[Qgis-psc] Urgent review of github rules and policies required!

[Julien Cabieces]

Hi,

I agree that we need a formal proposal for all the points that you rise,
and I agree also with what you propose.

Regarding Andrea's nomination, We were 6 to agree on giving him the
committer's right [0] and no one said no, so I don't see any reason not
to proceed with its nomination.

Regards,
Julien

[0] https://lists.osgeo.org/pipermail/qgis-developer/2023-August/066044.html

> On Sat, 8 Feb 2025 at 21:28, Saber Razmjooei via QGIS-PSC <qgis-psc at lists.osgeo.org> wrote:
>>
>> Hi,
>>  
>> Nothing against this nomination but I remember the discussion for becoming a core contributor was raised before with the PSC and it was
> agreed the current method is not ideal and should be reviewed. There was a plan to formalise the process. There were concerns about
> security, rationale to have write access, number of contributors from an entity, ... but I have not seen the discussions on that. Similar to QEP, I
> think this process also would benefit from formalisation.
>
> (I'm splitting this off to a new thread so as not to hijack the original, which should instead be focused on Benoit's/Jean's contributions and
> achievements. They are both wonderful QGIS developers and I don't want any of the following to be mis-interpreted as anything to do with
> these two contributors in any way, or as blocking their nominations under the current policies/processes!)
>
> That said: I strongly believe that we are overdue for an URGENT review of how we handle "core contributors" and git commit rights.
>
> This topic was raised some time ago in this thread: https://lists.osgeo.org/pipermail/qgis-psc/2020-June/008895.html , but unfortunately the
> discussion did not lead to any concrete policy changes.
>
> That thread swings between a whole lot of different ideas/topics, but the main pressing concern I have right now is that we have NO formal
> policy or process for "sunsetting" developers we have previously given commit rights to. This is a very large security risk -- we have developers
> who have not contributed to the project (or other open source geo projects) in years, but who still have full commit rights to our code
> repository.
>
> So, as an urgent band-aid fix to this, I would like to propose the following:
>
> 1. We amend https://web.archive.org/web/20240116120206/https://qgis.org/en/site/getinvolved/development/contributor_requirements.html
> (i can't find where this page was moved to on the new website!! 🤣) to add a term:
>
> "I agree to immediately notify the QGIS project in the case of a change in job position or personal circumstances which means that I am
> unlikely to continue regular contributions to QGIS. I understand that my commit rights may be revoked at this time."
>
> 2. We make a policy that after 12 months without significant code contributions to QGIS, a developer's commit rights will be revoked. (That
> developer is obviously still able to contribute to QGIS, review code, send in pull requests, etc... they just won't have merge rights themselves
> anymore). These rights can be resurrected when regular contributions re-commence. A good example of this would be Paul Blottiere -- he's no
> longer involved directly in QGIS development, but does still respond when pinged on code related questions. He does not need and should not
> have direct commit rights anymore. This is NOT a reflection on his abilities, committment or anything -- it's just plugging a security hole in our
> processes.[1] (For reference, of the 39 developers who currently have direct commit rights, 12 have not committed to the repo in 2 years or
> more!).
>
> 3. We make some pro-active policy for handling "bad actors". This might be as simple as adding "I understand that at any stage PSC my act to
> remove my commit rights", and document somewhere that in extreme cases PSC has this right.
>
> And then the next issue 😬... we have people who were nominated for core committer status over the last couple of years but who NEVER
> received this status, I think because of the  current uncertainty in the whole process. Specifically I'm thinking of Andrea Giudiceandrea, who
> was nominated in  Aug 2023. Andrea is SOO extremely valuable to the project, and I would hate to think that there's any ill-will or risk of
> resentment because of this. What do we need to do to move forward with Andrea's nomination?
>
> Nyall
>
> [1] If we did this, the following developers would lose direct commit rights:
> - luipir (last commit Feb 2021)
> - volaya (last commit May 2020)
> - mhugo (last commit Oct 2019)
> - slarosa (last commit Jan 2021)
> - etiennesky (last commit 2015)
> - PeterPetrik (last commit Nov 2022)
> - kyngchaos (last commit Mar 2020)
> - pcav (last commit Mar 2019)
> - blazek (last commit Feb 2020)
> - ccrook (last commit Jan 2018)
> - sbrunner (last commit Jan 2022)
> - pka (last commit Jan 2015)
>
>>
>> Kind regards
>> Saber
>>
>> On Fri, 7 Feb 2025, 15:05 Even Rouault via QGIS-Developer, <qgis-developer at lists.osgeo.org> wrote:
>>>
>>> Hi PSC,
>>>
>>> I'd like to propose that Benoit de Mezzo
>>> (https://github.com/benoitdm-oslandia) and Jean Felder
>>> (https://github.com/ptitjano) are granted core committer rights.
>>>
>>> They have been active on QGIS development for 3 years now, especially on
>>> the 3D part and also on server, contributing interesting features and
>>> fixes, on particularly tedious areas.
>>> They also proved their capability to listen and integrate feedback into
>>> their work. They showed their dedication to quality of the code and
>>> contribution process.
>>> They also actively contribute to PR reviews and general community effort.
>>> They are willing to stay involved with the QGIS project and continue to
>>> be active contributors.
>>> I believe it is time to acknowledge their continuous involvement in the
>>> project.
>>>
>>> Even
>>>
>>> --
>>> http://www.spatialys.com
>>> My software is free, but my time generally not.
>>>
>>> _______________________________________________
>>> QGIS-Developer mailing list
>>> QGIS-Developer at lists.osgeo.org
>>> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>>> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>>
>> _______________________________________________
>> QGIS-PSC mailing list
>> QGIS-PSC at lists.osgeo.org
>> https://lists.osgeo.org/mailman/listinfo/qgis-psc
>
> _______________________________________________
> QGIS-PSC mailing list
> QGIS-PSC at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/qgis-psc

-- 

Julien Cabieces
Senior Developer at Oslandia
julien.cabieces at oslandia.com