Newsgroups: php.doc,php.internals
Path: news.php.net
Xref: news.php.net php.doc:969387875 php.internals:113851
Return-Path: <george.banyard@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 7161 invoked from network); 29 Mar 2021 12:07:25 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 29 Mar 2021 12:07:25 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 5EA601804B7;
	Mon, 29 Mar 2021 05:04:22 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-Virus: No
X-Envelope-From: <george.banyard@gmail.com>
Received: from mail-ed1-f54.google.com (mail-ed1-f54.google.com [209.85.208.54])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS;
	Mon, 29 Mar 2021 05:04:21 -0700 (PDT)
Received: by mail-ed1-f54.google.com with SMTP id x21so13918112eds.4;
        Mon, 29 Mar 2021 05:04:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=Nn5OneoV9/JuxH80qlG+6UB/nr8Ju4AgqqhGevUor1E=;
        b=iNOz/2LeS7hZyTpsvFz8hQ/fGzUe/iX29RFilxEb9pxBSXfR7cP+RcZBUeghCShR2S
         REU1k8K7vUkckvZl0gvzaSQFtugE7PZscs0EmZC4Kzw0na4h4p//lxjolPMzPMFhQ32X
         mxrzNRteiB8u6w1KnGXt+WguYEOACY/zpansf2wWBauNtjB2ytQQHZYvah9w7rnyvsV4
         2Fi8l4sTRt1GkyHSbe+hbMqICPySHKpS/ktd3xFYDj5SHoimd0u5vppPu4LmtYosMaVh
         ZKgsMM2yGg7QG9Jjkro1WJEU+pHSk+3gNTcFM4/KKJgupBxAZ6m4TzZRp6f+w/2QZF4g
         HZNg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=Nn5OneoV9/JuxH80qlG+6UB/nr8Ju4AgqqhGevUor1E=;
        b=pE4ogeq93n7beZhVKdSQDunPSMhuOwbVz036EmLKbQAMlXRwpetmj6TxamVKdcIa/3
         b31dRmauy2ZbJM3MCqYi8/8A5psZWdzH8cSpHtL4Q2bXvjasBJpXH3G65TOIeU6snSu4
         hcpWaujtbPavZRZSASvb+9MXcn5Yr4BuPgcJK6WuShyb+ZUkkBQm2Jpn6L9QK1AbLQon
         1Fqe18Np5ALCay21S/+7iv4SJAmsRitWtXeU50X5dmwGAeN64PZ/9nmSYwka0ld2dRFA
         cE775GyEnXmBQ1aXPXqnTmZAcWquH/4Ur6MFi2FNDOODLa96fHzZHzYdF26gm7nU5yDV
         92pA==
X-Gm-Message-State: AOAM5319+onzE/KDD/yAHiOAjcZOEmEwikLr5I3wYQaSjpJoASWBnXrf
	iGcXJ0dg/OQB3FRGpkkoZ+raltxqxFKD2u5kGm8=
X-Google-Smtp-Source: ABdhPJydhpXL+zIIsLmu0Xwfpv0AieFTGRUg5j55W8c2G7e1YZwFZtrUs+WePBLduTjd1YcON/U9tQKOuJwJNo4Q4VA=
X-Received: by 2002:a50:fa04:: with SMTP id b4mr28691368edq.293.1617019457462;
 Mon, 29 Mar 2021 05:04:17 -0700 (PDT)
MIME-Version: 1.0
References: <CAF+90c9A6zG-nYzc3NNtWGjN7y5FmwqnYzjq6GSFC5NtRsOT0w@mail.gmail.com>
 <CAGgaK7JywM+aU4YTK3tUr3xjN5746LDoda4SC_=A+msGdWhNyg@mail.gmail.com>
In-Reply-To: <CAGgaK7JywM+aU4YTK3tUr3xjN5746LDoda4SC_=A+msGdWhNyg@mail.gmail.com>
Date: Mon, 29 Mar 2021 13:04:06 +0100
Message-ID: <CAFPFaMJ_qr6oNPkkqyPWfsAMQQaE-igPoEsZj+fMm=kZcQ5tFw@mail.gmail.com>
To: Max Semenik <maxsem.wiki@gmail.com>
Cc: Nikita Popov <nikita.ppv@gmail.com>, PHP internals <internals@lists.php.net>, 
	PHP Doc Mailing List <phpdoc@lists.php.net>
Content-Type: multipart/alternative; boundary="0000000000005b646205beabaeb1"
Subject: Re: [PHP-DEV] Changes to Git commit workflow
From: george.banyard@gmail.com ("G. P. B.")

--0000000000005b646205beabaeb1
Content-Type: text/plain; charset="UTF-8"

On Mon, 29 Mar 2021 at 12:50, Max Semenik <maxsem.wiki@gmail.com> wrote:

> On Mon, Mar 29, 2021 at 1:53 AM Nikita Popov <nikita.ppv@gmail.com> wrote:
>
> > changes should be pushed directly to GitHub rather than to git.php.net.
>
>
> Would it also make sense if direct pushes (bypassing the pull requests
> system) were disallowed completely? I can see multiple problems with direct
> pushes:
>
> 1) Someone trying to sneak in malicious code, like in the current incident
> (rarest but most damaging problem)
> 2) One dev pushes something, another dev disagrees, while the discussion
> continues, the potentially problematic commit stays on. Pre-merge reviews
> are much more natural for discussions.
> 3) Direct push bypasses CI to break tests, PRs can't be merged until the
> cause is identified and resolved (seems to be happening quite often)
>
> In my roughly one year around, I can now recall instances of each of these
> problems in php-src.
>
> --
> Best regards,
> Max Semenik
>

Although I agree that as a general rule many things should go through a PR,
I think making it mandatory is going overboard, there is no need for a PR
when
one does a simple type fix in a document or comment, or trivial
refactorings.
I also don't know how this would interact with bug fixes needing to be
merged
upwards or cherry picks from the security repo which most of us have (and
don't deserve) access to.

Moreover, we have some flaky tests so CI can break for no reason and the
CI matrix for master has a more complex nightly pipeline which does not run
in a PR and thus make certain issues only apparent after the merge.

IMHO making it required that direct pushes need to be signed commits is
a better way forward.

Best regards,

George P. Banyard

--0000000000005b646205beabaeb1--