On 2022-12-29 15:59 , Fred Wright wrote:
Twice recently I've had changes made to ports I maintain without
respecting the maintainer timeout (and not for any urgent
security-related reasons). The first was py-serial, where the change
was merged without waiting for the maintainer timeout. And just now I
see that someone abused their write access to bypass the PR mechanism
entirely for a gpsd update, so that I wasn't even notified of the
change. And I've had good reason to hold off on updating gpsd, due to
its missing dependency on asciidoctor, which is currently broken on some
platforms due to the insistence on tying it to a broken version of ruby,
which I've actually been working on fixing.
Is this now the Wild West?
Fred Wright
Hi Fred,
Sorry you've been put out by these commits. Both of these ports are
marked as openmaintainer, which according to the project policy [1]
means that minor changes are allowed without obtaining the maintainer's
permission first. That certainly isn't carte blanche to do whatever you
want, but it does mean that pushing changes directly isn't necessarily
against the rules.
The definition of a minor update is left somewhat vague, but can
probably be thought of as synonymous with low-risk. I would say anything
beyond simple bugfixes, and certainly anything that changes the API or
ABI, should be run by the maintainer first. And as the policy says, the
committer is responsible for ensuring that the changes work properly. If
you push a change to someone else's port, you should consider yourself
"on the hook" for fixing anything that breaks as a result.
When in doubt, run it by the maintainer.
I'm not familiar enough with gpsd to say whether the recent update was
minor or not. Marius, please work with Fred to resolve any issues that
it may have caused.
If the change to py-serial you're referring to was mine of Dec 13, that
was part of a mass update to adopt a new feature in MacPorts 2.8.0,
which only touched openmaintainer and nomaintainer ports. IMO it was
well within the definition of a minor change.
If you would like your permission to be required for all changes to
these ports, the openmaintainer tag can be removed from the maintainers
option.
HTH,
- Josh
[1] <https://guide.macports.org/chunked/project.update-policies.html>
