New port with maintainer ports@FreeBSD.org [was: Question about maintainers]

Sat Jul 30 20:18:03 GMT 2005

On Sun, Jul 31, 2005 at 12:11:40AM +0430, Babak Farrokhi wrote:
> Let me give you an example: I am the maintainer for www/eventum. The
> current version in ports tree was 1.5.4 so I submitted the patch for
> 1.5.5 (ports/84297) and now version 1.6.0 is out but the patch is not
> submitted despite I was the maintainer myself.

Although I share your frustration at getting bugs fixed and upgrades
committed, it is fair to note that 84297 came in only yesterday.  The
correct thing to do here is to do a followup with the patches to 1.6.0.
Whoever picks up the PR will then be able to skip the earlier patch.

> Another example: I submitted patch to update editors/vim to patchlevel
> 79, now this version is vulnerable to arbitrary command execution
> according to CAN-2005-2368. So I submitted the patchlevel 85
> (ports/84145) and also notified security-team at . But the port is still
> awaiting approval.

Well, 84145 isn't labeled as a security update in the Synopsis, which
might have helped.  I'll note that the maintainer did commit your
previous update patch within a day, although it has been several days
on this one.  I can't speak to what secteam has done, you would have
to ask them.

> There is really something wrong with the port management process.
> People's work is not being respected. So how do I get encouraged to
> submit my patches?

We have 173 people with port commit bits (some of whom are more active
than others) and an average of around 30 ports PRs arriving per day.
Since all the ports committers are volunteers, it's not possible to
compel them to commit anything -- all we can do is to encourage, and to
offer recognition.  I think we do pretty well keeping up with the
incoming PR flood (the rate of which, by the way, continues to increase.)

It's not a perfect process, but I really don't know of what else that
we can do in a volunteer project.

Slightly different topic:

There's another "management" principle about individuals at work here,
that bears reiteration: "praise in public, criticize in private".  It's
completely fair for you, or anyone else, to criticize our processes in
public.  But when it comes down to people that feel that another FreeBSD
contributor isn't pulling their weight, I'd much rather see those
complaints first go to the groups that have accepted the responsibility
to look after such things -- for ports, portmgr; for security, secteam;
and if both of them fall down on the job, core.  Remember that everyone
here is doing this work because it's fun or it gives them some kind of
satisfaction (as are you, yourself, when you help us out by submitting
patches), and thank-yous are always a much more effective motivator than
criticism.

Please don't take this as particularly directed at you.  A common theme
in this thread -- which hasn't yet been commented on -- is that certain
individual contributors are not pulling their weight, as it were.  In
the meantime, I'll put my portmgr hat on and note that it has been many
months since anyone has directly submitted a complaint to portmgr about
an individual.  I would much rather these things be worked out via email
in that venue.

I hope people can take this advice as constructive criticism.

But to summarize, we welcome your contributions, but you have to be
prepared to be realistic about what a team of volunteers is going to
be able to accomplish.

mcl