From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id CDC4A158094 for ; Sat, 23 Jul 2022 04:47:45 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D1C52E096D; Sat, 23 Jul 2022 04:47:44 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 81D7AE096D for ; Sat, 23 Jul 2022 04:47:44 +0000 (UTC) Message-ID: Date: Sat, 23 Jul 2022 07:47:21 +0300 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Subject: Re: [gentoo-project] RFC: "Trusted contributor model" Content-Language: en-US To: gentoo-project@lists.gentoo.org References: From: Joonas Niilola In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------FKrdGHiQOpM0m5eaP4IGVjFI" X-Archives-Salt: 4f6a3fac-24b0-43b4-8616-a544ee78e085 X-Archives-Hash: ab514944afca3a947eca77528c0ce75d This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------FKrdGHiQOpM0m5eaP4IGVjFI Content-Type: multipart/mixed; boundary="------------uHK3G8SiWc6yOjZn27JEAxJ2"; protected-headers="v1" From: Joonas Niilola To: gentoo-project@lists.gentoo.org Message-ID: Subject: Re: [gentoo-project] RFC: "Trusted contributor model" References: In-Reply-To: --------------uHK3G8SiWc6yOjZn27JEAxJ2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 22.7.2022 22.53, Roy Bamford wrote: >=20 > Try it and see.=20 > Once access had been granted. Who is responsible for monitoring? > I would expect it to be the dev that usually made the commits but > due to the trust model, more or a random sample basis. Yes, a @gentoo.org person/project is still required to be listed as a maintainer, and they take responsibility. I imagine anyone can ask for the access to be revoked if they see the committing person causing more harm than good, and if there's a conflict between devs then QA can decide. > =20 > Are these trusted contributors devs? > e.g. accounts on Woodpecker, standing/voting in council elections > and so on? No. If my feeling how-to-make-this-work is correct, there's no need to setup an LDAP account for them. >=20 > I'm more on the fence on this one. The mentors job does not stop > when recruitments completes. The mentor is still required to keep a > weather eye on progress for another six months. >=20 > How does the post recruitment mentoring happen with no mentor? > I can see how it works with the subjects in RFQ 1 ... they have=20 > been mentored since they obtained their trusted status but what=20 > about others? > =20 Mentor is _required_ to monitor their mentee _one_ month after recruitment. But I think I get what you mean, there's not that intimate relationship anymore. Even now at least me and gokturk have a habit of giving some general feedback to the new recruit after one month, which requires checking what they've done during that time. But really, #gentoo-dev in general is very helpful and I got to give credit to sam who always seems to be the first one on spot when a new recruit is having some questions. I guess in a way we'd be sharing the "mentoring load" between multiple people instead of focusing one one giving all support. And again, we wouldn't recruit "just anyone" with this method, but the people who've proven they got it. I'm not too worried about this. But remember people, there's no shame in asking before doing something potentially breaking! -- juippis --------------uHK3G8SiWc6yOjZn27JEAxJ2-- --------------FKrdGHiQOpM0m5eaP4IGVjFI Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- iQGTBAEBCgB9FiEEltRJ9L6XRmDQCngHc4OUK43AaWIFAmLbfVlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDk2 RDQ0OUY0QkU5NzQ2NjBEMDBBNzgwNzczODM5NDJCOERDMDY5NjIACgkQc4OUK43A aWLH6Qf/bv57yGcYLAGtDuQt9+HyFTa/xNj4tuWxpViTKmpJZa0daAwAZcoSsIr5 eFMWAwjS7+ALff64LBtaabIwIR9/katiCz3OVFkWJ3gw0g6l6EWXU6wL7l2xvt4x 9gS3z4LLbraAgNsktX4rwj4v3XCjdkxCYwKgVHOJPHGQDYqcTA0Ne2IrPtEGGiDL /unuhzswxOZ7hxZaiXWyDqPFwOnuKbdRkZmke0Cyev0ZCkSgyuyHJeLYt8kXqJJd WcZbvbM7DlQrF2/t7QJPddjeIf9Rwz0S9fua9lj4+giArBIGaPaw1i1Y8fit5QX+ +bhjI+YSWuAcX2nBulRSMI6hWgq9RQ== =cFa8 -----END PGP SIGNATURE----- --------------FKrdGHiQOpM0m5eaP4IGVjFI--