Hi everybody,
it came to my attention that changes marked "private" on Gerrit are hidden in the UI but easily accessible through gitiles and with "git fetch".
I don't think it matters for most cases, but since we advertised it as being accessible for the owner and individual reviewers, I didn't want to keep things exposed, especially not after there's an announcement that such access is possible (as through this email). Therefore I:
- disabled the "private" CL feature in the Gerrit UI, so you can't mark changes as private - created per-account git bundles[1] of their private CLs. Since I don't want to spam a few hundred users with stuff they might not care about, this is a pull transaction: if you want them, reach out to me. - removed the private commits and references from the coreboot.git repo. You might still see the changes in the UI but that's due to its aggressive caching: The UI actually honors the private flag, so that's not a concern and all other means of accessing commits access the repo and will fail on these now-gone commits.
https://review.coreboot.org/c/coreboot/+/59229 also proposes updating the docs to remove mentions of the "private change" feature.
As an alternative we could also decide to re-enable the feature but with documentation pointing out that there are ways for motivated unauthenticated users to access these commits, which makes them more of a structuring feature (keep things out of sight until they're ready). In that case I could also reinstate the commits I deleted from the repo.
Thoughts?
Best regards, Patrick
Nice catch, Patrick. I used this feature long ago [1], but as the Gerrit guidelines note we can now mark patches as WIP in the UI or just put [DONOTSUBMIT] in the summary line if a patch isn't ready for review. Furthermore, these days it's very easy to set up one's own git repo and access controls using services such as Github, Gitlab, etc.
IMO it's best to keep the feature disabled so that people don't make wrong assumptions.
[1] https://mail.coreboot.org/hyperkitty/list/coreboot@coreboot.org/message/XT25...
On Thu, Nov 11, 2021 at 3:05 PM Patrick Georgi via coreboot < coreboot@coreboot.org> wrote:
Hi everybody,
it came to my attention that changes marked "private" on Gerrit are hidden in the UI but easily accessible through gitiles and with "git fetch".
I don't think it matters for most cases, but since we advertised it as being accessible for the owner and individual reviewers, I didn't want to keep things exposed, especially not after there's an announcement that such access is possible (as through this email). Therefore I:
- disabled the "private" CL feature in the Gerrit UI, so you can't mark
changes as private
- created per-account git bundles[1] of their private CLs. Since I don't
want to spam a few hundred users with stuff they might not care about, this is a pull transaction: if you want them, reach out to me.
- removed the private commits and references from the coreboot.git repo.
You might still see the changes in the UI but that's due to its aggressive caching: The UI actually honors the private flag, so that's not a concern and all other means of accessing commits access the repo and will fail on these now-gone commits.
https://review.coreboot.org/c/coreboot/+/59229 also proposes updating the docs to remove mentions of the "private change" feature.
As an alternative we could also decide to re-enable the feature but with documentation pointing out that there are ways for motivated unauthenticated users to access these commits, which makes them more of a structuring feature (keep things out of sight until they're ready). In that case I could also reinstate the commits I deleted from the repo.
Thoughts?
Best regards, Patrick
[1] https://git-scm.com/docs/git-bundle _______________________________________________ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-leave@coreboot.org
In my experience, marking patches as WIP doesn't really help. I still get reviews and comments for these patches. While I appreciate that, it's also kind of annoying.
The private feature allows me to draft my patches and to get them in a reviewable state without getting interrupted. Same if you want to work with other people on something, which is meant to be public later. Also this way, I don't create spam mails and I don't use the ressources of the build infrastructure unnecessarily.
So I used the private feature a lot. I understand if people don't want this to be enable again, but I rather would like to have this than not. If people really want their patches to be private (for whatever reasons), then they shouldn't upload them anywhere. Or they should use their own repository, maybe on their own git server, where they have full control over the access permissions. In my case, this gives me more possibilities to collaborate with others and this is how I understand it. It's easier to add someone as reviewer than "create a gitlab/github account, pull the repository from there and create a pull request if you want".
However, I think we should rather document that our Gerrit instance isn't the right place for hosting others critical content or actual private patches, that it shouldn't be used for such things and that it's a possibility for structuring and collaboration.
Is it possible to rename the label to something else, so that it doesn't sound so strong anymore? Like "hidden", for example. Or does this need changes in its code?
// Felix
12. November 2021 20:35, "Felix Singer" felixsinger@posteo.net schrieb:
Is it possible to rename the label to something else, so that it doesn't sound so strong anymore? Like "hidden", for example. Or does this need changes in its code?
I was thinking about renaming the feature "hide from UI" or something like that, too. While it likely requires changes to the code, I think it could be argued that this is a candidate for upstream to pick up so that Gerrit doesn't mislead users, no matter the instance.
Patrick
hi Patrick, I will use this Private feature very badly in my daily job, for some critical code. I will create a private CL in gerrit and will build a Coreboot by using jenkins based on other builds by cherry picking this private CL. I am not from a developer background, i just want to know, if there is anyother alternative to this? --sameer.
On Sat, Nov 13, 2021 at 4:51 AM Patrick Georgi via coreboot coreboot@coreboot.org wrote:
- November 2021 20:35, "Felix Singer" felixsinger@posteo.net schrieb:
Is it possible to rename the label to something else, so that it doesn't sound so strong anymore? Like "hidden", for example. Or does this need changes in its code?
I was thinking about renaming the feature "hide from UI" or something like that, too. While it likely requires changes to the code, I think it could be argued that this is a candidate for upstream to pick up so that Gerrit doesn't mislead users, no matter the instance.
Patrick _______________________________________________ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-leave@coreboot.org
Hi Sameer,
hi Patrick, I will use this Private feature very badly in my daily job, for some critical code. I will create a private CL in gerrit and will build a Coreboot by using jenkins based on other builds by cherry picking this private CL. I am not from a developer background, i just want to know, if there is anyother alternative to this? --sameer.
We ended up deciding to keep this feature enabled since others in the community feel it's useful, and have documented it better. Patrick has also reached out to the Gerrit team to see if the name can be changed to not imply confidentiality.
See the Nov. 17 2021 leaderhsip meeting notes for details: https://mail.coreboot.org/hyperkitty/list/coreboot@coreboot.org/message/QOMQ...
Hi David, When this feature will be available in the gerrit? --sameer.
On Tue, Dec 28, 2021, 9:49 PM David Hendricks david.hendricks@gmail.com wrote:
Hi Sameer,
hi Patrick, I will use this Private feature very badly in my daily job, for some critical code. I will create a private CL in gerrit and will build a Coreboot by using jenkins based on other builds by cherry picking this private CL. I am not from a developer background, i just want to know, if there is anyother alternative to this? --sameer.
We ended up deciding to keep this feature enabled since others in the community feel it's useful, and have documented it better. Patrick has also reached out to the Gerrit team to see if the name can be changed to not imply confidentiality.
See the Nov. 17 2021 leaderhsip meeting notes for details:
https://mail.coreboot.org/hyperkitty/list/coreboot@coreboot.org/message/QOMQ...
I don't recall any section of the GPL that mentions 'private' repositories. I'm fairly sure it say's 'you must publish the source code AND any changes'. Did that change at some point?
As it stands the commit that is known to be working with my hardware has just 'disappeared'. Thus making life more than a bit difficult for the best part of 5 years, maybe more. How many people have been making 'private' changes to GPL code?
On 12/11/21 6:04 pm, Patrick Georgi wrote:
- November 2021 03:47, "Keith Emery" k.emery.nbn@internode.on.net schrieb:
Um... It's said feature illegal?
Sorry, but I don't understand what you mean. Could you elaborate?
Regards, Patrick
Your well within your rights not to. I don't believe anyone should be compelled to expend effort for which they are not compensated.
But would anyone else like to explain why this isn't a GPL violation? Because it really seems like it is.
On 12/11/21 8:44 pm, Patrick Georgi wrote:
- November 2021 10:31, "Keith Emery" k.emery.nbn@internode.on.net schrieb:
I'm fairly sure it say's 'you must publish the source code AND any changes'. Did that change at some point?
I'm fairly sure that you don't understand the conditions under which the GPL takes effect. Since I'm not your lawyer, I won't discuss this with you any further.
Yeah - no.
The GPL allows you do keep your modifications private as long as you do not release them in any way. So if these private changes are not released somewhere they do not need to be public.
Chris
Am 12.11.2021 um 11:06 schrieb Keith Emery k.emery.nbn@internode.on.net:
Your well within your rights not to. I don't believe anyone should be compelled to expend effort for which they are not compensated.
But would anyone else like to explain why this isn't a GPL violation? Because it really seems like it is.
On 12/11/21 8:44 pm, Patrick Georgi wrote: 12. November 2021 10:31, "Keith Emery" k.emery.nbn@internode.on.net schrieb:
I'm fairly sure it say's 'you must publish the source code AND any changes'. Did that change at some point?
I'm fairly sure that you don't understand the conditions under which the GPL takes effect. Since I'm not your lawyer, I won't discuss this with you any further.
coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-leave@coreboot.org
Yes, private is a state in between but not a result. I may want to have a "private" commit first before set it to public visible.
Christian Walter christian.walter@9elements.com 于 2021年11月12日周五 下午6:18写道:
Yeah - no.
The GPL allows you do keep your modifications private as long as you do not release them in any way. So if these private changes are not released somewhere they do not need to be public.
Chris
Am 12.11.2021 um 11:06 schrieb Keith Emery <k.emery.nbn@internode.on.net :
Your well within your rights not to. I don't believe anyone should be
compelled to expend effort for which they are not compensated.
But would anyone else like to explain why this isn't a GPL violation?
Because it really seems like it is.
On 12/11/21 8:44 pm, Patrick Georgi wrote: 12. November 2021 10:31, "Keith Emery" k.emery.nbn@internode.on.net
schrieb:
I'm fairly sure it say's 'you must publish the source code AND any
changes'. Did that change at some point?
I'm fairly sure that you don't understand the conditions under which
the GPL takes effect. Since I'm not your lawyer, I won't discuss this with you any further.
coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-leave@coreboot.org
coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-leave@coreboot.org
Since this appears to be blowing up (because we didn't have enough crap this week already, right?), let me respond a bit longer to the list for completeness sake:
12. November 2021 11:05, "Keith Emery" k.emery.nbn@internode.on.net schrieb:
But would anyone else like to explain why this isn't a GPL violation? Because it really seems like it is.
The GPL is no magic fairy that does whatever you feel it should do. It has sufficiently precise meaning to _not_ require a few things, too.
The only "you _must_ distribute source code" requirement in the GPL is for the GPL'd source code that made up a binary you shipped (https://review.coreboot.org/plugins/gitiles/coreboot.git/+/refs/heads/master... [1]) and even that isn't unlimited: - You ship the sources with the binary -> no further responsibility (and especially not towards third parties outside that transaction) - You offer some means to obtain the sources -> must be valid for 3 years after shipping the binary.
coreboot.org doesn't ship binaries of GPL code, so whenever we decide to distribute source code it's because we want to, not because we're obliged to do it. And when we decide not to distribute source code anymore, that's our right.
Patrick
[1] As you see, there wasn't a need to send a copy of the GPLv2 to everybody on the list, we had it already
-
Christian Walter -
David Hendricks -
Felix Singer -
Keith Emery -
Lance Zhao -
Patrick Georgi -
Sameeruddin Shaik