Hi Nyall Thanks for raising this.
I think you should include my name in the sunsetted (?) users list. I can always make a PR if I get to C++ coding land again.. For the web page, Lova has kindly prepared this: https://github.com/qgis/QGIS-Website/pull/541 My suggestion is to first merge that (reflecting the current policy) and then we can make a new PR to update the page once this discussion is finalised. Regards Tim On Mon, Feb 10, 2025 at 7:44 AM Nyall Dawson via QGIS-PSC < qgis-...@lists.osgeo.org> wrote: > On Mon, 10 Feb 2025 at 17:00, Loic Bartoletti > <loic.bartole...@oslandia.com> wrote: > > > As you point out, it's important to note that activity is not solely > measured by direct commits, but encompasses all significant contributions > to the project (code reviews, participation in technical discussions, etc.). > > Actually, I **would** consider only code merges/commits in this 12 > month threshold. If someone is making other contributions to the > project (tech discussion, issue filing, etc) then they don't need > commit rights for those, and won't be impacted by their removal. > Again, we need to stress that the rights removal isn't due to a lack > of trust in an individual, but rather a lack of necessity and in order > to minimise the potential attack surface for the QGIS project. > > Nyall > > > > > > > In addition to describing the points I'm in favor of, I think it's > important to write down the policies with a dedicated page. Inspired by > different projects/ideas, I've made a first draft, in the attached > markdown. Feel free to adapt/improve... > > > > Loïc > > > > (In this thread, I won't write about nomination.) > > > > Le Lundi, Février 10, 2025 01:45 CET, Nyall Dawson via QGIS-PSC < > qgis-...@lists.osgeo.org> a écrit: > > > > > > On Sat, 8 Feb 2025 at 21:28, Saber Razmjooei via QGIS-PSC < > qgis-...@lists.osgeo.org> wrote: > > > > > > Hi, > > > > > > Nothing against this nomination but I remember the discussion for > becoming a core contributor was raised before with the PSC and it was > agreed the current method is not ideal and should be reviewed. There was a > plan to formalise the process. There were concerns about security, > rationale to have write access, number of contributors from an entity, ... > but I have not seen the discussions on that. Similar to QEP, I think this > process also would benefit from formalisation. > > > > (I'm splitting this off to a new thread so as not to hijack the > original, which should instead be focused on Benoit's/Jean's contributions > and achievements. They are both wonderful QGIS developers and I don't want > any of the following to be mis-interpreted as anything to do with these two > contributors in any way, or as blocking their nominations under the current > policies/processes!) > > > > That said: I strongly believe that we are overdue for an URGENT review > of how we handle "core contributors" and git commit rights. > > > > This topic was raised some time ago in this thread: > https://lists.osgeo.org/pipermail/qgis-psc/2020-June/008895.html , but > unfortunately the discussion did not lead to any concrete policy changes. > > > > That thread swings between a whole lot of different ideas/topics, but > the main pressing concern I have right now is that we have NO formal policy > or process for "sunsetting" developers we have previously given commit > rights to. This is a very large security risk -- we have developers who > have not contributed to the project (or other open source geo projects) in > years, but who still have full commit rights to our code repository. > > > > So, as an urgent band-aid fix to this, I would like to propose the > following: > > > > 1. We amend > https://web.archive.org/web/20240116120206/https://qgis.org/en/site/getinvolved/development/contributor_requirements.html > (i can't find where this page was moved to on the new website!! 🤣) to add > a term: > > > > "I agree to immediately notify the QGIS project in the case of a change > in job position or personal circumstances which means that I am unlikely to > continue regular contributions to QGIS. I understand that my commit rights > may be revoked at this time." > > > > 2. We make a policy that after 12 months without significant code > contributions to QGIS, a developer's commit rights will be revoked. (That > developer is obviously still able to contribute to QGIS, review code, send > in pull requests, etc... they just won't have merge rights themselves > anymore). These rights can be resurrected when regular contributions > re-commence. A good example of this would be Paul Blottiere -- he's no > longer involved directly in QGIS development, but does still respond when > pinged on code related questions. He does not need and should not have > direct commit rights anymore. This is NOT a reflection on his abilities, > committment or anything -- it's just plugging a security hole in our > processes.[1] (For reference, of the 39 developers who currently have > direct commit rights, 12 have not committed to the repo in 2 years or > more!). > > > > 3. We make some pro-active policy for handling "bad actors". This might > be as simple as adding "I understand that at any stage PSC my act to remove > my commit rights", and document somewhere that in extreme cases PSC has > this right. > > > > And then the next issue 😬... we have people who were nominated for core > committer status over the last couple of years but who NEVER received this > status, I think because of the current uncertainty in the whole process. > Specifically I'm thinking of Andrea Giudiceandrea, who was nominated in > Aug 2023. Andrea is SOO extremely valuable to the project, and I would hate > to think that there's any ill-will or risk of resentment because of this. > What do we need to do to move forward with Andrea's nomination? > > > > Nyall > > > > [1] If we did this, the following developers would lose direct commit > rights: > > - luipir (last commit Feb 2021) > > - volaya (last commit May 2020) > > - mhugo (last commit Oct 2019) > > - slarosa (last commit Jan 2021) > > - etiennesky (last commit 2015) > > - PeterPetrik (last commit Nov 2022) > > - kyngchaos (last commit Mar 2020) > > - pcav (last commit Mar 2019) > > - blazek (last commit Feb 2020) > > - ccrook (last commit Jan 2018) > > - sbrunner (last commit Jan 2022) > > - pka (last commit Jan 2015) > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Kind regards > > > Saber > > > > > > On Fri, 7 Feb 2025, 15:05 Even Rouault via QGIS-Developer, < > qgis-developer@lists.osgeo.org> wrote: > > >> > > >> Hi PSC, > > >> > > >> I'd like to propose that Benoit de Mezzo > > >> (https://github.com/benoitdm-oslandia) and Jean Felder > > >> (https://github.com/ptitjano) are granted core committer rights. > > >> > > >> They have been active on QGIS development for 3 years now, especially > on > > >> the 3D part and also on server, contributing interesting features and > > >> fixes, on particularly tedious areas. > > >> They also proved their capability to listen and integrate feedback > into > > >> their work. They showed their dedication to quality of the code and > > >> contribution process. > > >> They also actively contribute to PR reviews and general community > effort. > > >> They are willing to stay involved with the QGIS project and continue > to > > >> be active contributors. > > >> I believe it is time to acknowledge their continuous involvement in > the > > >> project. > > >> > > >> Even > > >> > > >> -- > > >> http://www.spatialys.com > > >> My software is free, but my time generally not. > > >> > > >> _______________________________________________ > > >> QGIS-Developer mailing list > > >> QGIS-Developer@lists.osgeo.org > > >> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer > > >> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer > > > > > > _______________________________________________ > > > QGIS-PSC mailing list > > > qgis-...@lists.osgeo.org > > > https://lists.osgeo.org/mailman/listinfo/qgis-psc > > > > > > > > > _______________________________________________ > QGIS-PSC mailing list > qgis-...@lists.osgeo.org > https://lists.osgeo.org/mailman/listinfo/qgis-psc > -- Tim Sutton *Kartoza Cofounder*Tim is a member of the QGIS Project Steering Committee *T *: +27(0) 87 809 2702 *E *: t...@kartoza.com *W* : kartoza.com *This email and any attachments are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you * *have received this email in error, please notify the sender immediately and delete it from your system. Unauthorised use, disclosure, or copying* *of the contents is prohibited.*
_______________________________________________ QGIS-Developer mailing list QGIS-Developer@lists.osgeo.org List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
