<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">Hi Nyall</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">Thanks for raising this.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">I think you should include my name in the sunsetted (?) users list. I can always make a PR if I get to C++ coding land again..<br><br>For the web page, Lova has kindly prepared this: <a href="https://github.com/qgis/QGIS-Website/pull/541">https://github.com/qgis/QGIS-Website/pull/541</a><br><br>My suggestion is to first merge that (reflecting the current policy) and then we can make a new PR to update the page once this discussion is finalised.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">Regards</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">Tim</div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Mon, Feb 10, 2025 at 7:44 AM Nyall Dawson via QGIS-PSC <<a href="mailto:qgis-psc@lists.osgeo.org">qgis-psc@lists.osgeo.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Mon, 10 Feb 2025 at 17:00, Loic Bartoletti<br>
<<a href="mailto:loic.bartoletti@oslandia.com" target="_blank">loic.bartoletti@oslandia.com</a>> wrote:<br>
> As you point out, it's important to note that activity is not solely measured by direct commits, but encompasses all significant contributions to the project (code reviews, participation in technical discussions, etc.).<br>
Actually, I **would** consider only code merges/commits in this 12<br>
month threshold. If someone is making other contributions to the<br>
project (tech discussion, issue filing, etc) then they don't need<br>
commit rights for those, and won't be impacted by their removal.<br>
Again, we need to stress that the rights removal isn't due to a lack<br>
of trust in an individual, but rather a lack of necessity and in order<br>
to minimise the potential attack surface for the QGIS project.<br>
> In addition to describing the points I'm in favor of, I think it's important to write down the policies with a dedicated page. Inspired by different projects/ideas, I've made a first draft, in the attached markdown. Feel free to adapt/improve...<br>
> Loïc<br>
> (In this thread, I won't write about nomination.)<br>
> Le Lundi, Février 10, 2025 01:45 CET, Nyall Dawson via QGIS-PSC <<a href="mailto:qgis-psc@lists.osgeo.org" target="_blank">qgis-psc@lists.osgeo.org</a>> a écrit:<br>
> On Sat, 8 Feb 2025 at 21:28, Saber Razmjooei via QGIS-PSC <<a href="mailto:qgis-psc@lists.osgeo.org" target="_blank">qgis-psc@lists.osgeo.org</a>> wrote:<br>
> ><br>
> > Hi,<br>
> ><br>
> > Nothing against this nomination but I remember the discussion for becoming a core contributor was raised before with the PSC and it was agreed the current method is not ideal and should be reviewed. There was a plan to formalise the process. There were concerns about security, rationale to have write access, number of contributors from an entity, ... but I have not seen the discussions on that. Similar to QEP, I think this process also would benefit from formalisation.<br>
> (I'm splitting this off to a new thread so as not to hijack the original, which should instead be focused on Benoit's/Jean's contributions and achievements. They are both wonderful QGIS developers and I don't want any of the following to be mis-interpreted as anything to do with these two contributors in any way, or as blocking their nominations under the current policies/processes!)<br>
> That said: I strongly believe that we are overdue for an URGENT review of how we handle "core contributors" and git commit rights.<br>
> This topic was raised some time ago in this thread: <a href="https://lists.osgeo.org/pipermail/qgis-psc/2020-June/008895.html" rel="noreferrer" target="_blank">https://lists.osgeo.org/pipermail/qgis-psc/2020-June/008895.html</a> , but unfortunately the discussion did not lead to any concrete policy changes.<br>
> That thread swings between a whole lot of different ideas/topics, but the main pressing concern I have right now is that we have NO formal policy or process for "sunsetting" developers we have previously given commit rights to. This is a very large security risk -- we have developers who have not contributed to the project (or other open source geo projects) in years, but who still have full commit rights to our code repository.<br>
> So, as an urgent band-aid fix to this, I would like to propose the following:<br>
> 1. We amend <a href="https://web.archive.org/web/20240116120206/https://qgis.org/en/site/getinvolved/development/contributor_requirements.html" rel="noreferrer" target="_blank">https://web.archive.org/web/20240116120206/https://qgis.org/en/site/getinvolved/development/contributor_requirements.html</a> (i can't find where this page was moved to on the new website!! 🤣) to add a term:<br>
> "I agree to immediately notify the QGIS project in the case of a change in job position or personal circumstances which means that I am unlikely to continue regular contributions to QGIS. I understand that my commit rights may be revoked at this time."<br>
> 2. We make a policy that after 12 months without significant code contributions to QGIS, a developer's commit rights will be revoked. (That developer is obviously still able to contribute to QGIS, review code, send in pull requests, etc... they just won't have merge rights themselves anymore). These rights can be resurrected when regular contributions re-commence. A good example of this would be Paul Blottiere -- he's no longer involved directly in QGIS development, but does still respond when pinged on code related questions. He does not need and should not have direct commit rights anymore. This is NOT a reflection on his abilities, committment or anything -- it's just plugging a security hole in our processes.[1] (For reference, of the 39 developers who currently have direct commit rights, 12 have not committed to the repo in 2 years or more!).<br>
> 3. We make some pro-active policy for handling "bad actors". This might be as simple as adding "I understand that at any stage PSC my act to remove my commit rights", and document somewhere that in extreme cases PSC has this right.<br>
> And then the next issue 😬... we have people who were nominated for core committer status over the last couple of years but who NEVER received this status, I think because of the current uncertainty in the whole process. Specifically I'm thinking of Andrea Giudiceandrea, who was nominated in Aug 2023. Andrea is SOO extremely valuable to the project, and I would hate to think that there's any ill-will or risk of resentment because of this. What do we need to do to move forward with Andrea's nomination?<br>
> Nyall<br>
> [1] If we did this, the following developers would lose direct commit rights:<br>
> - luipir (last commit Feb 2021)<br>
> - volaya (last commit May 2020)<br>
> - mhugo (last commit Oct 2019)<br>
> - slarosa (last commit Jan 2021)<br>
> - etiennesky (last commit 2015)<br>
> - PeterPetrik (last commit Nov 2022)<br>
> - kyngchaos (last commit Mar 2020)<br>
> - pcav (last commit Mar 2019)<br>
> - blazek (last commit Feb 2020)<br>
> - ccrook (last commit Jan 2018)<br>
> - sbrunner (last commit Jan 2022)<br>
> - pka (last commit Jan 2015)<br>
> ><br>
> > Kind regards<br>
> > Saber<br>
> ><br>
> > On Fri, 7 Feb 2025, 15:05 Even Rouault via QGIS-Developer, <<a href="mailto:qgis-developer@lists.osgeo.org" target="_blank">qgis-developer@lists.osgeo.org</a>> wrote:<br>
> >><br>
> >> Hi PSC,<br>
> >><br>
> >> I'd like to propose that Benoit de Mezzo<br>
> >> (<a href="https://github.com/benoitdm-oslandia" rel="noreferrer" target="_blank">https://github.com/benoitdm-oslandia</a>) and Jean Felder<br>
> >> (<a href="https://github.com/ptitjano" rel="noreferrer" target="_blank">https://github.com/ptitjano</a>) are granted core committer rights.<br>
> >><br>
> >> They have been active on QGIS development for 3 years now, especially on<br>
> >> the 3D part and also on server, contributing interesting features and<br>
> >> fixes, on particularly tedious areas.<br>
> >> They also proved their capability to listen and integrate feedback into<br>
> >> their work. They showed their dedication to quality of the code and<br>
> >> contribution process.<br>
> >> They also actively contribute to PR reviews and general community effort.<br>
> >> They are willing to stay involved with the QGIS project and continue to<br>
> >> be active contributors.<br>
> >> I believe it is time to acknowledge their continuous involvement in the<br>
> >> project.<br>
> >><br>
> >> Even<br>
> >><br>
> >> --<br>
> >> <a href="http://www.spatialys.com" rel="noreferrer" target="_blank">http://www.spatialys.com</a><br>
> >> My software is free, but my time generally not.<br>
> >><br>
> >> _______________________________________________<br>
> >> QGIS-Developer mailing list<br>
> >> <a href="mailto:QGIS-Developer@lists.osgeo.org" target="_blank">QGIS-Developer@lists.osgeo.org</a><br>
> >> List info: <a href="https://lists.osgeo.org/mailman/listinfo/qgis-developer" rel="noreferrer" target="_blank">https://lists.osgeo.org/mailman/listinfo/qgis-developer</a><br>
> >> Unsubscribe: <a href="https://lists.osgeo.org/mailman/listinfo/qgis-developer" rel="noreferrer" target="_blank">https://lists.osgeo.org/mailman/listinfo/qgis-developer</a><br>
> ><br>
> > _______________________________________________<br>
> > QGIS-PSC mailing list<br>
> > <a href="mailto:QGIS-PSC@lists.osgeo.org" target="_blank">QGIS-PSC@lists.osgeo.org</a><br>
> > <a href="https://lists.osgeo.org/mailman/listinfo/qgis-psc" rel="noreferrer" target="_blank">https://lists.osgeo.org/mailman/listinfo/qgis-psc</a><br>
QGIS-PSC mailing list<br>
<a href="mailto:QGIS-PSC@lists.osgeo.org" target="_blank">QGIS-PSC@lists.osgeo.org</a><br>
<a href="https://lists.osgeo.org/mailman/listinfo/qgis-psc" rel="noreferrer" target="_blank">https://lists.osgeo.org/mailman/listinfo/qgis-psc</a><br>
</blockquote></div><div><br clear="all"></div><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div style="color:rgb(34,34,34)">Tim Sutton</div><div style="color:rgb(34,34,34)"><b>Kartoza Cofounder<br></b><span style="color:rgb(32,33,36);text-align:center">Tim is a member of the QGIS Project Steering Committee</span><b><br></b></div><div style="color:rgb(34,34,34)"><b><br></b></div><div style="color:rgb(34,34,34)"><b>T </b>: +27(0) 87 809 2702 <b>E </b>:<b> </b><a href="mailto:tim@kartoza.com" style="color:rgb(17,85,204)" target="_blank">tim@kartoza.com</a> <b>W</b> : <a href="http://kartoza.com/" style="color:rgb(17,85,204)" target="_blank">kartoza.com</a><br></div><div style="color:rgb(34,34,34)"><br></div><div style="color:rgb(34,34,34)"><div><img src="https://ci3.googleusercontent.com/mail-sig/AIorK4wjeTRcj_LuA-mCKKqWOvHMPBgOOW2yAJl0VmVp633nbuz-9CB_jVZDCPLCovRQAuGIGQyHe3xLHI1H"><br></div><div><br></div><i>This email and any attachments are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you </i><div><i>have received this email in error, please notify the sender immediately and delete it from your system. Unauthorised use, disclosure, or copying</i></div><div><i>of the contents is prohibited.</i></div></div></div></div>