitLab CE and Pagure. (Are there any other serious options?)

IIRC phabricator does not issue tracking which mean it would not fit the use-case of FESCo, FPC and other groups that are mostly using pagure as a ticketing system.

On Tue, Jan 21, 2020 at 4:04 pm, Neal Gompa <ngompa13(a)gmail.com&gt; wrote: > And any discussion of GitHub isn't going to involve self-hosted, it's > going to involve GitHub.com, which means we're talking about losing > more of our independence as a project. This is one of those things > that I'm not sure is a wise move. Well since we have a request for requirements: I propose requirements #1 and #2 are to be self-hosted and open source. I'm suspect the Fedora community would be outraged if we fail to meet either requirement. So if we can agree on that much, then we can avoid wasting time by including GitHub in the list of options. That would bring us to a choice between GitLab CE and Pagure. (Are there any other serious options?)

Michael _______________________________________________ devel mailing list -- devel(a)lists.fedoraproject.org To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

On Wed, Jan 22, 2020 at 9:48 AM Clement Verna <cverna(a)fedoraproject.org&gt; wrote: > > > > On Tue, 21 Jan 2020 at 22:32, Michael Catanzaro <mcatanzaro(a)gnome.org&gt; wrote: >> >> On Tue, Jan 21, 2020 at 4:04 pm, Neal Gompa <ngompa13(a)gmail.com&gt; wrote: >> > And any discussion of GitHub isn't going to involve self-hosted, it's >> > going to involve GitHub.com, which means we're talking about losing >> > more of our independence as a project. This is one of those things >> > that I'm not sure is a wise move. >> >> Well since we have a request for requirements: I propose requirements >> #1 and #2 are to be self-hosted and open source. I'm suspect the Fedora >> community would be outraged if we fail to meet either requirement. >> >> So if we can agree on that much, then we can avoid wasting time by >> including GitHub in the list of options. That would bring us to a >> choice between GitLab CE and Pagure. (Are there any other serious >> options?) > > > Thanks for actually proposing some requirements :-). > > In my opinion there are 2 different use cases : > > - pagure.io : > For me the requirements here is to provide a place for community members to host there projects. And project here can mean anything it can be actual source code, documentation, or just a README with some info about a team or like many team have just a ticket tracker. Once of the strong requirement is that whatever the solution is it needs to integrate with Fedora Account System and user should be able to use Single Sign On. Regarding the use case where a team wants to have a issue tracker and maybe a README to give details about how to contribute to that team I think teams.fedoraproject.org should be the prefered solution, for the second where people want to host a git project (code, documentation, book, etc ...) I don't think this needs to be solved by the Fedora community, there are many options (free and non free, as in freedom) which have dedicated infrastructure and dedicated teams running this type of service. > > > - dist-git (src.fedoraproject.org): > This is a different use case, since here the solution needs to integrate with the rest of the infrastructure. the list of requirements here will be more specific for example it needs to be able to integrate with Fedora FAS but also to have the FAS group synced, branch ACLs, a way to integrate with release-monitoring, a way to integrate with bugzilla, a way to integrate with fedora-messaging (RabbitMQ), .... > In general I think most of the integration with our infrastructure can be done with any solution either using the solution APIs or plugins system. After we need to compare the cost of developing and maintaining these pieces of glue to integrate everything against the current situation. > If we go for splitting up use cases, than I'd like to highlight one thing: src.fedoraproject.org is not a GitForge, it is a centrally managed code-review platform Git Forges play a lot with the idea of users being able to create their own forks of the repository, their own projects, with their own rules. src.fp.org is the integrated platform where Fedora rules are in action. This is different from the use case KDE and Gnome have, as they manage development of projects, while we manage the integration. And while GitHub and GitLab are well know leaders in the Git Forge business, they are actually not that good when it comes to the topics of 1) managing the large multi-component project in a unified way under central authority; 2) managing actual code review process. Code Review platforms, like Gerrit are way better at that. To see an example, take a look at the management of projects and groups in Gerrit. Or take a look on integration of CI systems. GitHub still struggles to make it natural part of the interface. We _can_ implement centralized code review platform on top of any Git Forge service. But let's maybe consider using the right tool for the right job? The obvious counter-argument here is: most of the users are uncomfortable with any interface other than GitHub. No matter if the interface is superior, or lighter, or nicer, there is still going to be that thing that it is _unusual_. We, as a Linux distribution, know this argument pretty well. We, as Fedora Linux distribution, know it even better: you can not bring something new if you are scared of unusual things. Should it stop us? We do need a better discoverability and visibility in the generic development community. But it is a solvable task: we can create a read-only mirror of our code on every common platform out there. We can use it as an opportunity to show what we do, but also to teach how we do it. For example OpenStack has a bot which replies on every GitHub issue and pull-request to the read-only mirrored repository with a manual on how one can send the same change through the OpenStack development process. We would need to do it the same way anyway, if we land on anything other than GitHub.

On 22. 01. 20 12:19, Neal Gompa wrote:>> We do need a better discoverability and visibility in the generic >> development community. But it is a solvable task: we can create a >> read-only mirror of our code on every common platform out there. We >> can use it as an opportunity to show what we do, but also to teach how >> we do it. For example OpenStack has a bot which replies on every >> GitHub issue and pull-request to the read-only mirrored repository >> with a manual on how one can send the same change through the >> OpenStack development process. We would need to do it the same way >> anyway, if we land on anything other than GitHub. > > I'm sorry, no. I absolutely despise the Gerrit workflow that OpenStack > uses. To me, the only thing worse than Gerrit is the email/bz patch > submission workflow we used prior to Pagure. Gerrit would be a step up > from that legacy workflow, but it pushes too much crap onto the > contributor that it's a great way to demotivate people. > > Having contributed to projects using Gerrit, and previously dealt with > Gerrit based workflows, I can honestly say that Gerrit is absolutely a > miserable experience and the OpenStack project should feel bad about > the fact that they think Gerrit provides a good user experience. > What's worse is that the stupid bot that they use on GitHub mirrors is > completely unfriendly to drive-by contributors. The OpenStack Project > is an example of how to make it fundamentally driven by corporate > developers who force asinine workflows because they can't be bothered > to make a proper community full of a mixture of hobbyists and > corporate contributors. And don't get me started on the fact that > there are no distributions of OpenStack on community Linux > distributions anymore, which I further indicate as evidence that the > OpenStack community is too insular for its own good. RDO does not > count since it doesn't work on *real* community distributions like > Fedora. While I don't necessarily agree with the tone,

I must agree the the Gerrit experience for drive by contributors is one of the most horrible ones I had. I even think sending patches over e-mail is probably better. > The main reason I haven't pursued it is because CentOS CI is so > unreliable and awful. It's demoralizing getting failures and then > looking at Jenkins and seeing there are no logs of the failure. Or the > increasing number of "error" states where it just breaks... This has been reported a year ago, without a fix so far: During running tests, it's very hard to see what's happening https://pagure.io/fedora-ci/general/issue/2 CI errors are undecipherable https://pagure.io/fedora-ci/general/issue/43 CI errors happen far to often https://pagure.io/fedora-ci/general/issue/44 I've been trying to make those issues a priority when we adapted gating, but I was outvoted at FESCo. -- Miro Hrončok -- Phone: +420777974800 IRC: mhroncok _______________________________________________ devel mailing list -- devel(a)lists.fedoraproject.org To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

I think that it would be more productive if you try to rationalize this opinion. I don't want to argue about the feeling you have, but I would be interested in comparing notes on what exactly "Gerrit workflow" means to you, and whether or not it is the same thing to me.

* Miro Hrončok: > On 22. 01. 20 13:12, Aleksandra Fedorova wrote: > > I think that it would be more productive if you try to rationalize this opinion. > > I don't want to argue about the feeling you have, but I would be > > interested in comparing notes on what exactly "Gerrit workflow" means > > to you, and whether or not it is the same thing to me. > > Note that I don't describe an experience with a workflow. I am > describing a drive by contributor experience: > > 1. you send a Pull Request over a familiar channel > 2. a bot tells you that you cannot do this and you need to follow this > tutorial instead > 3. you push your code to some place that is far to overocmplicated to navigate > 4. magic happens, there is no way to see what's going on unless you > have experienced this before > 5. you get dozens of bot e-mail you don't understand > 6. eventually hopefully the bot merges the thing Does that really matter for src.fedoraproject.org and the current dist-git model? Even if you want to make a really simple change (such as fixing a typo in the --help message), src.fedoraproject.org will not show you the file you need to edit, or provide you with tools to produce a patch/commit to submit. The Github model is different: you would just click on the 🖉 button, make your change, add a description, and click “Propose file change”. But even if we switched src.fedoraproject.org to Github, this would only work for RPM spec file changes. You would still not be able to edit the --help message directly.

That's why I think that there is little risk of random drive-by contributions: people just won't find a place to make the changes they want. (The potential FPCA issue I raised separately still exists, though.) Thanks, Florian _______________________________________________ devel mailing list -- devel(a)lists.fedoraproject.org To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

can we have the power, scalability and feature-richness of a platform like Gerrit, but (optionally) hidden under the hood so that there is a "simple mode" for people who just need a one-time contribution?

On Wed, Jan 22, 2020 at 6:06 AM Aleksandra Fedorova <alpha(a)bookwar.info&gt; wrote: > > On Wed, Jan 22, 2020 at 9:48 AM Clement Verna <cverna(a)fedoraproject.org&gt; wrote: > > > > > > > > On Tue, 21 Jan 2020 at 22:32, Michael Catanzaro <mcatanzaro(a)gnome.org&gt; wrote: > >> > >> On Tue, Jan 21, 2020 at 4:04 pm, Neal Gompa <ngompa13(a)gmail.com&gt; wrote: > >> > And any discussion of GitHub isn't going to involve self-hosted, it's > >> > going to involve GitHub.com, which means we're talking about losing > >> > more of our independence as a project. This is one of those things > >> > that I'm not sure is a wise move. > >> > >> Well since we have a request for requirements: I propose requirements > >> #1 and #2 are to be self-hosted and open source. I'm suspect the Fedora > >> community would be outraged if we fail to meet either requirement. > >> > >> So if we can agree on that much, then we can avoid wasting time by > >> including GitHub in the list of options. That would bring us to a > >> choice between GitLab CE and Pagure. (Are there any other serious > >> options?) > > > > > > Thanks for actually proposing some requirements :-). > > > > In my opinion there are 2 different use cases : > > > > - pagure.io : > > For me the requirements here is to provide a place for community members to host there projects. And project here can mean anything it can be actual source code, documentation, or just a README with some info about a team or like many team have just a ticket tracker. Once of the strong requirement is that whatever the solution is it needs to integrate with Fedora Account System and user should be able to use Single Sign On. Regarding the use case where a team wants to have a issue tracker and maybe a README to give details about how to contribute to that team I think teams.fedoraproject.org should be the prefered solution, for the second where people want to host a git project (code, documentation, book, etc ...) I don't think this needs to be solved by the Fedora community, there are many options (free and non free, as in freedom) which have dedicated infrastructure and dedicated teams running this type of service. > > > > > > - dist-git (src.fedoraproject.org): > > This is a different use case, since here the solution needs to integrate with the rest of the infrastructure. the list of requirements here will be more specific for example it needs to be able to integrate with Fedora FAS but also to have the FAS group synced, branch ACLs, a way to integrate with release-monitoring, a way to integrate with bugzilla, a way to integrate with fedora-messaging (RabbitMQ), .... > > In general I think most of the integration with our infrastructure can be done with any solution either using the solution APIs or plugins system. After we need to compare the cost of developing and maintaining these pieces of glue to integrate everything against the current situation. > > > > If we go for splitting up use cases, than I'd like to highlight one thing: > > src.fedoraproject.org is not a GitForge, it is a centrally managed > code-review platform > > Git Forges play a lot with the idea of users being able to create > their own forks of the repository, their own projects, with their own > rules. src.fp.org is the integrated platform where Fedora rules are in > action. This is different from the use case KDE and Gnome have, as > they manage development of projects, while we manage the integration. > > And while GitHub and GitLab are well know leaders in the Git Forge > business, they are actually not that good when it comes to the topics > of 1) managing the large multi-component project in a unified way > under central authority; 2) managing actual code review process. > > Code Review platforms, like Gerrit are way better at that. > > To see an example, take a look at the management of projects and > groups in Gerrit. Or take a look on integration of CI systems. GitHub > still struggles to make it natural part of the interface. > > We _can_ implement centralized code review platform on top of any Git > Forge service. But let's maybe consider using the right tool for the > right job? > > > The obvious counter-argument here is: most of the users are > uncomfortable with any interface other than GitHub. No matter if the > interface is superior, or lighter, or nicer, there is still going to > be that thing that it is _unusual_. > > We, as a Linux distribution, know this argument pretty well. We, as > Fedora Linux distribution, know it even better: you can not bring > something new if you are scared of unusual things. Should it stop us? > > We do need a better discoverability and visibility in the generic > development community. But it is a solvable task: we can create a > read-only mirror of our code on every common platform out there. We > can use it as an opportunity to show what we do, but also to teach how > we do it. For example OpenStack has a bot which replies on every > GitHub issue and pull-request to the read-only mirrored repository > with a manual on how one can send the same change through the > OpenStack development process. We would need to do it the same way > anyway, if we land on anything other than GitHub. I'm sorry, no. I absolutely despise the Gerrit workflow that OpenStack uses. To me, the only thing worse than Gerrit is the email/bz patch submission workflow we used prior to Pagure. Gerrit would be a step up from that legacy workflow, but it pushes too much crap onto the contributor that it's a great way to demotivate people. Having contributed to projects using Gerrit, and previously dealt with Gerrit based workflows, I can honestly say that Gerrit is absolutely a miserable experience and the OpenStack project should feel bad about the fact that they think Gerrit provides a good user experience. What's worse is that the stupid bot that they use on GitHub mirrors is completely unfriendly to drive-by contributors. The OpenStack Project is an example of how to make it fundamentally driven by corporate developers who force asinine workflows because they can't be bothered to make a proper community full of a mixture of hobbyists and corporate contributors. And don't get me started on the fact that there are no distributions of OpenStack on community Linux distributions anymore, which I further indicate as evidence that the OpenStack community is too insular for its own good. RDO does not count since it doesn't work on *real* community distributions like Fedora. (Sorry, but OpenStack makes me angry for a variety of reasons, and in my view, it's a failure as a community)

At least with Pagure, we have a bloody chance of being able to do something interesting like synchronize PR states across different mirrors of Fedora packages. An idea I've had for the Pagure project itself would be to monitor when PRs are made on the GitHub.com and GitLab.com mirrors and automatically open up remote PRs pointing to the canonical Pagure repo and synchronize review information from Pagure to GitHub/GitLab and back. This is possible because Pagure is so flexible with how pull requests work, and because I don't particularly care if a PR shows up as "merged" on the GitHub.com/GitLab.com side. :)

The main reason I haven't pursued it is because CentOS CI is so unreliable and awful. It's demoralizing getting failures and then looking at Jenkins and seeing there are no logs of the failure. Or the increasing number of "error" states where it just breaks...

Il giorno 21 gen 2020, alle ore 18:15, Fabio Valentini <decathorpe(a)gmail.com&gt; ha scritto: On Tue, Jan 21, 2020 at 5:40 PM Leigh Griffin <lgriffin(a)redhat.com <mailto:lgriffin@redhat.com>> wrote: > > Hey Everyone, > > On behalf of the CPE team I want to draw the communities attention to a recent blog post which you may be impacted by: > https://communityblog.fedoraproject.org/git-forge-requirements/ <https://communityblog.fedoraproject.org/git-forge-requirements/> > > We will be seeking input and requirements in an open and transparent manner on the future of a git forge solution which will be run by the CPE team on behalf of the Fedora Community. This mail is being sent to the devel, mindshare and council-discuss lists for maximum visibility on a BCC to allow each list have their own views. Please forward it to any other list you may feel is relevant to maximise the exposure. > > Thanks in advance, > Leigh Alright, I have some questions that are not answered by the blog post. - What is going to happen to the two pagure instances at pagure.io <http://pagure.io/>;, and src.fedoraproject.org <http://src.fedoraproject.org/>? I think pagure.io <http://pagure.io/> is a good home for fedora-related projects (it was the successor to fedorahosted.org <http://fedorahosted.org/>;, after all, IIRC). I know that many group efforts are hosting their source code, ticketing system, etc. there (Go SIG, Stewardship SIG, FPC, FESCo, etc.). If it is decided to shut down pagure.io <http://pagure.io/>;, I assume those projects will have to be moved somewhere?

Also, it's very nice to have a PR-based workflow for some shared-maintenance packages on src.fedoraproject.org <http://src.fedoraproject.org/>;, and I don't think losing that feature would be a good thing for fedora.

- How is GitHub considered to be an alternative here?

I don't think (public or hosted) GitHub can do what is currently done on src.fedoraproject.org <http://src.fedoraproject.org/>;, can it? I'd also not want to see fedora use a closed-source product for such a core service ... - Which features are missing from pagure, compared to the other forges?

For my purposes, I don't miss any feature on pagure.io <http://pagure.io/> compared to my repositories on github.com <http://github.com/>;, and OTTOMH, I can't come up with any missing features, at all …

TL;DR: Can we please keep pagure? It already has the fedora-specific features we need, and I don't mind a "slow" pace of development. In my experience, it works really well, and I actually *like* to use it (which is not true for GitLab ... which is slow and horrible)

Fabio

For a period of time, IDM tried using Pagure for FreeIPA development. They filed a huge number of issues. Now we host issues on Pagure, and have moved development to GitHub. [*] I think we've mostly quit filing bugs; the Pagure team has done a good job with the resources they've been given, but they definitely need more resources to pull this off to a high level.

I still try and file issues from time to time... ...but Pagure really doesn't compare in quality to Gogs/Gitea, much less GitLab or GitHub from strictly a development point of view. My 2c. - Alex [*]: My team (Dogtag) is also considering moving our issues off of Pagure onto GitHub, to host them along side our code. I don't claim to speak for all of IDM here though, just noting what they've done. > > > > TL;DR: > > Can we please keep pagure? It already has the fedora-specific features > > we need, and I don't mind a "slow" pace of development. > > In my experience, it works really well, and I actually *like* to use > > it (which is not true for GitLab ... which is slow and horrible) > +1 > > > Fabio > > I totally agree with Fabio, I can’t think of a single reason we should > dismiss pagure. > > Ciao > Guido > FAS: tartina > _______________________________________________ > devel mailing list -- devel(a)lists.fedoraproject.org > To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > _______________________________________________ devel mailing list -- devel(a)lists.fedoraproject.org To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

I totally agree with Fabio, I can’t think of a single reason we should dismiss pagure.

On 1/21/20 4:59 PM, Felix Schwarz wrote: > (Though > I somehow got used to pagure and getting the gitlab integration to the same > level as pagure currently will be a lot of work for sure.) Maybe I'm just a grumpy old system admin but it sounds like a lot of work for little, if any, gain.

Felix Schwarz <fschwarz(a)fedoraproject.org&gt; writes: > Am 21.01.20 um 21:48 schrieb Guido Aulisi: >> I totally agree with Fabio, I can’t think of a single reason we should >> dismiss pagure. > > Gitlab is used by many free software communities like Freedesktop, Gnome, > Debian. Using the same tools could help to facilitate > inter-process/inter-distro collaboration. > > Personally I guess github would attract most contributions for Fedora from > new contributors but it is closed source so I'd prefer gitlab for Fedora. > (Though I somehow got used to pagure and getting the gitlab integration > to the same level as pagure currently will be a lot of work for sure.) On top of that Gitlab is a huge Ruby on Rails application and (at least I have the feeling that) the Fedora community doesn't have so many Ruby developers in comparison to Python developers, so implementing something comparable could be challenging let alone from the manpower point of view. And then there's the issue that we are not upstream and might have to maintain the integration as a downstream patch forever as upstream might not want it. Cheers, Dan

On Wed, Jan 22, 2020 at 4:59 AM Dan Čermák <dan.cermak(a)cgc-instruments.com&gt; wrote: > > Felix Schwarz <fschwarz(a)fedoraproject.org&gt; writes: > > > Am 21.01.20 um 21:48 schrieb Guido Aulisi: > >> I totally agree with Fabio, I can’t think of a single reason we should dismiss > >> pagure. > > > > Gitlab is used by many free software communities like Freedesktop, Gnome, > > Debian. Using the same tools could help to facilitate > > inter-process/inter-distro collaboration. > > > > Personally I guess github would attract most contributions for Fedora from new > > contributors but it is closed source so I'd prefer gitlab for Fedora. (Though > > I somehow got used to pagure and getting the gitlab integration to the same > > level as pagure currently will be a lot of work for sure.) > > On top of that Gitlab is a huge Ruby on Rails application and (at least > I have the feeling that) the Fedora community doesn't have so many Ruby > developers in comparison to Python developers, so implementing something > comparable could be challenging let alone from the manpower point of > view. That's the whole point of APIs, and I'm sure they provide bindings for those APIs to assist in the process.

> And then there's the issue that we are not upstream and might have to > maintain the integration as a downstream patch forever as upstream might > not want it. They've provided pretty good support to various other open source communities such as GNOME and Freedesktop/Xorg.

I think we should be looking at this from a different PoV.... like the given the resources that we currently have attempting to develop a git forge what could they do if someone else was doing that what other awesome things could they achieve if they were able to deal with integration as opposed to just playing catch up.

On Wed, 2020-01-22 at 05:00 -0500, Neal Gompa wrote: > > > > On top of that Gitlab is a huge Ruby on Rails application and (at least > > > I have the feeling that) the Fedora community doesn't have so many Ruby > > > developers in comparison to Python developers, so implementing something > > > comparable could be challenging let alone from the manpower point of > > > view. > > > > That's the whole point of APIs, and I'm sure they provide bindings for > > those APIs to assist in the process. > > > > Sorry, no they don't. There are some community projects that provide > some overlays to some of the APIs, but they are in various states of > disrepair. Some are doing somewhat okay, but it's difficult since > their churn rate also includes API breakages. https://github.com/python-gitlab/python-gitlab looks like a pretty actively maintained thing which claims to be compatible with current Gitlab API.

On Wed, Jan 22, 2020 at 1:05 AM Peter Robinson <pbrobinson(a)gmail.com&gt; wrote: > > On Wed, Jan 22, 2020 at 4:59 AM Dan Čermák > <dan.cermak(a)cgc-instruments.com&gt; wrote: > > > > Felix Schwarz <fschwarz(a)fedoraproject.org&gt; writes: > > > > > Am 21.01.20 um 21:48 schrieb Guido Aulisi: > > >> I totally agree with Fabio, I can’t think of a single reason we should dismiss > > >> pagure. > > > > > > Gitlab is used by many free software communities like Freedesktop, Gnome, > > > Debian. Using the same tools could help to facilitate > > > inter-process/inter-distro collaboration. > > > > > > Personally I guess github would attract most contributions for Fedora from new > > > contributors but it is closed source so I'd prefer gitlab for Fedora. (Though > > > I somehow got used to pagure and getting the gitlab integration to the same > > > level as pagure currently will be a lot of work for sure.) > > > > On top of that Gitlab is a huge Ruby on Rails application and (at least > > I have the feeling that) the Fedora community doesn't have so many Ruby > > developers in comparison to Python developers, so implementing something > > comparable could be challenging let alone from the manpower point of > > view. > > That's the whole point of APIs, and I'm sure they provide bindings for > those APIs to assist in the process. > Sorry, no they don't. There are some community projects that provide some overlays to some of the APIs, but they are in various states of disrepair. Some are doing somewhat okay, but it's difficult since their churn rate also includes API breakages. > > And then there's the issue that we are not upstream and might have to > > maintain the integration as a downstream patch forever as upstream might > > not want it. > > They've provided pretty good support to various other open source > communities such as GNOME and Freedesktop/Xorg. > Yes, but neither of those communities actually have terribly special requirements. In fact, those communities either had *nothing* in terms of infrastructure (FreeDesktop/Xorg) or were willing to throw everything away for GitLab (GNOME). We would not fit in either bucket, which makes GitLab a very awkward fit for us. And GitLab CI is a poor fit for Fedora because it doesn't offer a good model for distribution-scale integration and delivery. At $DAYJOB, I have been maintaining a heavily used GitLab system for three years, and I have some fairly good experience understanding where it fits well since $DAYJOB folks try to exploit as many features that are reasonably useful as possible. And frankly, it works well for GNOME and FDO because multi-project integration is not a fundamental requirement for the projects hosted there. For Fedora, this *is* a fundamental requirement, and the Fedora CI people are working gloriously towards the goal of having that be fully in place. > I think we should be looking at this from a different PoV.... like the > given the resources that we currently have attempting to develop a git > forge what could they do if someone else was doing that what other > awesome things could they achieve if they were able to deal with > integration as opposed to just playing catch up. That's not the motivation here. And honestly, I've *never* seen that happen.

That's also a somewhat negative view of this, because it implies we're not doing something awesome now. Pagure fills a niche that currently isn't filled by anything else today and works rather well in doing so. Pagure is actually a pretty awesome forge that provides some unique capabilities: * Remote pull requests, allowing people working on their own servers to contribute to projects on Pagure * Support for fully offline workflows (this is actually possible due to Pagure's fundamental design) * Full state project mirroring in a reasonably portable manner * Full themeability without pain (that's fairly recent, but it's nice!) * First-class support for integrating with other solutions (best of breed combinations rather than difficult monoliths) Downstream distributions can actually fully mirror src.fp.o without too much pain, including PRs, and do further work based on it. That's not really a thing in other forges. I know that I've been using that property for some of $DAYJOB work and personal work too, and it really makes life quite nice. Since Pagure 5.0, I've been a very happy user of the Pagure forge, as the usability of the system has gone way up and it is very close to my vision of what a Free Software forge should be like. Pagure makes our island have bridges to other islands, as opposed to all these GitLab servers that are closed islands. And there's this worry that GitLab will go the same path Transifex did. They have a ton of incentives to do so, and they already are starting to with the consideration of injecting nonfree JavaScript in all variants. And if you think community forks are going to survive on the GitLab codebase, oh boy, nope. That codebase is *huge* and complex. It's a combination of Ruby and Go that has one of the most baffling architectures I've observed. The RhodeCode fork Kallithea is many times smaller and is equally struggling. Pagure is also slowly growing as a community in its own right and there are various groups aligned with Pagure's vision that are interested in adopting it as their solution and contributing to the project. Part of this has been somewhat due to my campaigning for it in aligned communities, of course, but it's also because Pagure is genuinely good and unique among Git forge solutions. Pagure is also proof that Fedora can be innovative in a very positive way. It was a rough start, but we've got a groove going, let's not kill it!

The Pagure.io forge really is only missing some kind of self-service CI to make it generically useful. CentOS CI is a trash heap and needs to be replaced by a better solution that allows self-service enablement. I'm sorry, but whoever thought that CentOS CI would scale or work reasonably well needs to rethink their priorities. It's the only part of the Pagure.io forge system that isn't self-service, and it shows with the poor levels of CI adoption. -- 真実はいつも一つ！/ Always, there's only one truth! _______________________________________________ devel mailing list -- devel(a)lists.fedoraproject.org To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

On Wed, 2020-01-22 at 05:00 -0500, Neal Gompa wrote: > > > And then there's the issue that we are not upstream and might > > > have to > > > maintain the integration as a downstream patch forever as > > > upstream might > > > not want it. > > > > They've provided pretty good support to various other open source > > communities such as GNOME and Freedesktop/Xorg. > > > > Yes, but neither of those communities actually have terribly special > requirements. In fact, those communities either had *nothing* in > terms > of infrastructure (FreeDesktop/Xorg) or were willing to throw > everything away for GitLab (GNOME). We would not fit in either > bucket, > which makes GitLab a very awkward fit for us. “Throw everything away”? Just how much of the transition did you follow? GitLab was more than accommodating in pulling features out of the enterprise edition into the community one that were crucial for our workflows. It was not done on a whim and I really resent your statements here.

On Wed, 2020-01-22 at 09:12 -0500, Neal Gompa wrote: > On Wed, Jan 22, 2020 at 9:08 AM Ernestas Kulik <ekulik(a)redhat.com&gt; > wrote: > > On Wed, 2020-01-22 at 05:00 -0500, Neal Gompa wrote: > > > > > And then there's the issue that we are not upstream and might > > > > > have to > > > > > maintain the integration as a downstream patch forever as > > > > > upstream might > > > > > not want it. > > > > > > > > They've provided pretty good support to various other open > > > > source > > > > communities such as GNOME and Freedesktop/Xorg. > > > > > > > > > > Yes, but neither of those communities actually have terribly > > > special > > > requirements. In fact, those communities either had *nothing* in > > > terms > > > of infrastructure (FreeDesktop/Xorg) or were willing to throw > > > everything away for GitLab (GNOME). We would not fit in either > > > bucket, > > > which makes GitLab a very awkward fit for us. > > > > “Throw everything away”? Just how much of the transition did you > > follow? > > > > GitLab was more than accommodating in pulling features out of the > > enterprise edition into the community one that were crucial for our > > workflows. It was not done on a whim and I really resent your > > statements here. > > > > I followed it pretty closely. In the GNOME case, you were willing to > throw away Bugzilla, CGit, and older CI infrastructure to replace it > with GitLab. You guys also renamed some of your repositories to > accommodate the restrictions on project naming by GitLab. A lot of > retooling was required as part of the transition to GitLab for GNOME. What? Do you suggest adding more infrastructure to maintain on (at the time) a singular sysadmin? Bugzilla and cgit were to be made redundant, that’s the whole point here. The “older CI infrastructure” is still there and has been semi-broken forever, so that’s as immaterial as it gets. The development for the replacement was only nudged by the GitLab transition. I don’t even know how to approach the accusation that we bent over backwards to appease the overlords, dictating repository naming. Yes, GTK, most prominently, was renamed as a result. It really was more a pretext, because no one cares about the plus and it was historical baggage. > That, by my definition, is throwing away everything. It had knock on > effects for everyone downstream as well, as all the tools for > tracking > GNOME also broke and needed to change. Again, that's fine if the > community is generally accepting of this pain, but it is still pain, > even if you refuse to acknowledge it. Please don’t say I’m in denial just because I don’t agree with what you’re trying to convey here. My observation is that the pipelines that were built only managed to improve developers’ workflows by automating as much as possible with a tool that tries to provide that. Those, who preferred the old ways, adjusted as best they could, too, even only taking patches in GitLab issues instead of working with merge requests. You can only imagine how many external contributions those projects see.

-- Ernestas Kulik Associate Software Engineer - Base Operating Systems (Core Services/ABRT) Red Hat Czech, s.r.o. _______________________________________________ devel mailing list -- devel(a)lists.fedoraproject.org To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

I followed it pretty closely. In the GNOME case, you were willing to throw away Bugzilla, CGit, and older CI infrastructure to replace it with GitLab.

On Wed, 2020-01-22 at 11:37 -0600, Michael Catanzaro wrote: > they all picked GitLab CE. Hi, I do not want to pollute this thread with unrelated information, but for what it worth, I only recently realized that GitLab CE, the one hosted on GNOME, does not have searching working properly. I filled a bug upstream [1]. Being able to reliably search in issues is rather essential function, from my point of view. I'm wondering how they can search for anything when they've filled 10k+ issues. Anyway, if you think this doesn't belong to this thread then I apologize.

On Wed, 2020-01-22 at 13:28 -0500, Neal Gompa wrote: > On Wed, Jan 22, 2020 at 12:58 PM Milan Crha <mcrha(a)redhat.com&gt; wrote: > > On Wed, 2020-01-22 at 11:37 -0600, Michael Catanzaro wrote: > > > they all picked GitLab CE. > > > > Hi, > > I do not want to pollute this thread with unrelated information, > > but for what it worth, I only recently realized that GitLab CE, the one > > hosted on GNOME, does not have searching working properly. I filled a > > bug upstream [1]. Being able to reliably search in issues is rather > > essential function, from my point of view. I'm wondering how they can > > search for anything when they've filled 10k+ issues. > > > > Anyway, if you think this doesn't belong to this thread then I > > apologize. > > Fulltext search in GitLab is an Enterprise Edition feature and > requires a separate deployment of ElasticSearch. Ouch - really ? :-( Well, I guess that demonstrates quite nicely the dangers of open core projects right here and there...

On Wed, Jan 22, 2020 at 11:37 am, Michael Catanzaro <mcatanzaro(a)gnome.org&gt; wrote: > It doesn't have as many features as github.com, Sorry, this was a typo. I meant: it doesn't have as many features as gitlab.com. _______________________________________________ devel mailing list -- devel(a)lists.fedoraproject.org To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

This thread is serving as a source of requirements (although it has meandered dramatically away from that)

On Tue, Jan 28, 2020, 22:06 Iñaki Ucar <iucar(a)fedoraproject.org&gt; wrote: > > On Tue, 28 Jan 2020 at 20:58, Leigh Griffin <lgriffin(a)redhat.com&gt; wrote: > > > > This thread is serving as a source of requirements (although it has meandered dramatically away from that) > > When I first read the post, my thought was: wow, what a convoluted and > abstruse way of saying "we want to abandon Pagure". Probably this > wasn't your intent, but that's what I got. And given the reactions, > other people too. The linked blog to the ODF is very explicit that Pagure is one of the 3 forge options we are considering. I can't stress enough that it's a viable choice and ultimately what we opt for will come down to an analysis driven by the requirements gathered. I'm unsure how the blog has been interpreted any other way but hopefully this clears it up.

If you (and others) elaborate on how you use Pagure (and other forges) and what you value from your day to day usage, we will take that on board and use it to drive our decision making.

To me that's the all point of this process, let's put down what we *really* *really* need and  then look at the different options.

On Wed, Jan 29, 2020 at 03:22:25PM +0100, Julen Landa Alustiza wrote: > (snip) > > 20/1/29 14:49(e)an, Clement Verna igorleak idatzi zuen: > >To me that's the all point of this process, let's put down what we > >*really* *really* need and then look at the different options. > > > > Do we *really* *really* need to compete with other full featured git > forges on features? The ODF says that this is one of the problem. > Well, imo we don't *really* *really* need to compete with them. > > Actually we already have the features that we *really* *really* > need. Otherwise we could not release fedora using pagure as we are > using, could we? :) So let's revert the question, pagure does the what it needs to do and enough of it, otherwise we would not be using it. What does pagure miss that other solutions have and that could be considered a requirement? It could be that we don't **need** pagure to do anything more than what it does today, which moves the discussion off a technical ground.

On Wed, Jan 29, 2020 at 9:29 AM Pierre-Yves Chibon <pingou(a)pingoured.fr&gt; wrote: > > On Wed, Jan 29, 2020 at 03:22:25PM +0100, Julen Landa Alustiza wrote: > > (snip) > > > > 20/1/29 14:49(e)an, Clement Verna igorleak idatzi zuen: > > >To me that's the all point of this process, let's put down what we > > >*really* *really* need and then look at the different options. > > > > > > > Do we *really* *really* need to compete with other full featured git > > forges on features? The ODF says that this is one of the problem. > > Well, imo we don't *really* *really* need to compete with them. > > > > Actually we already have the features that we *really* *really* > > need. Otherwise we could not release fedora using pagure as we are > > using, could we? :) > > So let's revert the question, pagure does the what it needs to do and enough of > it, otherwise we would not be using it. > > What does pagure miss that other solutions have and that could be considered a > requirement? > > It could be that we don't **need** pagure to do anything more than what it does > today, which moves the discussion off a technical ground. > From a Dist-Git perspective, there is are two things I need: * per-branch ACLs * the ability to set bugzilla owners without granting commit access. The first thing is because I get nervous granting people access to the Git project who want to build EPEL8 packages but clearly aren't good at managing Git workflows. I don't want them breaking my workflows with Fedora packages. The second thing is because there are a number of packages that I maintain where upstream would like to be notified on bugzilla bugs but not otherwise be involved in packaging. Pagure itself has the ticket ACL for this, but I don't think this does anything in the Dist-Git setup. From the Git forge perspective, the two big things I need are: * working self-service CI * workflow for self-service integration management per-user and per-repo The first item is because the current Pagure CI with CentOS CI Jenkins is inexcusably bad. Jenkins is often unresponsive and broken, and configuring it requires manual intervention from the CentOS CI folks. Part of the reason we have Pagure was to move to more of a self-service model, and our default offering for CI services fails at that. The second item is because there are an array of third party Free Software services out there that people should be able to use without having to talk to the Pagure admin to activate or enable. We do have webhooks for basic integrations, but doing authentication and authorization flows for generating app tokens and such is something we don't have today. Having this would allow far more sophisticated integrations than what we have now without always having to involve an admin over it. -- 真実はいつも一つ！/ Always, there's only one truth! _______________________________________________ devel mailing list -- devel(a)lists.fedoraproject.org To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

On Wed, Jan 29, 2020 at 04:06:22PM +0100, Julen Landa Alustiza wrote: > Per git ref acls is not a common thing on git forges. If this is a final > requirement, we should start analyzing the viability of implementing and > maintain it on the different forges (and it should be feasible with all of > the rest of our strange ACLs on dist-git) > > On pagure side, now that our downstream instances are not using gitolite, > implementing them needs much less work that migrating all our toolings to > other solutions. I believe, and Leigh correct me if I'm wrong, that this will be the next step in the analysis. 1/ gather all the requirement 2/ figure out which option have which requirement 3/ figure out if it is "cheaper" to fix feature A in option 2, or add feature B in option 3 or leave without feature C in option 1

Pierre _______________________________________________ devel mailing list -- devel(a)lists.fedoraproject.org To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

On Wed, Jan 29, 2020 at 10:07 AM Julen Landa Alustiza <jlanda(a)fedoraproject.org&gt; wrote: > > Per git ref acls is not a common thing on git forges. If this is a final requirement, we should start analyzing the viability of implementing and maintain it on the different forges (and it should be feasible with all of the rest of our strange ACLs on dist-git) > > On pagure side, now that our downstream instances are not using gitolite, implementing them needs much less work that migrating all our toolings to other solutions. > It's usually called "branch protection" in GitHub and GitLab. The functionality varies a bit, but the feature exists.

On Wed, Jan 29, 2020, 15:23 Julen Landa Alustiza <jlanda(a)fedoraproject.org&gt; wrote: (snip) 20/1/29 14:49(e)an, Clement Verna igorleak idatzi zuen: > To me that's the all point of this > process, let's put down what we *really* *really* need and  then look at > the different options. > Do we *really* *really* need to compete with other full featured git forges on features? The ODF says that this is one of the problem. Well, imo we don't *really* *really* need to compete with them. It depends on the use case, doing development work projects hosted on pagure.io is not great in my opinion. In particular working with pull requests. In terms of issue trackers, it is missing the ability to visualize issues in a board for example.  Again this my opinion and maybe these are maybe not *really* *really* needed. Actually we already have the features that we *really* *really* need. Otherwise we could not release fedora using pagure as we are using, could we? :) I personally don't think we can release Fedora without people across the project doing heroics and a crazy amount of hours which seems to have become a norm rather than an exception. 

On Wed, 29 Jan 2020 at 16:18, Pierre-Yves Chibon <pingou(a)pingoured.fr&gt; wrote: >

> these heroics related to pagure? > > If not, I'm not sure what is the point you were trying to make for this thread. My point is that we have to dedicate a team to work on Pagure, I would rather have these people working on improving the infrastructure so that we don't need these heroics to happen. If we don't put people to work on Pagure it will end up being another fedora-packages, badges or FAS and in couple years it will be too difficult to do anything with it. It is not only about Pagure, for example I would love to be able to replace Bodhi with something that we don't have to maintain but it is much more difficult to find an alternative to Bodhi than Pagure.

My general feeling is that an infrastructure team should avoid as much as possible to maintain large applications, the focus should be to develop the glue needed to for the different services to work together in the most efficient manner, to monitor the applications, the respond to outages.

On Wed, 29 Jan 2020 at 16:18, Pierre-Yves Chibon <pingou(a)pingoured.fr <mailto:pingou@pingoured.fr>> wrote: On Wed, Jan 29, 2020 at 03:56:08PM +0100, Clement Verna wrote: >    On Wed, Jan 29, 2020, 15:23 Julen Landa Alustiza >    <jlanda(a)fedoraproject.org <mailto:jlanda@fedoraproject.org>> wrote: > >      (snip) > >      20/1/29 14:49(e)an, Clement Verna igorleak idatzi zuen: >      > To me that's the all point of this >      > process, let's put down what we *really* *really* need and  then look >      at >      > the different options. >      > > >      Do we *really* *really* need to compete with other full featured git >      forges on features? The ODF says that this is one of the problem. Well, >      imo we don't *really* *really* need to compete with them. > >    It depends on the use case, doing development work projects hosted on >    pagure.io <http://pagure.io> is not great in my opinion. In particular working with pull >    requests. >    In terms of issue trackers, it is missing the ability to visualize issues >    in a board for example.  >    Again this my opinion and maybe these are maybe not *really* *really* >    needed. > >      Actually we already have the features that we *really* *really* need. >      Otherwise we could not release fedora using pagure as we are using, >      could we? :) > >    I personally don't think we can release Fedora without people across the >    project doing heroics and a crazy amount of hours which seems to have >    become a norm rather than an exception.  I don't think anyone can disagree with this, but this begs the question: are  these heroics related to pagure? If not, I'm not sure what is the point you were trying to make for this thread. My point is that we have to dedicate a team to work on Pagure, I would rather have these people working on improving the infrastructure so that we don't need these heroics to happen. If we don't put people to work on Pagure it will end up being another fedora-packages, badges or FAS and in couple years it will be too difficult to do anything with it. It is not only about Pagure, for example I would love to be able to replace Bodhi with something that we don't have to maintain but it is much more difficult to find an alternative to Bodhi

than Pagure. My general feeling is that an infrastructure team should avoid as much as possible to maintain large applications, the focus should be to develop the glue needed to for the different services to work together in the most efficient manner, to monitor the applications, the respond to outages. Does that clarify my thoughts ? Pierre _______________________________________________ devel mailing list -- devel(a)lists.fedoraproject.org <mailto:devel@lists.fedoraproject.org> To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org <mailto:devel-leave@lists.fedoraproject.org> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org _______________________________________________ devel mailing list -- devel(a)lists.fedoraproject.org To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

On Thu, 2020-01-30 at 10:30 +0100, Vít Ondruch wrote: >> My point is that we have to dedicate a team to work on Pagure, I would >> rather have these people working on improving the infrastructure so >> that we don't need these heroics to happen. If we don't put people to >> work on Pagure it will end up being another fedora-packages, badges or >> FAS and in couple years it will be too difficult to do anything with >> it. It is not only about Pagure, for example I would love to be able >> to replace Bodhi with something that we don't have to maintain but it >> is much more difficult to find an alternative to Bodhi > cough cough errata cough cough > > Honestly, sometimes the disconnect between what is going on in Fedora > and internally in Red Hat is intriguing. Do you really think the entire CPE team is blissfully unaware of Errata Tool's existence?

I mean, is that really the scenario that makes the most sense in your head, as opposed to 'they have already considered it but don't find it a suitable replacement'? You might ask 'why not errata tool?', but it seems pretty silly to just assume that they don't even know it exists, or something.

On Thu, 2020-01-30 at 10:30 +0100, Vít Ondruch wrote: > cough cough errata cough cough > > Honestly, sometimes the disconnect between what is going on in Fedora > and internally in Red Hat is intriguing. I did think about Errata tool* a bit back when I worked on Bodhi. I like the idea of sharing code on one hand, but on the other hand it is pretty oriented towards workflows that are designed for a product release cycle. Bodhi is designed around community feedback (and now CI feedback). It could be interesting to hold a chat with the Errata tool developers to see if there is interest in sharing tooling, but it may be a lot of effort to make Errata tool flexible enough to support two pretty different workflows. I'd be willing to have that conversation; I could be wrong.

Dne 31. 01. 20 v 1:43 Neal Gompa napsal(a): > On Thu, Jan 30, 2020 at 6:51 PM Randy Barlow > <bowlofeggs(a)fedoraproject.org&gt; wrote: >> On Thu, 2020-01-30 at 10:30 +0100, Vít Ondruch wrote: >>> cough cough errata cough cough >>> >>> Honestly, sometimes the disconnect between what is going on in Fedora >>> and internally in Red Hat is intriguing. >> I did think about Errata tool* a bit back when I worked on Bodhi. Thank you for that. >> I >> like the idea of sharing code on one hand, but on the other hand it is >> pretty oriented towards workflows that are designed for a product >> release cycle. Bodhi is designed around community feedback (and now CI >> feedback). >> >> It could be interesting to hold a chat with the Errata tool developers >> to see if there is interest in sharing tooling, but it may be a lot of >> effort to make Errata tool flexible enough to support two pretty >> different workflows. I'd be willing to have that conversation; I could >> be wrong. >> Of course, there is a lot of business logic specific to Red Hat projects backed into Errata, but ultimately, it does not help to anybody if Fedora release process is using different tools then Red Hat internally. What Red Hat does internally should be just extension to what Fedora does. The processes used internally should be proven in Fedora first.

> Why not go the other way? Bodhi could be extended to support the > internal product workflows. > > > In ideal world, Bodhi would be upstream project to Errata or possibly Bodhi could be the open core of Errata. It does not really matter. Vít _______________________________________________ devel mailing list -- devel(a)lists.fedoraproject.org To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

Michal Konecny <mkonecny(a)redhat.com&gt; wrote: > Vít Ondruch wrote: >> Neal Gompa napsal(a): >>> Randy Barlow <bowlofeggs(a)fedoraproject.org&gt; wrote: >>>> Vít Ondruch wrote: >>>> >>>>> cough cough errata cough cough >>>>> >>>>> Honestly, sometimes the disconnect between what is going on in >>>>> Fedora and internally in Red Hat is intriguing. >>>> >>>> I like the idea of sharing code on one hand, but on the other hand >>>> it is pretty oriented towards workflows that are designed for a >>>> product release cycle. Bodhi is designed around community feedback >>>> (and now CI feedback). >>>> >>>> It could be interesting to hold a chat with the Errata tool >>>> developers to see if there is interest in sharing tooling, but it >>>> may be a lot of effort to make Errata tool flexible enough to >>>> support two pretty different workflows. I'd be willing to have >>>> that conversation; I could be wrong. >> >> Of course, there is a lot of business logic specific to Red Hat >> projects backed into Errata, but ultimately, it does not help to >> anybody if Fedora release process is using different tools then Red >> Hat internally. What Red Hat does internally should be just >> extension to what Fedora does. The processes used internally should >> be proven in Fedora first. > > This is a very nice vision that will potentially make life of Red Hat > and Fedora much easier. I'm not that long in the Fedora project to > know, why Fedora and Red Hat internal tools are that different, but > this idea doesn't sound that bad. Few questions first: Are those > internal tools open source? Could we as Fedora community use them? > Is there any legal issue? Is this tool in good shape? > > And talking about the git forge, what is Red Hat using internally as > git forge? And then the above questions applies. It was mentioned in a different part of this thread that Red Hat is using pagure internally.

Of course, there is a lot of business logic specific to Red Hat projects backed into Errata, but ultimately, it does not help to anybody if Fedora release process is using different tools then Red Hat internally. What Red Hat does internally should be just extension to what Fedora does. The processes used internally should be proven in Fedora first.

Hi On Fri, Jan 31, 2020 at 10:46 AM Pierre-Yves Chibon wrote: > > Welcome to our lives! > If it was mathematically possible to go above 100% that's how much > agreement you > would have from us. > If Red Hat is using Pagure internally, it is really odd to discuss replacing Pagure with something else. The only viable replacement is Gitlab which is a open code project written in a language that isn't a strong fit for Fedora. Red Hat should be assigning more resources (development & infrastructure) to add the features needed to extend Pagure going forward and reduce the burden on the CPE team. Has CPE leadership considered talking internally about that?

Rahul _______________________________________________ devel mailing list -- devel(a)lists.fedoraproject.org To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

Rahul Sundaram <metherid(a)gmail.com&gt; writes: > Hi > > On Fri, Jan 31, 2020 at 10:46 AM Pierre-Yves Chibon wrote: > >> >> Welcome to our lives! >> If it was mathematically possible to go above 100% that's how much >> agreement you >> would have from us. >> > > If Red Hat is using Pagure internally, it is really odd to discuss > replacing Pagure with something else. The only viable replacement is > Gitlab which is a open code project written in a language that isn't a > strong fit for Fedora. Red Hat should be assigning more resources > (development & infrastructure) to add the features needed to extend Pagure > going forward and reduce the burden on the CPE team. Has CPE leadership > considered talking internally about that? I have to second this: why are we even *having* this discussion, when Pagure is used internally at RedHat and thus RedHat will require some form of maintenance anyway? Why is then the RedHat CPE team pushing to move away from Pagure, especially to Gitlab? Which albeit being a great platform, is written in Ruby and there's a lot less Ruby devs in the Fedora community than Python devs.

Dan Čermák <dan.cermak(a)cgc-instruments.com&gt; writes: > Rahul Sundaram <metherid(a)gmail.com&gt; writes: > >> Hi >> >> On Fri, Jan 31, 2020 at 10:46 AM Pierre-Yves Chibon wrote: >> >>> >>> Welcome to our lives! >>> If it was mathematically possible to go above 100% that's how much >>> agreement you >>> would have from us. >>> >> >> If Red Hat is using Pagure internally, it is really odd to discuss >> replacing Pagure with something else. The only viable replacement is >> Gitlab which is a open code project written in a language that isn't a >> strong fit for Fedora. Red Hat should be assigning more resources >> (development & infrastructure) to add the features needed to extend Pagure >> going forward and reduce the burden on the CPE team. Has CPE leadership >> considered talking internally about that? > > I have to second this: why are we even *having* this discussion, when > Pagure is used internally at RedHat and thus RedHat will require some > form of maintenance anyway? Why is then the RedHat CPE team pushing to > move away from Pagure, especially to Gitlab? Which albeit being a great > platform, is written in Ruby and there's a lot less Ruby devs in the > Fedora community than Python devs. I have to apologize, this was far too harsh. What I wanted to say is the following: wouldn't it be mutually beneficial for RedHat, Fedora and specifically the CPE Team too, that someone¹ takes over maintenance of Pagure since it's used by us all and there appear to be enough people that want to continue using it?

2020(e)ko urtarrilaren 29(a) 15:56:08 (CET)-(e)an, Clement Verna <cverna(a)fedoraproject.org&gt;-(e)k hau idatzi zuen: > On Wed, Jan 29, 2020, 15:23 Julen Landa Alustiza > <jlanda(a)fedoraproject.org&gt; > wrote: > > > (snip) > > > > 20/1/29 14:49(e)an, Clement Verna igorleak idatzi zuen: > > > To me that's the all point of this > > > process, let's put down what we *really* *really* need and then > look at > > > the different options. > > > > > > > Do we *really* *really* need to compete with other full featured git > > forges on features? The ODF says that this is one of the problem. > Well, > > imo we don't *really* *really* need to compete with them. > > > > It depends on the use case, doing development work projects hosted on > pagure.io is not great in my opinion. In particular working with pull > requests. > I don't have excesive problems with pagure on PR workflows. Right now for me centos-ci is a much bigger problem for PR workflows on pagure.io than pagure itself for example.

Things that I would in my opinion improve Pagure PRs : * In the PR diff should start from the correct line number, not always 1. (https://pagure.io/pagure/issue/724) * Every time a branch is forced pushed you loose the comments from the diff view. (somewhat related to https://pagure.io/pagure/issue/751) * It should be possible to display a few lines of code before or after the diff to help having more context when making the review Things that would be really nice to have * Have a way to suggest changes directly while reviewing PRs Some unrelated to PRs improvement: * Being able to rename, move projects * Being able to move a ticket between projects (https://pagure.io/pagure/issue/737) * Full Text search projects, users, groups * Code search (https://pagure.io/pagure/issue/539) * Support GPG signing commit (https://pagure.io/pagure/issue/751) * Be able to select which event you want to send on the webhook, ie everything or nothing A lot of these a not necessary things we *really* *really* need to have, but they would make using Pagure much better in my opinion.

On Wed, 2020-01-29 at 15:56 +0100, Clement Verna wrote: > On Wed, Jan 29, 2020, 15:23 Julen Landa Alustiza < jlanda(a)fedoraproject.org&gt; > wrote: > > > (snip) > > > > 20/1/29 14:49(e)an, Clement Verna igorleak idatzi zuen: > > > To me that's the all point of this > > > process, let's put down what we *really* *really* need and then look at > > > the different options. > > > > > > > Do we *really* *really* need to compete with other full featured git > > forges on features? The ODF says that this is one of the problem. Well, > > imo we don't *really* *really* need to compete with them. > > > > It depends on the use case, doing development work projects hosted on > pagure.io is not great in my opinion. In particular working with pull > requests. > In terms of issue trackers, it is missing the ability to visualize issues > in a board for example. > Again this my opinion and maybe these are maybe not *really* *really* > needed. I think it depends on the size and scope of your project a bit. I do find Pagure.io a pretty good host of the projects I have there, as they're fairly small. But then, an open source (non-enterprise edition) Gitlab instance would work fine for them too.

> > > Actually we already have the features that we *really* *really* need. > > Otherwise we could not release fedora using pagure as we are using, > > could we? :) > > > > I personally don't think we can release Fedora without people across the > project doing heroics and a crazy amount of hours which seems to have > become a norm rather than an exception. When that happens it doesn't normally involve Pagure much, though. And I don't think even an amazing git forge would actually go a long way to solving the main issues there.

-- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net _______________________________________________ devel mailing list -- devel(a)lists.fedoraproject.org To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

Julen Landa Alustiza <jlanda(a)fedoraproject.org&gt; writes: > (snip) > > 20/1/29 14:49(e)an, Clement Verna igorleak idatzi zuen: >> To me that's the all point of this >> process, let's put down what we *really* *really* need and  then look at >> the different options. >> > > Do we *really* *really* need to compete with other full featured git > forges on features? The ODF says that this is one of the problem. Well, > imo we don't *really* *really* need to compete with them. > > Actually we already have the features that we *really* *really* need. > Otherwise we could not release fedora using pagure as we are using, > could we? :) We don't have per-branch default assignees, which is actually a pretty big problem in Fedora (especially with EPEL packages).

Dne 29. 01. 20 v 23:22 Pierre-Yves Chibon napsal(a): On Wed, Jan 29, 2020 at 12:52:53PM -0500, Robbie Harwood wrote: Julen Landa Alustiza [1]&lt;jlanda(a)fedoraproject.org&gt; writes: (snip) 20/1/29 14:49(e)an, Clement Verna igorleak idatzi zuen: To me that's the all point of this process, let's put down what we *really* *really* need and  then look at the different options. Do we *really* *really* need to compete with other full featured git forges on features? The ODF says that this is one of the problem. Well, imo we don't *really* *really* need to compete with them. Actually we already have the features that we *really* *really* need. Otherwise we could not release fedora using pagure as we are using, could we? :) We don't have per-branch default assignees, which is actually a pretty big problem in Fedora (especially with EPEL packages). I'd counter-argue that we don't need one considering bugzilla doesn't support a per-version assignee. So we need an assignee for Fedora and one for Fedora EPEL, going the level lower (F31, F30, F29, epel8, epel7...) does not bring anything since we wouldn't be able to sync this to bugzilla. I mostly agree. However, retired packages, such as [1], should then be owned just by orphan after the years since their retirement. This used to work during PkgDB days, it does not work anymore.

On Wed, Jan 29, 2020 at 10:35 AM Iñaki Ucar <iucar(a)fedoraproject.org&gt; wrote: > > On Wed, 29 Jan 2020 at 00:08, Leigh Griffin <lgriffin(a)redhat.com&gt; wrote: > > > > On Tue, Jan 28, 2020, 22:06 Iñaki Ucar <iucar(a)fedoraproject.org&gt; wrote: > >> > >> On Tue, 28 Jan 2020 at 20:58, Leigh Griffin <lgriffin(a)redhat.com&gt; wrote: > >> > > >> > This thread is serving as a source of requirements (although it has meandered dramatically away from that) > >> > >> When I first read the post, my thought was: wow, what a convoluted and > >> abstruse way of saying "we want to abandon Pagure". Probably this > >> wasn't your intent, but that's what I got. And given the reactions, > >> other people too. > > > > The linked blog to the ODF is very explicit that Pagure is one of the 3 forge options we are considering. I can't stress enough that it's a viable choice and ultimately what we opt for will come down to an analysis driven by the requirements gathered. I'm unsure how the blog has been interpreted any other way but hopefully this clears it up. > > The ODF is very explicit in the problem statement, and it specifically > and clearly says that: > > 1. Pagure does not align with CPE. Correct and it's why we said this line, which you might have missed: "While we can make exceptions to the mission statement, we first need to know why we should consider a specific exception."

CPE has not committed a team to it in over a year, we do state that as a driving factor to why we want to engage in this conversation but your assumption here is based on a particular outcome that sees Pagure not chosen. If Pagure is chosen, we will commit a team. We are very clear on that.

Tell me what you do and how you interact with a forge? That's the point of this exercise.

I suspect that a bulk of our users are similar to you. Given that you are engaged on the thread (thank you!) what is your day to day needs? What features are part of your usage and interaction? What's missing or what would you like to see added? Your voice here can help represent that group and is most welcome.

On Thu, Jan 30, 2020 at 6:40 AM Iñaki Ucar <iucar(a)fedoraproject.org&gt; wrote: > > On Wed, 29 Jan 2020 at 23:23, Leigh Griffin <lgriffin(a)redhat.com&gt; wrote: > > > > I suspect that a bulk of our users are similar to you. Given that you are engaged on the thread (thank you!) what is your day to day needs? What features are part of your usage and interaction? What's missing or what would you like to see added? Your voice here can help represent that group and is most welcome. > > I'd say that if you manage to accommodate the more complicated > workflows, the basic one is covered. Beyond that, I really like the > table that is displayed in src.fp.o for every package, because in a > single glance you can tell which one is the stable version and the > version in testing for every release. I really like the links to Koji, > Bodhi... integrated just above the table. And I really really like the > Fedora Packages app, but it seems to be dead. > > In summary, package maintainance has many pieces (dist-git, builders, > update system, bugzilla, QA, CI...), and a "control panel" like Fedora > Packages is very useful, I think. > The Packages app was being rewritten by Miroslav Suchy: https://github.com/xsuchy/fedora-packages-ng I don't know if it's ready yet to replace the existing one, though.

Thats... much more harsh than I would agree with. I still use it and find some of its information helpfull.

And there's this worry that GitLab will go the same path Transifex did. They have a ton of incentives to do so, and they already are starting to with the consideration of injecting nonfree JavaScript in all variants.

Yes, but neither of those communities actually have terribly special requirements. In fact, those communities either had *nothing* in terms of infrastructure (FreeDesktop/Xorg) or were willing to throw everything away for GitLab (GNOME). We would not fit in either bucket, which makes GitLab a very awkward fit for us.

Personally I guess github would attract most contributions for Fedora from new contributors but it is closed source so I'd prefer gitlab for Fedora.

On 22. 01. 20 11:21, Florian Weimer wrote: > * Felix Schwarz: > >> Personally I guess github would attract most contributions for Fedora >> from new contributors but it is closed source so I'd prefer gitlab for >> Fedora. > > I don't think Github allows disabling pull requests for projects. This > means that a ptoential Fedora Github service would host content > submitted by people who have to agreed to the FPCA > <https://fedoraproject.org/wiki/Legal:Fedora_Project_Contributor_Agreement>;. > > Maybe that alone is sufficient to rule out Github? We are not the first project to deal with this. Usually, i is sovled by pots. See for example: https://github.com/python/cpython/pull/16012#issuecomment-530664428

> The red X isn't a relevant indicator. This commit was merged and has it, > too: > > <https://github.com/python/cpython/commit/0d5eac8c327251f8e> The red X doesn't mean “CLA not signed”, it means any CI has failed. CPython allows merges with some CI failed, they have a very complicated setup with lots of lots of CIs, buildbots and a "night watch" about his. Not relevant for this discussion. > I don't know if the branch list (the “master” below the commit subject) > is a reliable indicator. Of what? CPython frequently cherry-picks, so in this case, no, it probably isn't.

On Tue, Jan 21, 2020 at 04:34:37PM +0000, Leigh Griffin wrote: > On behalf of the CPE team I want to draw the communities attention to a > recent blog post which you may be impacted by: > https://communityblog.fedoraproject.org/git-forge-requirements/ > > We will be seeking input and requirements in an open and transparent manner > on the future of a git forge solution which will be run by the CPE team on Aleksandra's comment made me aware that for dist-git, we do not really need a git forge, it is just that the pagure git forge was used to implement a lot of workflows that pkgdb provided in the past. I tried to write the requirements as user stories to make them easier to understand. What do you think?

On Tue, Jan 21, 2020 at 04:34:37PM +0000, Leigh Griffin wrote: > On behalf of the CPE team I want to draw the communities attention to a > recent blog post which you may be impacted by: > https://communityblog.fedoraproject.org/git-forge-requirements/ > > We will be seeking input and requirements in an open and transparent manner > on the future of a git forge solution which will be run by the CPE team on Aleksandra's comment made me aware that for dist-git, we do not really need a git forge, it is just that the pagure git forge was used to implement a lot of workflows that pkgdb provided in the past. I tried to write the requirements as user stories to make them easier to understand. What do you think? - As a package maintainer, I can only commit to a dist-git repo, if I am in the Fedora packager group. - As a package maintainer, I can only commit to a dist-git repo, if I am a maintainer of the branch. - As a proven packager, I can commit to all dist-git repos that do not have special restrictions set by FESCo or are retired. - As a FESCO member, I can configure exceptions to disallow proven packager access to a dist-git repo. - As dist-git repo admin, I can easily add other maintainers to allow commit or admin access for dist-git repo by using their FAS username - As a dist-git repo admin, I cannot remove access to the repo from Fedora infra, Releng or proven packagers without FESCo approval. - As a package maintainer, I can easily orphan a dist-git repo or branch to show that it is not maintained anymore. - As a package maintainer, I can adopt any orphaned dist-git repo or branch. - As a package maintainer, I can easily unretire a retired dist-git repo or branch. - As a release engineer, I can easily approve unretire requests for a dist-git repo or branch. - As anybody, I can easily see the FAS usernames of maintainers for all branches of a dist-git repo. - As a non-releng member, I cannot remove any commits from any dist-git repo that were used to build a Fedora package. - As an external user, I can easily get a list of all orphaned or retired dist-git repos and branches. - As anybody, I can watch for issues (bugzillas) or PRs that are created for a dist-git repository. - As anybody, I can easily get a list of all dist-git repos that I am watching. - As anybody, I can easily get a list of all dist-git repos that a specific Fedora account has admin/commit access to. - As anybody, when looking at the dist-git repo it is clearly visible which branches are still maintained. - As anybody, when I look for a specific branch, EOL branches do not clutter my view. - As a package maintainer, I can easily request commit/admin access for a specific branch or dist-git repo.

Also since dist-git is a critical part of our infrastructure, there should probably also be some security-related requirements such as: - As Fedora infra, I can easily audit that no git repo was accessed without authorization. - As Fedora infra/security response team, I have access to secure logs to analyse the impact of unauthorized access to all dist-git repos. - As anybody, the dist-git web page of a repo points me to Bugzilla to report issues for a repository. I did not manage to read all other replies, so there might be some duplicates but it also seems to me that many of these items were not mentioned. Kind regards Till _______________________________________________ devel mailing list -- devel(a)lists.fedoraproject.org To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

Hey Everyone, On behalf of the CPE team I want to draw the communities attention to a recent blog post which you may be impacted by: https://communityblog.fedoraproject.org/git-forge-requirements/ We will be seeking input and requirements in an open and transparent manner on the future of a git forge solution which will be run by the CPE team on behalf of the Fedora Community. This mail is being sent to the devel, mindshare and council-discuss lists for maximum visibility on a BCC to allow each list have their own views. Please forward it to any other list you may feel is relevant to maximise the exposure. Thanks in advance, Leigh