8477d0c463
I waited a long time, to wait and see how things would pan out. It turns out obvious problems can't be dealt with, in an appropriate timing and manner. Thanks to one individual, backed by a possee of previously banned individuals, and additional perma-banned individuals did it. Thanks to all of you, I am quitting NixOS. The continuous concern trolling, the continuous bigotted discussions, the continued hostile tone, the actions made despite the numerous times you were told to do better. The constant FUD. The constant waste of time. It's not a single event. It is a pattern. I do not think that this situation can be salvaged anymore. Systemic issue in the lack of governance enabled this. While some will put the fault entirely on the shoulders of the organization, I will say that they share the blame, but the bullying and pressure from the individuals ***who fully understand what they are doing*** is what did it. Couple that with the structural inability for action by the moderation team being abused by those bad actors, and you have a recipe for alienating and burning-out the leftover important contributors. Let it be written here that I have discussed with organization members and moderation team members about the continued behaviour of casting FUD on the community by this individual. This was done this individual's ban. It happened in what was (and still) tacitly agreed toe be a NixOS community place, the subreddit. Probably elsewhere too. Nothing was done, no mention of re-considering the duration of the ban, and as far as I know, not even some discussion about how continuing the behaviour that was the reason for being banned is unwelcome. His name is jonringer (Jonathan Ringer). What made me snap? Not long after the ban being lifted, this individual continued with weird persecution plots and conspiracy theories casting doubts on the legitimacy of the moderation team's actions. - https://github.com/NixOS/rfcs/pull/175 And in the least self-aware way possible, continued this discourse of persecution and conspiracies, again casting FUD and divisiveness when asking for what, with a reasonable person, would have a formality. See the original comment contents. - https://github.com/NixOS/nixpkgs/issues/50105#issuecomment-2179462978 This continued into the same behaviour that brought up the initial warnings and ban, on the unmoderated community-adjacent subreddit. - https://old.reddit.com/r/NixOS/comments/1djuxpx/drama_will_jonringers_commit_bit_be_restored/ https://archive.is/sCJJw This continued onto the discourse into the same behaviour that brought up the initial warnings and ban. - https://discourse.nixos.org/t/should-jonringer-get-his-commit-bit-back/47267/46 The absolute insolence, consistently twisting the words I wrote to fit in his imagined narrative, took me over the edge. Then the moderator decision to *increase the time-out delay* to twelve hours, which at one hour was already causing the bad behaviour of mass-dumping information into single messages, meant there was no way for me to correct the facts and act in this manner without relitigating elsewhere gave me the time and energy to do it. That's it. The behaviour of this person. No political beliefs (I still don't know what they are). No employer (while I know and hate it, it is what it is). No plot form some shadow bagel trying to somehow do... Only jon knows what it would do... No take-over plot... Only the unacceptable behaviour, or character if you will, of that person. Someone who from the start always had an equal opportunity to participate, regardless of his attributes. This person should have been accountable for his actions, but couldn't understand it. This was not helped by their posse harrassing me personally, on top of all that. In other words, the organization and community is not tooled to protect its valued members. ***So I am quitting with prejudice.*** Even though I helped build the NixOS project for over seven years, helped the community be the best it could in the IRC times, helped direct some of the community decisions. I did not want to leave this community, because this is not only my home, but I built it with collaborators who cared. It seems like there is no one who cares left anymore. And I was pushed out against my best efforts. Mostly thankless to the end. — samueldr Signed-off-by: Samuel Dionne-Riel <samuel@dionne-riel.com> |
||
|---|---|---|
| .. | ||
| scripts | ||
| maintainer-list.nix | ||
| README.md | ||
| team-list.nix | ||
Nixpkgs Maintainers
Unlike other packaging ecosystems, the maintainer doesn't have exclusive control over the packages and modules they maintain. This more fluid approach is one reason why we scale to so many packages.
Definition and role of the maintainer
The main responsibility of a maintainer is to keep the packages they maintain in a functioning state, and keep up with updates. In order to do that, they are empowered to make decisions over the packages they maintain.
That being said, the maintainer is not alone proposing changes to the packages. Anybody (both bots and humans) can send PRs to bump or tweak the package.
We also allow other non-maintainer committers to merge changes to the package, provided enough time and priority has been given to the maintainer.
For most packages, we expect committers to wait at least a week before merging changes not endorsed by a package maintainer (which may be themselves). This should leave enough time for the maintainers to provide feedback.
For critical packages, this convention needs to be negotiated with the
maintainer. A critical package is one that causes mass-rebuild, or where an
author is listed in the CODEOWNERS file.
In case of critical security updates, the security team might override these heuristics in order to get the fixes in as fast as possible.
In case of conflict, the maintainer takes priority and is allowed to revert the changes. This can happen for example if the maintainer was on holiday.
How to become a maintainer
We encourage people who care about a package to assign themselves as a maintainer. Commit access to the Nixpkgs repository is not required for that.
In order to do so, add yourself to the
maintainer-list.nix, and then to the desired
package's meta.maintainers list, and send a PR with the changes.
How to lose maintainer status
Maintainers who have become inactive on a given package can be removed. This helps us keep an accurate view of the state of maintenance in Nixpkgs.
The inactivity measure is currently not strictly enforced. We would typically look at it if we notice that the author hasn't reacted to package-related notifications for more than 3 months.
Removing the maintainer happens by making a PR on the package, adding that person as a reviewer, and then waiting a week for a reaction.
The maintainer is welcome to come back at any time.
Tools for maintainers
When a pull request is made against a package, OfBorg will notify the appropriate maintainer(s).
Reviewing contributions
Individual maintainer list
When adding users to maintainer-list.nix, the following
checks should be performed:
-
If the user has specified a GPG key, verify that the commit is signed by their key.
First, validate that the commit adding the maintainer is signed by the key the maintainer listed. Check out the pull request and compare its signing key with the listed key in the commit.
If the commit is not signed or it is signed by a different user, ask them to either recommit using that key or to remove their key information.
Given a maintainer entry like this:
{ example = { email = "user@example.com"; name = "Example User"; keys = [{ fingerprint = "0000 0000 2A70 6423 0AED 3C11 F04F 7A19 AAA6 3AFE"; }]; }; }First receive their key from a keyserver:
$ gpg --recv-keys 0xF04F7A19AAA63AFE gpg: key 0xF04F7A19AAA63AFE: public key "Example <user@example.com>" imported gpg: Total number processed: 1 gpg: imported: 1Then check the commit is signed by that key:
$ git log --show-signature commit b87862a4f7d32319b1de428adb6cdbdd3a960153 gpg: Signature made Wed Mar 12 13:32:24 2003 +0000 gpg: using RSA key 000000002A7064230AED3C11F04F7A19AAA63AFE gpg: Good signature from "Example User <user@example.com> Author: Example User <user@example.com> Date: Wed Mar 12 13:32:24 2003 +0000 maintainers: adding exampleand validate that there is a
Good signatureand the printed key matches the user's submitted key.Note: GitHub's "Verified" label does not display the user's full key fingerprint, and should not be used for validating the key matches.
-
If the user has specified a
githubaccount name, ensure they have also specified agithubIdand verify the two match.Maintainer entries that include a
githubfield must also include theirgithubId. People can and do change their GitHub name frequently, and the ID is used as the official and stable identity of the maintainer.Given a maintainer entry like this:
{ example = { email = "user@example.com"; name = "Example User"; github = "ghost"; githubId = 10137; }; }First, make sure that the listed GitHub handle matches the author of the commit.
Then, visit the URL
https://api.github.com/users/ghostand validate that theidfield matches the providedgithubId.
Maintainer teams
Feel free to create a new maintainer team in team-list.nix
when a group is collectively responsible for a collection of packages.
Use taste and personal judgement when deciding if a team is warranted.
Teams are allowed to define their own rules about membership.
For example, some teams will represent a business or other group which wants to carefully track its members. Other teams may be very open about who can join, and allow anybody to participate.
When reviewing changes to a team, read the team's scope and the context around the member list for indications about the team's membership policy.
In any case, request reviews from the existing team members. If the team lists no specific membership policy, feel free to merge changes to the team after giving the existing members a few days to respond.
Important: If a team says it is a closed group, do not merge additions to the team without an approval by at least one existing member.
Maintainer scripts
Various utility scripts, which are mainly useful for nixpkgs maintainers,
are available under ./scripts/. See its README
for further information.