| Message ID | 20200107120320.222364-1-george.dunlap@citrix.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | MAINTAINERS: Add explicit check-in policy section | expand |
On 1/7/20 12:03 PM, George Dunlap wrote: > v2: > - Modify "sufficient time" to "sufficient time and/or warning". > - Add a comment explicitly stating that there are exceptions. > - Move some of the alternate proposals into the changelog itself Sorry, this should obviously have 'v2' in the subject. -George
On 07.01.2020 13:03, George Dunlap wrote: > DISCUSSION > > This seems to be a change from people's understanding of the current > policy. Most people's understanding of the current policy seems to be: > > 1. In order to get a change to a given file committed, it must have > an Ack or Review from at least one *maintainer* of that file other > than the submitter. > > 2. In the case where a file has only one maintainer, it must have an > Ack or Review from a "nested" maintainer. > > I.e., if I submitted something to x86/mm, it would require an Ack from > Jan or Andy, or (in exceptional circumstances) The Rest; but an Ack from > (say) Roger or Juergen wouldn't suffice. > > Let's call this the "maintainer-ack" approach (because it must have an > ack or r-b from a maintainer to be checked in), and the proposal in > this patch the "maintainer-approval" (since SoB from a maintainer > indicates approval). > > The core issue I have with "maintainer-ack" is that it makes the > maintainer less privileged with regard to writing code than > non-maintainers. If component X has maintainers A and B, then a > non-maintainer can have code checked in if reviewed either by A or B. > If A or B wants code checked in, they have to wait for exactly one > person to review it. > > In fact, if B is quite busy, the easiest way for A really to get their > code checked in might be to hand it to a non-maintainer N, and ask N > to submit it as their own. Then A can Ack the patches and check them > in. > > The current system, therefore, either sets up a perverse incentive (if > you think the behavior described above is unacceptable) or unnecessary > bureaucracy (if you think it's acceptable). Either way I think we > should set up our system to avoid it. I much appreciate this initiative of yours. > --- a/MAINTAINERS > +++ b/MAINTAINERS > @@ -104,7 +104,53 @@ Descriptions of section entries: > xen-maintainers-<version format number of this file> > > > -The meaning of nesting: > + Check-in policy > + =============== > + > +In order for a patch to be checked in, in general, several conditions > +must be met: > + > +1. In order to get a change to a given file committed, it must have > + the approval of at least one maintainer of that file. > + > + A patch of course needs Acks from the maintainers of each file that > + it changes; so a patch which changes xen/arch/x86/traps.c, > + xen/arch/x86/mm/p2m.c, and xen/arch/x86/mm/shadow/multi.c would > + require an Ack from each of the three sets of maintainers. > + > + See below for rules on nested maintainership. > + > +2. It must have an Acked-by or a Reviewed-by from someone other than > + the submitter. I'd like to propose some further distinction here, albeit I'm not sure this isn't implied anyway. It might be that making explicit the distinction between A-b and R-b is sufficient - our current common understanding looks to be that only maintainers can "ack", and others would "review". Since the latter is implying a more thorough look at a patch, I think it wouldn't be right to allow (quoting text further down) "anyone in the community" to ack a random patch (I could probably talk my son into ack-ing my patches ;-) ). Perhaps, rather than limiting acks to maintainers of the changed code, we could extend this to maintainers of just some code for maintainer submitted patches (i.e. anyone named as M: at least once in ./MAINTAINERS)? People outside of whatever subset we might pick would be eligible to offer R-b only, implying of course that they actually did do a review. > +3. Sufficient time and/or warning must have been given for anyone to > + respond. This depends in large part upon the urgency and nature of > + the patch. For a straightforward uncontroversial patch, a day or > + two is sufficient; for a controversial patch, perhaps waiting a > + week and then saying "I intend to check this in tomorrow unless I > + hear otherwise". To me as non-native speaker, this last sentence looks incomplete (as in missing e.g. "would be appropriate" at the end), or alternatively it would feel like wanting the two "ing" dropped from the verbs. Jan
On 1/7/20 1:05 PM, Jan Beulich wrote: > On 07.01.2020 13:03, George Dunlap wrote: >> DISCUSSION >> >> This seems to be a change from people's understanding of the current >> policy. Most people's understanding of the current policy seems to be: >> >> 1. In order to get a change to a given file committed, it must have >> an Ack or Review from at least one *maintainer* of that file other >> than the submitter. >> >> 2. In the case where a file has only one maintainer, it must have an >> Ack or Review from a "nested" maintainer. >> >> I.e., if I submitted something to x86/mm, it would require an Ack from >> Jan or Andy, or (in exceptional circumstances) The Rest; but an Ack from >> (say) Roger or Juergen wouldn't suffice. >> >> Let's call this the "maintainer-ack" approach (because it must have an >> ack or r-b from a maintainer to be checked in), and the proposal in >> this patch the "maintainer-approval" (since SoB from a maintainer >> indicates approval). >> >> The core issue I have with "maintainer-ack" is that it makes the >> maintainer less privileged with regard to writing code than >> non-maintainers. If component X has maintainers A and B, then a >> non-maintainer can have code checked in if reviewed either by A or B. >> If A or B wants code checked in, they have to wait for exactly one >> person to review it. >> >> In fact, if B is quite busy, the easiest way for A really to get their >> code checked in might be to hand it to a non-maintainer N, and ask N >> to submit it as their own. Then A can Ack the patches and check them >> in. >> >> The current system, therefore, either sets up a perverse incentive (if >> you think the behavior described above is unacceptable) or unnecessary >> bureaucracy (if you think it's acceptable). Either way I think we >> should set up our system to avoid it. > > I much appreciate this initiative of yours. > >> --- a/MAINTAINERS >> +++ b/MAINTAINERS >> @@ -104,7 +104,53 @@ Descriptions of section entries: >> xen-maintainers-<version format number of this file> >> >> >> -The meaning of nesting: >> + Check-in policy >> + =============== >> + >> +In order for a patch to be checked in, in general, several conditions >> +must be met: >> + >> +1. In order to get a change to a given file committed, it must have >> + the approval of at least one maintainer of that file. >> + >> + A patch of course needs Acks from the maintainers of each file that >> + it changes; so a patch which changes xen/arch/x86/traps.c, >> + xen/arch/x86/mm/p2m.c, and xen/arch/x86/mm/shadow/multi.c would >> + require an Ack from each of the three sets of maintainers. >> + >> + See below for rules on nested maintainership. >> + >> +2. It must have an Acked-by or a Reviewed-by from someone other than >> + the submitter. > > I'd like to propose some further distinction here, albeit I'm not sure > this isn't implied anyway. It might be that making explicit the > distinction between A-b and R-b is sufficient - our current common > understanding looks to be that only maintainers can "ack", and others > would "review". Well first of all, I don't think that's strictly true. If a non-maintainer raises a concern, the patch can't be checked in unless that person is satisfied. We sometimes assume silence is consent, but it's much better for the person who raised the concern to say, "I am now satisfied with this patch"; and the clearest and most concise way to do that is to say "Acked-by". But that sort of "Acked-by" isn't really what is meant by this section. I guess you'd like to say that such an Acked-by would not be sufficient to check in a patch; it would have to be the stronger Reviewed-by. The point of this sentence is not to define what Ack and Reviewed-by mean, but that it must come from someone who is not the submitter. However, it is true that someone may read that and be confused; particularly as we don't seem to define it anywhere else in the tree, so perhaps it's worth trying to clarify. > Since the latter is implying a more thorough look at a > patch, I think it wouldn't be right to allow (quoting text further > down) "anyone in the community" to ack a random patch (I could probably > talk my son into ack-ing my patches ;-) ). Perhaps, rather than > limiting acks to maintainers of the changed code, we could extend this > to maintainers of just some code for maintainer submitted patches (i.e. > anyone named as M: at least once in ./MAINTAINERS)? People outside of > whatever subset we might pick would be eligible to offer R-b only, > implying of course that they actually did do a review. I do actually prefer that only people in a "direct line" of maintainership for that exact code (i.e., is a maintainer at whatever level of specificity) be able to get Acks; and that anyone else should be required to give a Reviewed-by. This is of course again slightly more aggregate work for a maintianer than for someone else, but I think that makes sense in this case. How about this: 2. It must have either a an Acked-by from a maintainer, or a Reviewed-by. This must come from someone other than the submitter. >> +3. Sufficient time and/or warning must have been given for anyone to >> + respond. This depends in large part upon the urgency and nature of >> + the patch. For a straightforward uncontroversial patch, a day or >> + two is sufficient; for a controversial patch, perhaps waiting a >> + week and then saying "I intend to check this in tomorrow unless I >> + hear otherwise". > > To me as non-native speaker, this last sentence looks incomplete (as > in missing e.g. "would be appropriate" at the end), or alternatively > it would feel like wanting the two "ing" dropped from the verbs. I see what you mean. But on reflection, I think the intent of this paragraph has gotten skewed. Patches should be given sufficent time for *anyone* to give input before being checked in. What about changing this as follows: --- 3. Sufficient time must have been given for anyone to respond. This depends in large part upon the urgency and nature of the patch. For a straightforward uncontroversial patch, a day or two may be sufficient; for a controversial patch, a week or two may be better. --- And then adding a para below: --- Before a maintainer checks in their own patch with another community member's R-b but no co-maintainer Ack, it is especially important to give their co-maintainer opportunity to give feedback, perhaps declaring their intention to check it in without their co-maintainers ack a day before doing so. --- -George
On 07.01.2020 17:17, George Dunlap wrote: > On 1/7/20 1:05 PM, Jan Beulich wrote: >> On 07.01.2020 13:03, George Dunlap wrote: >>> --- a/MAINTAINERS >>> +++ b/MAINTAINERS >>> @@ -104,7 +104,53 @@ Descriptions of section entries: >>> xen-maintainers-<version format number of this file> >>> >>> >>> -The meaning of nesting: >>> + Check-in policy >>> + =============== >>> + >>> +In order for a patch to be checked in, in general, several conditions >>> +must be met: >>> + >>> +1. In order to get a change to a given file committed, it must have >>> + the approval of at least one maintainer of that file. >>> + >>> + A patch of course needs Acks from the maintainers of each file that >>> + it changes; so a patch which changes xen/arch/x86/traps.c, >>> + xen/arch/x86/mm/p2m.c, and xen/arch/x86/mm/shadow/multi.c would >>> + require an Ack from each of the three sets of maintainers. >>> + >>> + See below for rules on nested maintainership. >>> + >>> +2. It must have an Acked-by or a Reviewed-by from someone other than >>> + the submitter. >> >> I'd like to propose some further distinction here, albeit I'm not sure >> this isn't implied anyway. It might be that making explicit the >> distinction between A-b and R-b is sufficient - our current common >> understanding looks to be that only maintainers can "ack", and others >> would "review". > > Well first of all, I don't think that's strictly true. If a > non-maintainer raises a concern, the patch can't be checked in unless > that person is satisfied. We sometimes assume silence is consent, but > it's much better for the person who raised the concern to say, "I am now > satisfied with this patch"; and the clearest and most concise way to do > that is to say "Acked-by". Hmm, that's a possible model, but one I would never have thought of given the meaning we assign to "Acked-by". In a case like what you describe I would always have expected indication of consent by other than a formal tag, if the person wouldn't anyway be in the position to ack a patch (or part of it). > But that sort of "Acked-by" isn't really what is meant by this section. > I guess you'd like to say that such an Acked-by would not be sufficient > to check in a patch; it would have to be the stronger Reviewed-by. > > The point of this sentence is not to define what Ack and Reviewed-by > mean, but that it must come from someone who is not the submitter. > However, it is true that someone may read that and be confused; > particularly as we don't seem to define it anywhere else in the tree, so > perhaps it's worth trying to clarify. > >> Since the latter is implying a more thorough look at a >> patch, I think it wouldn't be right to allow (quoting text further >> down) "anyone in the community" to ack a random patch (I could probably >> talk my son into ack-ing my patches ;-) ). Perhaps, rather than >> limiting acks to maintainers of the changed code, we could extend this >> to maintainers of just some code for maintainer submitted patches (i.e. >> anyone named as M: at least once in ./MAINTAINERS)? People outside of >> whatever subset we might pick would be eligible to offer R-b only, >> implying of course that they actually did do a review. > > I do actually prefer that only people in a "direct line" of > maintainership for that exact code (i.e., is a maintainer at whatever > level of specificity) be able to get Acks; and that anyone else should > be required to give a Reviewed-by. > > This is of course again slightly more aggregate work for a maintianer > than for someone else, but I think that makes sense in this case. > > How about this: > > 2. It must have either a an Acked-by from a maintainer, or a > Reviewed-by. This must come from someone other than the submitter. Better, but leaving ambiguous whether "maintainer" means "any one" or "of the code being touched". I think you mean the former, in which case I'd prefer to see it amended along the lines of "... from a maintainer (of any component), or ...". Or possibly you mean any maintainer up the "nesting" chain, in which case the wording would need to be yet different? >>> +3. Sufficient time and/or warning must have been given for anyone to >>> + respond. This depends in large part upon the urgency and nature of >>> + the patch. For a straightforward uncontroversial patch, a day or >>> + two is sufficient; for a controversial patch, perhaps waiting a >>> + week and then saying "I intend to check this in tomorrow unless I >>> + hear otherwise". >> >> To me as non-native speaker, this last sentence looks incomplete (as >> in missing e.g. "would be appropriate" at the end), or alternatively >> it would feel like wanting the two "ing" dropped from the verbs. > > I see what you mean. But on reflection, I think the intent of this > paragraph has gotten skewed. Patches should be given sufficent time for > *anyone* to give input before being checked in. > > What about changing this as follows: > > --- > 3. Sufficient time must have been given for anyone to respond. This > depends in large part upon the urgency and nature of the patch. > For a straightforward uncontroversial patch, a day or two may be > sufficient; for a controversial patch, a week or two may be better. > --- > > And then adding a para below: > > --- > Before a maintainer checks in their own patch with another community > member's R-b but no co-maintainer Ack, it is especially important to > give their co-maintainer opportunity to give feedback, perhaps > declaring their intention to check it in without their co-maintainers > ack a day before doing so. > --- This sounds good to me. Jan
On 1/7/20 4:44 PM, Jan Beulich wrote: > On 07.01.2020 17:17, George Dunlap wrote: >> On 1/7/20 1:05 PM, Jan Beulich wrote: >> 2. It must have either a an Acked-by from a maintainer, or a >> Reviewed-by. This must come from someone other than the submitter. > > Better, but leaving ambiguous whether "maintainer" means "any one" > or "of the code being touched". I think you mean the former, in > which case I'd prefer to see it amended along the lines of "... > from a maintainer (of any component), or ...". Or possibly you > mean any maintainer up the "nesting" chain, in which case the > wording would need to be yet different? I've tried to reword this to make it more clear (see v4). Just in general, though, it would be helpful if when you found some wording insufficient, if you tried to craft something you thought was better. Even if I don't use it, it gives me a clearer idea the direction you'd like to go in. Thanks, -George
diff --git a/MAINTAINERS b/MAINTAINERS index eaea4620e2..9d15afa595 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -104,7 +104,53 @@ Descriptions of section entries: xen-maintainers-<version format number of this file> -The meaning of nesting: + Check-in policy + =============== + +In order for a patch to be checked in, in general, several conditions +must be met: + +1. In order to get a change to a given file committed, it must have + the approval of at least one maintainer of that file. + + A patch of course needs Acks from the maintainers of each file that + it changes; so a patch which changes xen/arch/x86/traps.c, + xen/arch/x86/mm/p2m.c, and xen/arch/x86/mm/shadow/multi.c would + require an Ack from each of the three sets of maintainers. + + See below for rules on nested maintainership. + +2. It must have an Acked-by or a Reviewed-by from someone other than + the submitter. + +3. Sufficient time and/or warning must have been given for anyone to + respond. This depends in large part upon the urgency and nature of + the patch. For a straightforward uncontroversial patch, a day or + two is sufficient; for a controversial patch, perhaps waiting a + week and then saying "I intend to check this in tomorrow unless I + hear otherwise". + +4. There must be no "open" objections. + +In a case where one person submits a patch and a maintainer gives an +Ack, the Ack stands in for both the approval requirement (#1) and the +Acked-by-non-submitter requirement (#2). + +In a case where a maintainer themselves submits a patch, the +Signed-off-by meets the approval requirement (#1); so an Ack or Review +from anyone in the community suffices for requirement #2. + +Maintainers may choose to override non-maintainer objections in the +case that consensus can't be reached. + +As always, no policy can cover all possible situations. In +exceptional circumstances, committers may commit a patch in absence of +one or more of the above requirements, if they are reasonably +confident that the other maintainers will approve of their decision in +retrospect. + + The meaning of nesting + ====================== Many maintainership areas are "nested": for example, there are entries for xen/arch/x86 as well as xen/arch/x86/mm, and even @@ -118,11 +164,6 @@ the Ack of the xen/arch/x86/mm/shadow maintainer for that part of the patch, but would not require the Ack of the xen/arch/x86 maintainer or the xen/arch/x86/mm maintainer. -(A patch of course needs acks from the maintainers of each file that -it changes; so a patch which changes xen/arch/x86/traps.c, -xen/arch/x86/mm/p2m.c, and xen/arch/x86/mm/shadow/multi.c would -require an Ack from each of the three sets of maintainers.) - 2. In unusual circumstances, a more general maintainer's Ack can stand in for or even overrule a specific maintainer's Ack. Unusual circumstances might include:
The "nesting" section in the MAINTAINERS file was not initially intended to describe the check-in policy for patches, but only how nesting worked; but since there was no check-in policy, it has been acting as a de-facto policy. One problem with this is that the policy is not complete: It doesn't cover open objections, time to check-in, or so on. The other problem with the policy is that, as written, it doesn't account for maintainers submitting patches to files which they themselves maintain. This is fine for situations where there are are multiple maintainers, but not for situations where there is only one maintainer. Add an explicit "Check-in policy" section to the MAINTAINERS document to serve as the canonical reference for the check-in policy. Move paragraphs not explicitly related to nesting into it. While here, "promote" the "The meaning of nesting" section title. DISCUSSION This seems to be a change from people's understanding of the current policy. Most people's understanding of the current policy seems to be: 1. In order to get a change to a given file committed, it must have an Ack or Review from at least one *maintainer* of that file other than the submitter. 2. In the case where a file has only one maintainer, it must have an Ack or Review from a "nested" maintainer. I.e., if I submitted something to x86/mm, it would require an Ack from Jan or Andy, or (in exceptional circumstances) The Rest; but an Ack from (say) Roger or Juergen wouldn't suffice. Let's call this the "maintainer-ack" approach (because it must have an ack or r-b from a maintainer to be checked in), and the proposal in this patch the "maintainer-approval" (since SoB from a maintainer indicates approval). The core issue I have with "maintainer-ack" is that it makes the maintainer less privileged with regard to writing code than non-maintainers. If component X has maintainers A and B, then a non-maintainer can have code checked in if reviewed either by A or B. If A or B wants code checked in, they have to wait for exactly one person to review it. In fact, if B is quite busy, the easiest way for A really to get their code checked in might be to hand it to a non-maintainer N, and ask N to submit it as their own. Then A can Ack the patches and check them in. The current system, therefore, either sets up a perverse incentive (if you think the behavior described above is unacceptable) or unnecessary bureaucracy (if you think it's acceptable). Either way I think we should set up our system to avoid it. Other variations on "maintainer-ack" have been proposed: - Allow maintainer's patches to go in with an R-b from "designated reviewers" - Allow maintainer's patches to go in with an Ack from more general maintainer Both fundamentally make it harder for maintainers to get their code in and/or reviewed effectively than non-maintainers, setting up the perverse incentive / unnecessary bureaucracy. Signed-off-by: George Dunlap <george.dunlap@citrix.com> --- v2: - Modify "sufficient time" to "sufficient time and/or warning". - Add a comment explicitly stating that there are exceptions. - Move some of the alternate proposals into the changelog itself CC: Ian Jackson <ian.jackson@citrix.com> CC: Wei Liu <wl@xen.org> CC: Andrew Cooper <andrew.cooper3@citrix.com> CC: Jan Beulich <jbeulich@suse.com> CC: Tim Deegan <tim@xen.org> CC: Konrad Wilk <konrad.wilk@oracle.com> CC: Stefano Stabellini <sstabellini@kernel.org> CC: Julien Grall <julien@xen.org> CC: Lars Kurth <lars.kurth@citrix.com> This is a follow-up to the discussion in `[PATCH for-4.12] passthrough/vtd: Drop the "workaround_bios_bug" logic entirely`, specifically Message-ID: <5C9CF25A020000780022291B@prv1-mh.provo.novell.com> Another approach would be to say that in the case of multiple maintainers, the maintainers themselves can decide to mandate each other's Ack. For instance, Dario and I could agree that we don't need each others' ack for changes to the scheduler, but Andy and Jan could agree that they do need each other's Ack for changes to the x86 code. Checks that maintainers themselves have agreed on will produce neither perverse incentives, nor be considered "unnecessary". --- MAINTAINERS | 53 +++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 47 insertions(+), 6 deletions(-)