Final thoughts/votes on Kubuntu Policy

Harald Sitter apachelogger at ubuntu.com
Wed Aug 6 18:05:20 UTC 2014 

On Wed, Aug 6, 2014 at 3:24 PM, Scott Kitterman <ubuntu at kitterman.com> wrote:
> On Wednesday, August 06, 2014 15:05:49 Harald Sitter wrote:
>> On Tue, Aug 5, 2014 at 9:58 PM, Scott Kitterman <ubuntu at kitterman.com>
> wrote:
>> > On Tuesday, August 05, 2014 21:36:24 Harald Sitter wrote:
>> >> On Tue, Aug 5, 2014 at 8:40 PM, Scott Kitterman <ubuntu at kitterman.com>
>> >
>> > wrote:
>> >> > On Tuesday, August 05, 2014 19:55:07 Harald Sitter wrote:
>> >> >> On Tue, Aug 5, 2014 at 7:45 PM, Scott Kitterman <ubuntu at kitterman.com>
>> >> >
>> >> > wrote:
>> >> >> > I, for one,
>> >> >> > think the notion that we won't apply known fixes because upstream is
>> >> >> > non-
>> >> >> > responsive is silly.  I don't intend to be bound by it.
>> >> >>
>> >> >> Where does the fix come from then?
>> >> >
>> >> > Could be defective Python code I figured out by myself (for reference,
>> >> > this
>> >> > exact scenario is why we had an even sort of working displayconfig in
>> >> > hardy - if this policy had been in effect, it would have had to be
>> >> > removed and not replaced since there was no replacement available).
>> >>
>> >> so why did you not pick up maintainership?
>> >
>> > Because it would have needed a full rewrite to work with the then brand
>> > new X stack reliably.  We were going to have a new tool for Intrepid
>> > anyway, so beating it into sort of working was enough for Kubuntu and I'm
>> > certainly not qualified to take on upstream development for all of KDE.
>>
>> Why would you not be qualified? You created a Kubuntu specific fork of
>> the software, so since you were fit to maintain that one I am sure the
>> same would have worked upstream. Seeing as you were able to beat it
>> into working state for Kubuntu it would appear to me that there is
>> nothing that would have prevented you from doing the change upstream
>> and releasing a new tarball. At worse you had to roll a tarball
>> instead of dumping a patch into debian/ (which would then have had
>> up-to-date translations thus possibly not being all that much of a
>> waste of time to begin with), at best 3 other distributions had picked
>> it up and thanks to that ended up with a working display config in
>> their LTS release.
>
> Perhaps.  That would have required some commitment on my part to do work to
> support other distros that I wasn't willing to take on.  Since the X stuff does
> vary from distro to distro, I had (and still have) no idea what of what I was
> doing was Ubuntu specific and what might be generally applicable.

I hear kwin does fine without distribution specific solutions. At any
rate, if a distro had not been able to use it because of compatibility
issues and you were not willing or capable or whatever to resolve it,
that would have been where they needed to make their own decisions on
whether to patch it into working state and hopefully upstream that
patch or not ship it at all or ship the old version or whatever. By
not going out and saying "this here software is unmaintained, I made
it so it works with kubuntu and relased version x.y which is less
shitty than the previous release" you pretty much excluded others from
an option to possibly use it as we cannot expect others to track what
we patch or don't patch (just like we don't track every other distros
patch work). So had another distro needed it worst case they'd have
duplicated the work on their own or be lucky enough to find our patch
through a web search.

>> The reasons why we don't want to condone dead upstream pseudo
>> maintenance patchy nonesense is multifaceted. The fact that distro
>> patchy is selfish towards everyone else is one part of it. Another one
>> is that the patch policy needs a responsible person up the stream to
>> review and approve and possibly merge a patch, with out one the patch
>> policy doesn't allow certain patches at all.
>> Another important side of the argument is that of reliable and
>> balanced quality. No one takes on responsibility for the quality, so
>> we must assume it has excessively shitty quality or is of no use
>> because otherwise someone were to feel the need to stand up and take
>> on maintenance or at the very least care enough to fix startup
>> crashes, data loss, bug triage etc.etc.. And ultimately that leads to
>> the question of whether we should have a piece of software of
>> obviously shitty quality under our wings to begin with considering no
>> one else wants to care about it either.
>
> I generally agree with that, but there are cases where all the alternatives
> were worse.  Shipping without any tool at all to configure a monitor was a non-
> starter.

There pretty much always is an almost equally suitable alternative
(case in point: displayconfig-gtk).

But yeah, let's assume there really is no replacement software
available, and no one is willing to actually do an upstream commit
(which is really a social problem as I am absolutely willing to go on
record that there is next to no overhead when doing things upstream
with no maintainer being there to stand in your way). We have then
failed have we not? Software doesn't go unmaintained and breaks over
night, the new x was expected for at least half a year, displayconfig
was pretty unmaintained for about a year. Somewhere along the line
someone could have gone 'I think we have a problem', and poked
upstream KDE (as indicated in the poking KDE bit of dead upstreams) to
get advise on what to do or maybe even a fix. So, had we been forced
to ship without a display configuration tool it would have been a
defeat no doubt about that, at the same time it would have been a very
honest taking of responsibility for our failure in realizing that
there is a problem coming our way.

Sweeping things under the rug doesn't do anything but (possibly) make
ourselves feel good about "having made it". It doesn't help motivate
someone to write a replacement software. It doesn't communicate to the
user that any and all bug reports they file against this beast will
not be answered (unless maybe if it sounds very bad and was mentioned
numerous times on IRC). It doesn't help any of the other distributions
that might face pretty much the same problem maybe now or maybe in 3
months. There is quite simply no benefit to be had from distro
patching severe bitrot bugs in software where you can't even upstream
the fixbecause there is no one there to upstream to.

>> All that being said, perhaps the policy ought to be amended to say
>> that instead of having the package removed from the archive it must
>> not be on our ISOs and Kubuntu should not be the maintainer. At the
>> end of the day what someone does because they want to is their own
>> business. So, if someone feels like foobar should be in the archive
>> and that they feel up to the task of keeping it not broken that's
>> their choice to make and execute. Even if it then reflects badly on
>> Kubuntu and Ubuntu at large if a user installs that software and finds
>> it to be unusable for whatever reason. There is not much one can do
>> about that, and this is a global problem to some extent anyway.
>
> That's true.  It's definitely beyond the scope of what Kubuntu policy could
> mandate to insist on packages being removed from the archive if someone did
> not want them removed.  That said, we still have the situation where the
> unmaintained crap we have is better than the alternatives available.

Truth be told the reason it says 'remove' is primarily focused on
software we introduced and only we used, as to prevent low quality
nonesense no one wants anymore from lingering around (as has been the
case in the past, although I fail to remember a precise example, we
are usually good at getting undesired things nuked within a cycle). So
perhaps the amendment should be:

remove package
 if it is entirely broken as per general viabilithy assesment
 OR deemed a suitable resolution by the developer noticing it has a
dead upstream
   AND no one objects on mailing list to removal <<< additional
requirement to removal by choice

 AND if only we use <<< additional requirement to removal in general

 (otherwise retain; close bugs; create this-thing-be-unmaintained bug)

>> But, we as creators of Kubuntu however should not support selfish
>> life-support patching for the software we use to build our product on.
>> It does not benefit anyone to drag along broken unreliable software.
>> Giving it the boot on the other hand does not only free up resources
>> better spent elsewhere, it also makes people moan and whine about this
>> super important application that is now gone and this makes it all the
>> more likely that someone steps up and does what needs to be done to
>> make it a super awesome piece of software again.
>
> If someone had told me when I started fixing displayconfig that I could only do
> it as upstream and I couldn't upload changes to Ubuntu, then I wouldn't have
> bothered.  While I think what you are suggesting is generally correct, there
> are specific cases where it doesn't apply.  As written, it's too hard line.

|
v

>> The present policy is already given a lot of leeway to make sure the
>> user doesn't need to suffer unless there really is no other way. But
>> the must-not-be-patched thing is really not something that can be
>> changed or removed IMO. If patching maintained software is
>> semi-forking then patching unmaintained software that is entirely
>> broken as per the presented check list is a definite fork because the
>> patched version is then the only working version and thus the defacto
>> source to be used.
>
> OK.  I don't see the leeway.  Must be removed is pretty clearly one thing.

^ hard line and leeway. The original draft actually suggested to not
ship or retain unmaintained software at all, which is the logical
result of saying that unmaintained software must not be introduced as
a completely new package. If you cannot introduce new software that is
known to be unmaintained, it'd be a double standard to say that
unmaintained software can be knowingly kept around until it falls prey
to bitrot. So as writer of the original draft I can honestly say that
the presented version is really very liberal ;)

I do realize that it is a really drastic policy still. And it is
intentionally that way, just like the patch policy. Offering software
we cannot ensure isn't crap isn't exactly something that reflects good
on us, the product, the ubuntu community or kde.

>> So, your concern is that this sort of short term workaround isn't
>> possible with the presented policy, but really it is. Instead of
>> making a distro patch you would commit your bandaid solution upstream,
>> release a new tarball. By doing that you are making your work easily
>> available to others and improve the quality of the upstream product.
>> You'd then be a maintainer (of sorts). Other distros as well as our
>> guys might have additional tweaks so they run it by you (for example
>> as per our patch policy) and maybe after 3 months you roll a new
>> tarball and official declare displayconfig is now to be considered
>> rubbishware and one should use xyreplacement going forward.
>> Instead of making other distros run circles around kubuntu packaging
>> to find the relevant patch and then somehow try to keep an eye on it
>> in case some other kubuntu dev improves on it, the very same thing has
>> been published upstream and everyone knows how and has tech to watch
>> upstream for cahnges and how to deal with upstream and even how to
>> roll a simple tarball from upstream including translations and whatnot
>> (e.g. the releaseme framework).
>
> Commit upstream is great for people with upstream commit rights.  For distro
> packagers like me, it's a whole mess of bureaucracy that's a lot of work.
> Slightly similarly, I noticed an obvious error in the last kapidox release.  I
> fixed it (patch) and pinged the maintainer on IRC.  I think that's enough.

Getting upstream commit rights requires: someone to confirm that you
won't break everything. The bureaucracy involved is filing a request
with the sysadmins who will ask the person to confirm your
not-screwuppery. All of this is usually done in <24hrs.

Getting a patch proxy-committed: at best it's ask a person; at worst
it's filing a review and defending the code in review.

For someone used to our level of bureacracy all of this ^ is like #lawelessland.

>> There does not appear to be anything wrong with sharing one's
>> accomplishments.
>
> There's nothing wrong with it.  It may be more trouble than it's worth in some
> cases.

I am sure the potential 30 other packagers who might need the patch as
well would disagree.


On a related note I actually traveled back in time and looked at displayconfig.
Last actual upstream release was early 07-2007, since then JR did
upstream bugfixes and pulled svn snapshots (which is a problem to be
dealt with another time ;)). So it actually wouldn't be considered a
dead upstream as per the poke upstream exception for kde projects
(collective ownership -> collective responsibility -> chances are
someone will find it in their heart to unbreak a broken and
unmaintained piece of KDE software).

I will also say that since it was kde3 software it is a really bad
example to begin with because it came out of the dark ages when we
used to patch everything and the kitchen sink. What was it? Some 100
or 150 patches in kdebase alone? ;)

HS

More information about the kubuntu-devel mailing list