On Mon, 10 Feb 2025 at 20:54, Tim Sutton <t...@kartoza.com> wrote: > Hi Nyall > > Thanks for raising this. > > I think you should include my name in the sunsetted (?) users list. I can > always make a PR if I get to C++ coding land again.. >
Thanks Tim! I'd intentionally omitted your name as I assumed you needed permissions for something changelog/website related, but if not then let's add you to the pending-removal list too... (Note that Gary also technically would fall into this group, but I'd propose a exemption for that special case 😝) Nyall > > For the web page, Lova has kindly prepared this: > https://github.com/qgis/QGIS-Website/pull/541 > > My suggestion is to first merge that (reflecting the current policy) and > then we can make a new PR to update the page once this discussion is > finalised. > > Regards > > Tim > > On Mon, Feb 10, 2025 at 7:44 AM Nyall Dawson via QGIS-PSC < > qgis-...@lists.osgeo.org> wrote: > >> On Mon, 10 Feb 2025 at 17:00, Loic Bartoletti >> <loic.bartole...@oslandia.com> wrote: >> >> > As you point out, it's important to note that activity is not solely >> measured by direct commits, but encompasses all significant contributions >> to the project (code reviews, participation in technical discussions, etc.). >> >> Actually, I **would** consider only code merges/commits in this 12 >> month threshold. If someone is making other contributions to the >> project (tech discussion, issue filing, etc) then they don't need >> commit rights for those, and won't be impacted by their removal. >> Again, we need to stress that the rights removal isn't due to a lack >> of trust in an individual, but rather a lack of necessity and in order >> to minimise the potential attack surface for the QGIS project. >> >> Nyall >> >> >> >> > >> > In addition to describing the points I'm in favor of, I think it's >> important to write down the policies with a dedicated page. Inspired by >> different projects/ideas, I've made a first draft, in the attached >> markdown. Feel free to adapt/improve... >> > >> > Loïc >> > >> > (In this thread, I won't write about nomination.) >> > >> > Le Lundi, Février 10, 2025 01:45 CET, Nyall Dawson via QGIS-PSC < >> qgis-...@lists.osgeo.org> a écrit: >> > >> > >> > On Sat, 8 Feb 2025 at 21:28, Saber Razmjooei via QGIS-PSC < >> qgis-...@lists.osgeo.org> wrote: >> > > >> > > Hi, >> > > >> > > Nothing against this nomination but I remember the discussion for >> becoming a core contributor was raised before with the PSC and it was >> agreed the current method is not ideal and should be reviewed. There was a >> plan to formalise the process. There were concerns about security, >> rationale to have write access, number of contributors from an entity, ... >> but I have not seen the discussions on that. Similar to QEP, I think this >> process also would benefit from formalisation. >> > >> > (I'm splitting this off to a new thread so as not to hijack the >> original, which should instead be focused on Benoit's/Jean's contributions >> and achievements. They are both wonderful QGIS developers and I don't want >> any of the following to be mis-interpreted as anything to do with these two >> contributors in any way, or as blocking their nominations under the current >> policies/processes!) >> > >> > That said: I strongly believe that we are overdue for an URGENT review >> of how we handle "core contributors" and git commit rights. >> > >> > This topic was raised some time ago in this thread: >> https://lists.osgeo.org/pipermail/qgis-psc/2020-June/008895.html , but >> unfortunately the discussion did not lead to any concrete policy changes. >> > >> > That thread swings between a whole lot of different ideas/topics, but >> the main pressing concern I have right now is that we have NO formal policy >> or process for "sunsetting" developers we have previously given commit >> rights to. This is a very large security risk -- we have developers who >> have not contributed to the project (or other open source geo projects) in >> years, but who still have full commit rights to our code repository. >> > >> > So, as an urgent band-aid fix to this, I would like to propose the >> following: >> > >> > 1. We amend >> https://web.archive.org/web/20240116120206/https://qgis.org/en/site/getinvolved/development/contributor_requirements.html >> (i can't find where this page was moved to on the new website!! 🤣) to add >> a term: >> > >> > "I agree to immediately notify the QGIS project in the case of a change >> in job position or personal circumstances which means that I am unlikely to >> continue regular contributions to QGIS. I understand that my commit rights >> may be revoked at this time." >> > >> > 2. We make a policy that after 12 months without significant code >> contributions to QGIS, a developer's commit rights will be revoked. (That >> developer is obviously still able to contribute to QGIS, review code, send >> in pull requests, etc... they just won't have merge rights themselves >> anymore). These rights can be resurrected when regular contributions >> re-commence. A good example of this would be Paul Blottiere -- he's no >> longer involved directly in QGIS development, but does still respond when >> pinged on code related questions. He does not need and should not have >> direct commit rights anymore. This is NOT a reflection on his abilities, >> committment or anything -- it's just plugging a security hole in our >> processes.[1] (For reference, of the 39 developers who currently have >> direct commit rights, 12 have not committed to the repo in 2 years or >> more!). >> > >> > 3. We make some pro-active policy for handling "bad actors". This might >> be as simple as adding "I understand that at any stage PSC my act to remove >> my commit rights", and document somewhere that in extreme cases PSC has >> this right. >> > >> > And then the next issue 😬... we have people who were nominated for >> core committer status over the last couple of years but who NEVER received >> this status, I think because of the current uncertainty in the whole >> process. Specifically I'm thinking of Andrea Giudiceandrea, who was >> nominated in Aug 2023. Andrea is SOO extremely valuable to the project, >> and I would hate to think that there's any ill-will or risk of resentment >> because of this. What do we need to do to move forward with Andrea's >> nomination? >> > >> > Nyall >> > >> > [1] If we did this, the following developers would lose direct commit >> rights: >> > - luipir (last commit Feb 2021) >> > - volaya (last commit May 2020) >> > - mhugo (last commit Oct 2019) >> > - slarosa (last commit Jan 2021) >> > - etiennesky (last commit 2015) >> > - PeterPetrik (last commit Nov 2022) >> > - kyngchaos (last commit Mar 2020) >> > - pcav (last commit Mar 2019) >> > - blazek (last commit Feb 2020) >> > - ccrook (last commit Jan 2018) >> > - sbrunner (last commit Jan 2022) >> > - pka (last commit Jan 2015) >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > > >> > > Kind regards >> > > Saber >> > > >> > > On Fri, 7 Feb 2025, 15:05 Even Rouault via QGIS-Developer, < >> qgis-developer@lists.osgeo.org> wrote: >> > >> >> > >> Hi PSC, >> > >> >> > >> I'd like to propose that Benoit de Mezzo >> > >> (https://github.com/benoitdm-oslandia) and Jean Felder >> > >> (https://github.com/ptitjano) are granted core committer rights. >> > >> >> > >> They have been active on QGIS development for 3 years now, >> especially on >> > >> the 3D part and also on server, contributing interesting features and >> > >> fixes, on particularly tedious areas. >> > >> They also proved their capability to listen and integrate feedback >> into >> > >> their work. They showed their dedication to quality of the code and >> > >> contribution process. >> > >> They also actively contribute to PR reviews and general community >> effort. >> > >> They are willing to stay involved with the QGIS project and continue >> to >> > >> be active contributors. >> > >> I believe it is time to acknowledge their continuous involvement in >> the >> > >> project. >> > >> >> > >> Even >> > >> >> > >> -- >> > >> http://www.spatialys.com >> > >> My software is free, but my time generally not. >> > >> >> > >> _______________________________________________ >> > >> QGIS-Developer mailing list >> > >> QGIS-Developer@lists.osgeo.org >> > >> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer >> > >> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer >> > > >> > > _______________________________________________ >> > > QGIS-PSC mailing list >> > > qgis-...@lists.osgeo.org >> > > https://lists.osgeo.org/mailman/listinfo/qgis-psc >> > >> > >> > >> > >> _______________________________________________ >> QGIS-PSC mailing list >> qgis-...@lists.osgeo.org >> https://lists.osgeo.org/mailman/listinfo/qgis-psc >> > > > -- > Tim Sutton > > *Kartoza Cofounder*Tim is a member of the QGIS Project Steering Committee > > *T *: +27(0) 87 809 2702 *E *: t...@kartoza.com *W* : > kartoza.com > > > > *This email and any attachments are confidential and intended solely for > the use of the individual or entity to whom they are addressed. If you * > *have received this email in error, please notify the sender immediately > and delete it from your system. Unauthorised use, disclosure, or copying* > *of the contents is prohibited.* >
_______________________________________________ QGIS-Developer mailing list QGIS-Developer@lists.osgeo.org List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
