From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 95B85138359 for ; Sat, 7 Nov 2020 09:49:49 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E7F57E07F2; Sat, 7 Nov 2020 09:49:46 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id AC375E07D7 for ; Sat, 7 Nov 2020 09:49:46 +0000 (UTC) From: Agostino Sarubbo To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] A feedback about the CI bug reporting system Date: Sat, 07 Nov 2020 10:49:40 +0100 Message-ID: <2474596.7s5MMGUR32@spectre> In-Reply-To: <467e033f-91fb-724e-3770-efbd2f6e3d47@gentoo.org> References: <2044703.irdbgypaU6@spectre> <467e033f-91fb-724e-3770-efbd2f6e3d47@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Archives-Salt: 512ff631-e1af-40f5-97fd-376db0721496 X-Archives-Hash: 744f83b122fc11702f17d0fc2ed620c2 IN REPLY to Aaron Bauman that didn't keep me CC'ed as requested: >Is this coming from the same individual who would complain when security >bugs were not filled out properly in the summary? So, take a dose of >your own medicine here. People prefer usable reports that allow them to >solve problems. First: we are talking about a different topic, so what happened in security context doesn't matter here. Second: I never complained about summary of security bugs, so since you said: "Keep it on the ML and people will have record." can you tell me where your statement is recorded? >Where was this positive feedback? As you stated on #gentoo-dev today you >don't really participate in the ML... so, I presume the positive feedback >came on IRC. Most of us don't scan those logs to "prove" such things. Keep it >on the ML and people will have record. By positive feedback I mean that the system worked and discovered bugs. >This shouldn't be "ago v toralf" This isn't ago v toralf and it never was unless you misunderstood. > Right now, it looks like that is mostly negative given the ML feedback. I really guess you have a distorted view of reality. >Frankly, if this is anything like your security efforts (re: fuzzing) >then I can understand the concerns people have expressed. >Please, stop with the "automate everything, open many bugs, and move on" >philosophy. It didn't work well in security and it won't work here. >Build a quality solution that makes an impact for the distro. Again, this is something not related of what we are talking about. Fuzzing research have been stopped over 3 years ago so what you're talking about? >ACK. This is the same level of coordination the security team received >when a multitude of bugs were filed once ago discovered fuzzing. Sorry, but I real do not have tracks of what you are talking about. > It was lots of bugs little information, inabilities to reproduce various >crashes, invalid ratings/severity levels, and often a blog that >simply regurgitated the same inaccuracies. Usually I don't partecipate in mailing list because it is a place where other can throw mud on others like this. Little Information? I do not guess so because the provided information were: 1) command to reproduce 2) stacktrace 3) affected version 4) fixed version 5) commit fix 6) reproducer 7) timeline > inabilities to reproduce various crashes If you can't reproduce a crash it is not my fault > Any attempt to ask/coordinate was met with lack of information or simply "see my blog" responses. Do you have a track of this? > The only time interaction occured was when bugs were closed due to invalidity, lack of information, or severity/ratings downgraded. Do you have track of this? In short, please remain on topic, if you have anything to say about other projects, feel free to open a thread where we can do a separate discussion ;) Thanks P.S. I don't know why but instead of seeing a constructive discussion I notice that there is always a bit of contempt about what others do, and this is really bad for an opensource community