RFC: adding fd-passing to win32

Sun Aug 21 21:38:46 UTC 2022

On Thursday, 18 August 2022 07:25:16 -03 David Rheinsberg wrote:
> Why is it so hard for the D-Bus community to welcome external
> contributions, to encourage people to work on specification updates,
> to support development efforts? Is this how we react to contributors
> showing their prototypes? This thread has been very disappointing to
> me.

I did encourage Marc-André saying I think it's a useful addition and gave an 
idea of how I think he could go about it more easily. The passage you're 
quoting from me was pointing out that the path he is choosing seems to me to 
be more difficult than the other, in particular because it requires a review 
from very busy people who have little knowledge about Windows and less 
interest in it.

> Why do we shower contributors in CVEs when they ask whether something
> was problematic? Bugs happen, security problems happen, how is this a
> good explanation for something being "problematic"? If it was
> problematic, can't we tell them why, rather than showing the bugs _our
> implementation_ had? CVE-2014-3635 is literally about a buffer
> overflow, how is this relevant other than accidentally being in the
> code that handles fd-passing?

Because modifying D-Bus and fd-passing requires a lot of specialised knowledge 
to write the code and review it, to make sure we don't create more or 
reintroduce old security issues. Those were meant as examples of why such a 
thing is not trivial and to support the suggestion of taking the path of 
minimal change (implied here the assumption that the minimal change is also 
the one least likely to introduce problems).

> Why do we so strongly discourage specification updates? Why always
> talking about how hard something is, how much effort it is, how much
> "convincing" is needed? I acknowledge that specification changes need
> agreement across many parties, but why frame it as an argument against
> working on something? Especially if the contributors hint that they
> are ok with that extra effort?

Answered above.

> I don't say adding 'H' is the way to go, but why is `it is a lot of
> work` used as an argument, rather than just as a heads-up to the
> contributor?

It's a suggestion. At no point did Simon or I say that we'd reject such a 
contribution. We made statements of advice, based on our past experience, and 
also based on the fact that the two of us are some of the most likely 
reviewers of a spec change. I could say "I don't care about Windows, I'll just 
agree with whatever Ralf agrees to" but I won't. I don't think it's 
professional of me to do so; instead, I think I should make the effort to 
review properly, which means understanding why the change to the spec is being 
made, not simply what that change is.

> Why can't we encourage contributors more? Why can't we be more
> welcoming, assisting? Tell them we acknowledge their work, and we
> appreciate it? And if we don't have the time for welcoming
> communication, why not just refrain from commenting at all?

Like the three months that passed between the two original emails and my reply 
that offered any hope of the change being accepted at all? Before I replied, it 
was dead in the water.

I kept those two emails unread in the "dbus" folder for months because I 
thought it deserved a worthwhile effort on my part to reply. I could have just 
ignored them.

Should I just not reply at all to any suggestions?

-- 
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
   Software Architect - Intel DCAI Cloud Engineering