Re: Minutes of the GNOME Foundation Board meeting 28 November 2000

[jg pa dec com (Jim Gettys)]

I like the idea  of open CVS commit in principle, but am increasingly 
skeptical that completely open CVS commit will scale as Gnome continues 
to grow.   Don't confuse lack of ACL's from the effect that they have 
had, which, I argue below, is actually tight feedback from bug fixing to
distributions of the fixes.

What matters by far the ***MOST*** is that patches/fixes get applied in 
a very timely fashion, independent of what mechanism is used.  

***It is this timelyness of feedback from bug report to fix available 
  that encourages contribution, in all my experience and observation of 
  a number of projects***.  

Each development style has its tradeoffs, but this observation seems true 
across all successful open source projects.  I see this across Apache, 
the Linux Kernel, Gnome, and XFree86 (now that it has opened up access 
on the read side).

Even with competant engineers and more limited commit policies, things 
go wrong, so I'm not arguing that there is a direct correlation between 
commit policy and outcome.  For example, there was a recent set of commits 
for the sake of IA64 made to XFree86 from someone who did not understand 
that the change was unnecessary, adn would break binary compatibility 
(of course X has run fine on 64 bit Alpha systems since the early 1990's, 
what's more, showing an amazing lack of historical knowledge). But the 
engineer was very competant, to the point of updating the standards 
documents! Thankfully, CVS made it easy to back out this disaster, and 
peer review caught it immediately. There is no substitute for wide immediate 
availability and peer review to catch such problems.  Feedback limited
the damage to a few days tops.

But I think there are two pimary arguments for ACLS:
	o malice and
	o stability

To use a poor analogy, before 1995 we didn't worry about SPAM on the Internet:
now we have to.  Now we have SPAM, and people who deliberately deface
open source web sites (we had a break in on handhelds.org last week, despite
having been pretty careful about security; you wonder why someone would
bother...).
 
But Open Source is growing up, and malice will eventually cause trouble.

Independent of malace, I am most skeptical about stability as you run 
up to releases: it may be that open commit most of the time will work to yet 
signficantly larger scale, but I'm quite dubious that open commit all of the 
time up to date of release will continue to work.  Statistically, this
seems unlikely as the project grows.

At a minimum, I believe we must work to have an ACL mechanism in place, 
as the day, unfortunately, WILL come.  Sigh...

"Think of me as CVS with brains." - L. Torvalds.

				- Jim

> Sender: foundation-list-admin gnome org
> From: Chema Celorio <chema celorio com>
> Date: Thu, 30 Nov 2000 18:15:38 -0600
> To: George <jirka 5z com>
> Cc: Bart Decrem <bart eazel com>, Havoc Pennington <hp redhat com>,
>         Russell Steinthal <rms39 columbia edu>, Daniel Veillard w3 org,
>         foundation-list gnome org
> Subject: Re: Minutes of the GNOME Foundation Board meeting 28 November 2000
> -----
> George wrote:
> > I also think that no ACLs is one of the reasons for GNOME success.  I think
> > trusting people makes those people think more about their actions.  While
> > several times there were some bad things that happened, those can happen
> with
> > ACLs as well, so ACLs do not completely prevent problems, yet they destroy
> > the openness of the gnome cvs.
> >
> > I also think that if we start putting up barriers such as ACLs, it will
> > discourage people from working on GNOME projects.
> 
> I also like the idea of no ACLs. People are aware of the rules
> and they (mostly) follow them. It is always nice to tell someone,
> "looks good, feel free to comit".
> 
>
--
Jim Gettys
Technology and Corporate Development
Compaq Computer Corporation
jg pa dec com