[ANN] Please use Gerrit from now on for Patch Review

Lionel Elie Mamane lionel at mamane.lu
Wed Jun 20 03:26:23 PDT 2012 

On Wed, Jun 20, 2012 at 04:31:21AM -0500, Norbert Thiebaud wrote:
> On Wed, Jun 20, 2012 at 4:21 AM, Lionel Elie Mamane <lionel at mamane.lu> wrote:
>> On Mon, Jun 18, 2012 at 12:09:49PM +0200, Bjoern Michaelsen wrote:

>>> gerrit is documented and ready to go.

>> It refuses to take patches (commits) whose author field is not an
>> email address registered in my account.

> Anonymous Uer are only allow to read
> Registered User do not have the authority to 'Forge' Author and/or Committer
> people in the Commiter Group can... so you need to be added to it

Ah, I understand. When the gerrit repos are the "true one source" and
gerrit will do the "push" automatically once someone validates the
patch in the web interface, what will "Committer" be? The one that
uploaded the patch or the one that validated it in the web interface?
IMHO it would be nice if it would be the one that validated in the web
interface.

>> How do I submit for review a patch authored by someone else
>> (e.g. one-off contributor that does not want to go through the hassle
>> of setting up for OpenID, git, gerrit, ...)?

> how does one create a patch without git ?

With "diff --recursive" or quilt or debdiff (after building custom
Debian packages) or ... It is not inconceivable for people to hack on
the sources distributed by their distros rather than upstream sources;
I often do that for software where I just want to fix this one bug,
because "apt-get source package" is so much easier than "find where
the hell upstream sources are, use specific tool I might not be
familiar with (git, darcs, svn, mercurial, ... there are so many)".

Anyway, I meant "setup git for gerrit with SSH keys and all that".

> and isn't the whole point of OpenID is 're-use'.

And? That I might be able to 're-use' on another website in 5 years
does not make it any easier or more attractive to go through a
double-plus-more-complicated setup to get an OpenID identity
(double-plus-more-complicated compared to clicking "register" and
copy-pasting a random password generated by pwgen or "dd
if=/dev/urandom count=1 bs=9 | uuencode -m foo". Plus the though
choice of "OK, who (which OpenID provider) do I want to give the power
to impersonate me"?)

To add insult to injury, I cannot 're-use' *any* of my *existing*
reusable authentication methods. I have an OpenPGP card, SSH keys in
files, I have X.509 client certs (in files, on smartcard, ...),
etc. Noooo, it has to be *yet* *another* method.

Me personally, as a vested LibreOffice contributor, OK, I make efforts
for the common good so that we can have a better patch review /
handling mechanism (although I *do* *not* understand *at* *all* why we
have to require an OpenID, instead of offering it as an
alternative). If I were a first-time contributor, frankly, I'd stop
right there or at best dump the patch to the Mailing List anyway (or
in the bug tracker).

> somehow I cannot find you're id in Gerrit, so I cannot add you to the
> right 'group'

> So I'm wondering how were you even trying to push a patch ?

I'm using a throw-away account for testing / playing, with an OpenID
that is NOT GUARANTEED to be only me, so even if you guess which
account that is, do not give it *any* privilege we don't want "any
random person" to have.

-- 
Lionel

More information about the LibreOffice mailing list