On 6 Nov 2022, at 08:15, Michał Górny <mgorny@gentoo.org> wrote:

Hi, everyone.

Arch testing's relying on automation a lot these days. Not saying
that's bad, if it improves the state of affairs. However, I have some concerns, based on what I've seen lately.

Thanks for starting this discussion, I think others have felt this way too.

On top of that, it seems that most of it still relies on proprietary
software and we have no clue how *exactly* it works, and it's really,
really hard to get a straight answer.

arthurzam, jsmolic, and I are using https://github.com/arthurzam/tattoo.

So, my questions are:

1. Is "runtime testing required" field being respected? Obviously not
every package can be (sufficiently) tested via FEATURES=test, so we've
added that fields. However, if arch testers just ignore it and push
things stable based on pure build testing...

Not right now. We discussed it on #gentoo-dev maybe 2 months ago
or so but concluded we needed nattka support to fix up our automation.

That had two parts:
1. https://github.com/projg2/nattka/issues/72 & https://github.com/projg2/nattka/pull/73 (done)
2. https://github.com/arthurzam/tattoo/issues/1 (not done)

2. How are kernels being tested? Given the speed with which new gentoo- sources stablereqs are handled, I really feel like "arch testing" there
means "checking if sources install", and have little to do with working kernels.

I usually blacklist gentoo-sources because I can't actually test it, or
if I do stable it, I've tried to run them for real.

For gentoo-kernel, I run src_test.

3. How does the automation handle packages that aren't trivially
installable? I recall that in the past stablereqs were stalled for
months without a single comment because automation couldn't figure out
how to proceed, and nobody bothered reporting a problem.

It doesn't, really. I think at the very least we need to try do world
upgrades after adding the package list to package.accept_keywords,
as stuff like LLVM and GNOME bugs won't work without it (blockers etc).

Best,
sam

-----BEGIN PGP SIGNATURE-----

iNUEARYKAH0WIQQlpruI3Zt2TGtVQcJzhAn1IN+RkAUCY2dxs18UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MjVB NkJCODhERDlCNzY0QzZCNTU0MUMyNzM4NDA5RjUyMERGOTE5MAAKCRBzhAn1IN+R kJYmAP987P+DaPbxtmZgXFQXF2vldi+vqrYkgQB0F57/dYXLBQD/bNak8JIVfhLB 4//1XbJSbpZ8vmyCA08pslHmhXlfHAI=
=xvUk
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi, everyone.

Arch testing's relying on automation a lot these days. Not saying
that's bad, if it improves the state of affairs. However, I have some concerns, based on what I've seen lately.

On top of that, it seems that most of it still relies on proprietary
software and we have no clue how *exactly* it works, and it's really,
really hard to get a straight answer.

So, my questions are:

1. Is "runtime testing required" field being respected? Obviously not
every package can be (sufficiently) tested via FEATURES=test, so we've
added that fields. However, if arch testers just ignore it and push
things stable based on pure build testing...

2. How are kernels being tested? Given the speed with which new gentoo- sources stablereqs are handled, I really feel like "arch testing" there
means "checking if sources install", and have little to do with working kernels.

3. How does the automation handle packages that aren't trivially
installable? I recall that in the past stablereqs were stalled for
months without a single comment because automation couldn't figure out
how to proceed, and nobody bothered reporting a problem.

--
Best regards,
Michał Górny

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

On 06/11/2022 09.15, Michał Górny wrote:

On top of that, it seems that most of it still relies on proprietary
software and we have no clue how*exactly* it works, and it's really,
really hard to get a straight answer.

I never understood how it become socially acceptable in open source
project that Gentoo is that one of the important automation that does tinderboxing is closed source and gate kept, meaning no one can on their
own reproduce the failures, which is utterly annoying when your normal
testing just works, yet their testing methodology is a secret.

I would be in favour of stepping up the social contract and actually prohibiting this kind of things, we had that before too, the nattka you
mgorny wrote is replacement for old bugzilla bot that was ...
closedsource and perished, though nattka now have way more features than
the old thing ever had.

-- Piotr.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, Nov 06, 2022 at 09:15:40AM +0100, Michał Górny wrote:

Hi, everyone.

Arch testing's relying on automation a lot these days. Not saying
that's bad, if it improves the state of affairs. However, I have some concerns, based on what I've seen lately.

On top of that, it seems that most of it still relies on proprietary
software and we have no clue how *exactly* it works, and it's really,
really hard to get a straight answer.

As far as I can tell, there's ONE person relying completely on a
proprietary arch testing system.

Ago, could you comment on this? What's blocking you from open sourcing
your software?

I'll also point out that you removed the Github repository that you
used to tell people to report issues with your CI at, while there were
several outstanding issues. Why? I have two (of three) issue titles in
my browser history, but as I recall you never touched them:

2. Release source code
3. More information on the bug

[1] https://github.com/asarubbo/ci

So, my questions are:

1. Is "runtime testing required" field being respected? Obviously not
every package can be (sufficiently) tested via FEATURES=test, so we've
added that fields. However, if arch testers just ignore it and push
things stable based on pure build testing...

2. How are kernels being tested? Given the speed with which new gentoo- sources stablereqs are handled, I really feel like "arch testing" there
means "checking if sources install", and have little to do with working kernels.

3. How does the automation handle packages that aren't trivially
installable? I recall that in the past stablereqs were stalled for
months without a single comment because automation couldn't figure out
how to proceed, and nobody bothered reporting a problem.

--
Best regards,
Michał Górny

-----BEGIN PGP SIGNATURE-----

iHUEABYKAB0WIQQyG9yfCrmO0LPSdG2gXq2+aa/JtQUCY2e2SwAKCRCgXq2+aa/J tdLBAQCMryqvuZwQrQ9oHWoQNh3fD8dCBIDjHixNLjEEIK5wWgEAinilpJuhYn5h sPwvbhS8NEY3orbcqLtJanMCTgTAIQk=
=EGOO
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is a multi-part message in MIME format.

On domenica 6 novembre 2022 09:15:40 CET Michał Górny wrote:

On top of that, it seems that most of it still relies on proprietary
software and we have no clue how *exactly* it works, and it's really,
really hard to get a straight answer.

I'm speaking for myself. I still use getatoms.py to fetch 'doable' stablereqs (it is on my todo
to switch to nattka). And I have a script the *simply* does emerge over the list of the
packages.
There is nothing obscure in it.

So, my questions are:

1. Is "runtime testing required" field being respected? Obviously not
every package can be (sufficiently) tested via FEATURES=test, so we've
added that fields. However, if arch testers just ignore it and push
things stable based on pure build testing...

sam already provided the right answer. In addition, when we introduced runtime_testing
and package_list fields we requested support in pybugz:

https://github.com/williamh/pybugz/issues/105[1]

There is no trace (into the github ticket) about runtime testing field because I discussed/
requested over irc.

2. How are kernels being tested? Given the speed with which new gentoo- sources stablereqs are handled, I really feel like "arch testing" there
means "checking if sources install", and have little to do with working kernels.

For amd64, I boot into the new kernel to verify that at least it boots. For other 'exotic'
arches, since there is a lack of hardware, the rule was to verify that at least it builds (install
if we want to use the right word).
If you think that build only is not appropriate, I can skip kernel stablereqs.

3. How does the automation handle packages that aren't trivially
installable? I recall that in the past stablereqs were stalled for
months without a single comment because automation couldn't figure out
how to proceed, and nobody bothered reporting a problem.

I skip them from automation and from time to time I handle it manually.


Agostino



--------
[1] https://github.com/williamh/pybugz/issues/105

<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">On domenica 6 novembre 2022 09:15:40 CET Michał Górny wrote:</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; On top of that, it seems that most of it still relies on proprietary</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; software and we have no clue how *exactly* it works, and it's really,</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; really hard to get a straight answer.</p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">I'm speaking for myself. I still use getatoms.py to fetch 'doable' stablereqs (it is on my todo to switch to nattka). And I have a script the *simply* does emerge over the list
of the packages.</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">There is nothing obscure in it.</p>
<br /><br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; So, my questions are:</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; </p> <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; 1. Is &quot;runtime testing required&quot; field being respected?&nbsp; Obviously not</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; every package can be (sufficiently) tested via FEATURES=test, so we've</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; added that fields.&nbsp; However, if arch testers just ignore it and push</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; things stable based on pure build testing...</p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">sam already provided the right answer. In addition, when we introduced runtime_testing and package_list fields we requested support in pybugz:</p>
<p>&nbsp;<a href="https://github.com/williamh/pybugz/issues/105">https://github.com/williamh/pybugz/issues/105</a></p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">There is no trace (into the github ticket) about runtime testing field because I discussed/requested over irc.</p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; 2. How are kernels being tested?&nbsp; Given the speed with which new gentoo-</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; sources stablereqs are handled, I really feel like &quot;arch testing&quot; there</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; means &quot;checking if sources install&quot;, and have little to do with working</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; kernels.</p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">For amd64, I boot into the new kernel to verify that at least it boots. For other 'exotic' arches, since there is a lack of hardware, the rule was to verify that at least it
builds (install if we want to use the right word).</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">If you think that build only is not appropriate, I can skip kernel stablereqs.</p>
<br /><br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; 3. How does the automation handle packages that aren't trivially</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; installable?&nbsp; I recall that in the past stablereqs were stalled for</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; months without a single comment because automation couldn't figure out</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; how to proceed, and nobody bothered reporting a problem.</p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">I skip them from automation and from time to time I handle it manually.</p>
<br /><br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">Agostino</p>
<br /><br /></body>
</html>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is a multi-part message in MIME format.

On domenica 6 novembre 2022 14:27:40 CET John Helmert III wrote:

As far as I can tell, there's ONE person relying completely on a
proprietary arch testing system.

Ago, could you comment on this? What's blocking you from open sourcing
your software?

Hi,

I already answered in the previous post:

"I still use getatoms.py to fetch 'doable' stablereqs (it is on my todo
to switch to nattka). And I have a script the **simply** does emerge over the list of
the packages. There is nothing obscure in it."

I'm working in arch testing since 2009. In the past I relied on scripts done by someone else
and every time there was an issue I got no response.
At a certain point I decided to make my own script in language I know so I can edit it when
is needed.


Since few years we allow self stabilization from maintainer. Do we know how and with
what they test? No because it is not required.
The requirement for test is that the package you are testing works as expected.

https://wiki.gentoo.org/wiki/Project:AMD64_Arch_Testers#Arch_tester.27s_policy[1]

Agostino

--------
[1] https://wiki.gentoo.org/wiki/Project:AMD64_Arch_Testers#Arch_tester.27s_policy

<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">On domenica 6 novembre 2022 14:27:40 CET John Helmert III wrote:</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; As far as I can tell, there's ONE person relying completely on a</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; proprietary arch testing system.</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; </p> <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; Ago, could you comment on this? What's blocking you from open sourcing</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; your software?</p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">Hi,</p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">I already answered in the previous post:</p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&quot;<span style="color:#d4d2cf;"><span style="font-family:Hack;">I still use getatoms.py to fetch 'doable' stablereqs (it is on my todo </span></span></p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;"><span style="color:#d4d2cf;"><span style="background-color:#201f1f;">to switch to nattka). And I have a script the</span> <strong>*simply*</strong> does emerge over the list of the <
span style="background-color:#201f1f;">packages. There is nothing obscure in it.&quot;</span></span></p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">I'm working in arch testing since 2009. In the past I relied on scripts done by someone else and every time there was an issue I got no response.</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">At a certain point I decided to make my own script in language I know so I can edit it when is needed.</p>
<br /><br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">Since few years we allow self stabilization from maintainer. Do we know how and with what they test? No because it is not required.</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">The requirement for test is that the package you are testing works as expected.</p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;"><a href="https://wiki.gentoo.org/wiki/Project:AMD64_Arch_Testers#Arch_tester.27s_policy">https://wiki.gentoo.org/wiki/Project:AMD64_Arch_Testers#Arch_tester.27s_policy</a></p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">Agostino</p>
</body>
</html>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, Nov 06, 2022 at 08:03:16PM +0100, Agostino Sarubbo wrote:

On domenica 6 novembre 2022 14:27:40 CET John Helmert III wrote:

As far as I can tell, there's ONE person relying completely on a proprietary arch testing system.

Ago, could you comment on this? What's blocking you from open sourcing
your software?

Hi,

I already answered in the previous post:

"I still use getatoms.py to fetch 'doable' stablereqs (it is on my todo
to switch to nattka). And I have a script the **simply** does emerge over the list of
the packages. There is nothing obscure in it."

I'm working in arch testing since 2009. In the past I relied on scripts done by someone else
and every time there was an issue I got no response.

And so you force that frustration on everyone else? Why?

At a certain point I decided to make my own script in language I know so I can edit it when
is needed.

None of this blocks you from open sourcing it. Is your reason for not open-sourcing your automation really that "There is nothing obscure in
it"?

You also ignored my other question:

"I'll also point out that you removed the Github repository that you
used to tell people to report issues with your CI at, while there were
several outstanding issues. Why?"

Since few years we allow self stabilization from maintainer. Do we know how and with
what they test? No because it is not required.
The requirement for test is that the package you are testing works as expected.

https://wiki.gentoo.org/wiki/Project:AMD64_Arch_Testers#Arch_tester.27s_policy[1]

Agostino

--------
[1] https://wiki.gentoo.org/wiki/Project:AMD64_Arch_Testers#Arch_tester.27s_policy

-----BEGIN PGP SIGNATURE-----

iHUEABYKAB0WIQQyG9yfCrmO0LPSdG2gXq2+aa/JtQUCY2gH0AAKCRCgXq2+aa/J tSu/AQD742IbMripsz+uI/2ysJCisLrN4c0bP4Hs1SBcaWtQHAD9GgJi66HQnvzQ DveoaO7GV0AY8tuPv1T3+TjhFIZMIwk=
=vaRt
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, Nov 06, 2022 at 11:37:24 +0100, Piotr Karbowski wrote:

I would be in favour of stepping up the social contract and actually prohibiting this kind of things, we had that before too, the nattka you mgorny wrote is replacement for old bugzilla bot that was ...
closedsource and perished, though nattka now have way more features than
the old thing ever had.

As a user, I think it would be really cool if there was a requirement
that all infra and infra-adjacent stuff was free software.

I feel like I've read that Debian already has something like this. While
doing some quick searches I didn't find a full-on requirement, but all
their infra bits I did find were powered by free software. The most
relevant ones being buildd [1] and debci [2]. Additionally, the debci
docs has inctructions on reproducing tests yourself [3] which is a nice
extra IMO.

[1] https://buildd.debian.org
[2] https://ci.debian.net
[3] https://ci.debian.net/doc/file.MAINTAINERS.html

- Oskari

-----BEGIN PGP SIGNATURE-----

iHUEABYIAB0WIQQfOU+JeXjo4uxN6vCp8he9GGIfEQUCY2igkAAKCRCp8he9GGIf EdTHAP4y3HcC9nBdFU9eYK4VsAkLirJn7iO9orU6HzR+A7SjzwEArB5QZf0xN1fS dQoqpKDv1rqIedOzzeHU3TX5Twn6qQM=
=ynw7
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------sZNK0FOb5dTa49nDUYtnv9lu
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 7.11.2022 8.07, Oskari Pirhonen wrote:

On Sun, Nov 06, 2022 at 11:37:24 +0100, Piotr Karbowski wrote:

I would be in favour of stepping up the social contract and actually
prohibiting this kind of things, we had that before too, the nattka you
mgorny wrote is replacement for old bugzilla bot that was ...
closedsource and perished, though nattka now have way more features than
the old thing ever had.

As a user, I think it would be really cool if there was a requirement
that all infra and infra-adjacent stuff was free software.

I feel like I've read that Debian already has something like this. While doing some quick searches I didn't find a full-on requirement, but all
their infra bits I did find were powered by free software. The most
relevant ones being buildd [1] and debci [2]. Additionally, the debci
docs has inctructions on reproducing tests yourself [3] which is a nice
extra IMO.

[1] https://buildd.debian.org
[2] https://ci.debian.net
[3] https://ci.debian.net/doc/file.MAINTAINERS.html

- Oskari

I _believe_ ago's tinderbox isn't being paid by the GF _anymore_ due to
this reason, but he keeps it running with his own expenses. I don't mind
this as long as the results are desirable and not phony. I still see a
lot of value in most of ago's work.

It is unfortunate we don't get to see the engine behind and copy it,
since I'd be really interested in using his automated bug search /
report tool. Even tattoo (https://github.com/arthurzam/tattoo) lacks
that at the moment.

-- juippis

--------------sZNK0FOb5dTa49nDUYtnv9lu--

-----BEGIN PGP SIGNATURE-----

iQGTBAEBCgB9FiEEltRJ9L6XRmDQCngHc4OUK43AaWIFAmNopQdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDk2 RDQ0OUY0QkU5NzQ2NjBEMDBBNzgwNzczODM5NDJCOERDMDY5NjIACgkQc4OUK43A aWJNDgf+KSkdHPT70O9jOYLHvuqeoVozucW+xO119NioObYmK2fe+Mf9uGcOzfG+ 4TdqTZPMcdQQ9trZpTmy2+o4Ei3FrFcQsLFHDSUFEv1ATMm9KfGsmmq8cQ4EDRdq aosZYu6vP5xd6IVPslThOI48X6pgDtYL3Joeevbv+un4DUgclgzxKz1mRNNsXXZC Jr48Eg0Lsya1wAl2FIu1LfTkFJ5RN2XT1qUUvWi2ibqbImZujSNqJcNo8IMrS+KN bVfTW4JX2luVhPIzaSMOM7mbwu4+Sxj4SseXPkDK1h3IXh4u/2a9JglmGMfkiQZ9 5ocBxun/YJAQLQlCawhs9YmtBdFojQ==
=A00/
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, Nov 07, 2022 at 08:26:15AM +0200, Joonas Niilola wrote:

On 7.11.2022 8.07, Oskari Pirhonen wrote:

On Sun, Nov 06, 2022 at 11:37:24 +0100, Piotr Karbowski wrote:

I would be in favour of stepping up the social contract and actually
prohibiting this kind of things, we had that before too, the nattka you >> mgorny wrote is replacement for old bugzilla bot that was ...
closedsource and perished, though nattka now have way more features than >> the old thing ever had.

As a user, I think it would be really cool if there was a requirement
that all infra and infra-adjacent stuff was free software.

I feel like I've read that Debian already has something like this. While doing some quick searches I didn't find a full-on requirement, but all their infra bits I did find were powered by free software. The most relevant ones being buildd [1] and debci [2]. Additionally, the debci
docs has inctructions on reproducing tests yourself [3] which is a nice extra IMO.

[1] https://buildd.debian.org
[2] https://ci.debian.net
[3] https://ci.debian.net/doc/file.MAINTAINERS.html

- Oskari

I _believe_ ago's tinderbox isn't being paid by the GF _anymore_ due to
this reason, but he keeps it running with his own expenses. I don't mind
this as long as the results are desirable and not phony. I still see a
lot of value in most of ago's work.

He's not using infra's AWS resources anymore, but he's still using the devbox.amd64.dev.gentoo.org VM.

It is unfortunate we don't get to see the engine behind and copy it,
since I'd be really interested in using his automated bug search /
report tool. Even tattoo (https://github.com/arthurzam/tattoo) lacks
that at the moment.

-- juippis

-----BEGIN PGP SIGNATURE-----

iHUEABYKAB0WIQQyG9yfCrmO0LPSdG2gXq2+aa/JtQUCY2kgigAKCRCgXq2+aa/J tW47AQDZEnXIVq+TZjDJr2bdOL0LXKi8ZpT5OkAqtrNIhZBkFAD+PxxRLJrXWPS3 tSF7UETfIkDnf5nSfkePpOlrxJzVdwM=
=GkO7
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 7 Nov 2022, at 06:07, Oskari Pirhonen <xxc3ncoredxx@gmail.com> wrote:

On Sun, Nov 06, 2022 at 11:37:24 +0100, Piotr Karbowski wrote:

I would be in favour of stepping up the social contract and actually
prohibiting this kind of things, we had that before too, the nattka you
mgorny wrote is replacement for old bugzilla bot that was ...
closedsource and perished, though nattka now have way more features than
the old thing ever had.

As a user, I think it would be really cool if there was a requirement
that all infra and infra-adjacent stuff was free software.

I feel like I've read that Debian already has something like this. While doing some quick searches I didn't find a full-on requirement, but all
their infra bits I did find were powered by free software. The most
relevant ones being buildd [1] and debci [2]. Additionally, the debci
docs has inctructions on reproducing tests yourself [3] which is a nice
extra IMO.

Gentoo has https://www.gentoo.org/get-started/philosophy/social-contract.html.

Best,
sam

-----BEGIN PGP SIGNATURE-----

iNUEARYKAH0WIQQlpruI3Zt2TGtVQcJzhAn1IN+RkAUCY2mR5V8UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MjVB NkJCODhERDlCNzY0QzZCNTU0MUMyNzM4NDA5RjUyMERGOTE5MAAKCRBzhAn1IN+R kDOtAP9AhVppyEefLdQCKu1DqVDsk1huMz+9aSknpWc9SYl/1gD/S3hdzoSXNGxC MsgOe3fx7xiq45mOOX90mtwnhN3DoQQ=
=SsbE
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, Nov 07, 2022 at 07:23:33PM -0500, Rich Freeman wrote:

On Mon, Nov 7, 2022 at 6:16 PM Sam James <sam@gentoo.org> wrote:

On 7 Nov 2022, at 06:07, Oskari Pirhonen <xxc3ncoredxx@gmail.com> wrote:

On Sun, Nov 06, 2022 at 11:37:24 +0100, Piotr Karbowski wrote:

I would be in favour of stepping up the social contract and actually
prohibiting this kind of things, we had that before too, the nattka you >> mgorny wrote is replacement for old bugzilla bot that was ...
closedsource and perished, though nattka now have way more features than >> the old thing ever had.

As a user, I think it would be really cool if there was a requirement that all infra and infra-adjacent stuff was free software.

I feel like I've read that Debian already has something like this. While doing some quick searches I didn't find a full-on requirement, but all their infra bits I did find were powered by free software. The most relevant ones being buildd [1] and debci [2]. Additionally, the debci docs has inctructions on reproducing tests yourself [3] which is a nice extra IMO.

Gentoo has https://www.gentoo.org/get-started/philosophy/social-contract.html.

I feel like something like a dev-run tinderbox is a bit out of the
scope of that.

Suppose I file a bug against a package, pointing out some issue in it.
How do you know I didn't use some proprietary static code analysis
tool to discover that error? Does it even really matter? The bug
speaks for itself. It is like worrying about whether somebody who
filed a bug was running Windows or another proprietary OS or browser
on their desktop.

Well, a tinderbox is just an automated process for doing just that.
We don't require any dev to use a proprietary tinderbox before
committing. It is something that individual devs choose to use for themselves, automating the testing workflow and possibly the
submission of bugs.

I think the key is something that was brought up earlier in the
thread: is this causing problems? If somebody is running some tool
against the repository and automatically filing bugs, and those bugs
are not useful/actionable and waste the time of volunteers, then that
is a problem. Proprietary tools do contribute to this since they can generate results that are harder to reproduce, but if they are clear
and accurate and actionable it could still be a net-positive.

In some cases, yes, this is exactly the problem. This was one of the
bugs reported in the now-deleted issue tracking repository on Github.

Of course if somebody wants to contribute to 100% FOSS tinderbox
efforts that would be even better. Perhaps if our 100% FOSS tinderbox efforts addressed our needs very well, then nobody would want to
bother with the proprietary reports, or generating them. IMO it would
be better to create the FOSS solution before abandoning the
proprietary one. Doing otherwise is basically burning bridges - it
can be motivating in a sense but not really ideal. I'd love to have a
100% FOSS solution around all of this, but I appreciate what has been
created and can hardly criticize volunteers for failing to make it
happen, especially since I haven't contributed to that myself.

--
Rich

-----BEGIN PGP SIGNATURE-----

iHUEABYKAB0WIQQyG9yfCrmO0LPSdG2gXq2+aa/JtQUCY2mkEwAKCRCgXq2+aa/J tWNgAPoDzStwJPVsi3B7v/64saA38dVoLs0+w9QkmzQh5s28BwD+IDl/Oim5qcIT z9+Afh8RbKR+v+hIN8zR0MBp9zWm1QE=
=8/t4
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, Nov 7, 2022 at 7:34 PM John Helmert III <ajak@gentoo.org> wrote:

On Mon, Nov 07, 2022 at 07:23:33PM -0500, Rich Freeman wrote:

Proprietary tools do contribute to this since they can
generate results that are harder to reproduce, but if they are clear
and accurate and actionable it could still be a net-positive.

In some cases, yes, this is exactly the problem. This was one of the
bugs reported in the now-deleted issue tracking repository on Github.

This was hinted at earlier in the thread. My goal wasn't to say
whether it was or was not an issue, but bring the focus more on the
tangible impact, as I think that will probably help to make this less
about philosophy and more about impact. I think that is more likely
to create action (whether that is a policy change or improvement to
the tooling).

--
Rich

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 8 Nov 2022, at 00:23, Rich Freeman <rich0@gentoo.org> wrote:

On Mon, Nov 7, 2022 at 6:16 PM Sam James <sam@gentoo.org> wrote:

On 7 Nov 2022, at 06:07, Oskari Pirhonen <xxc3ncoredxx@gmail.com> wrote: >>>
On Sun, Nov 06, 2022 at 11:37:24 +0100, Piotr Karbowski wrote:

I would be in favour of stepping up the social contract and actually
prohibiting this kind of things, we had that before too, the nattka you >>>> mgorny wrote is replacement for old bugzilla bot that was ...
closedsource and perished, though nattka now have way more features than >>>> the old thing ever had.

As a user, I think it would be really cool if there was a requirement
that all infra and infra-adjacent stuff was free software.

I feel like I've read that Debian already has something like this. While >>> doing some quick searches I didn't find a full-on requirement, but all
their infra bits I did find were powered by free software. The most
relevant ones being buildd [1] and debci [2]. Additionally, the debci
docs has inctructions on reproducing tests yourself [3] which is a nice
extra IMO.

Gentoo has https://www.gentoo.org/get-started/philosophy/social-contract.html.

I feel like something like a dev-run tinderbox is a bit out of the
scope of that.

I intentionally didn't comment on the scope for now, but I'm glad you did.

Suppose I file a bug against a package, pointing out some issue in it.
How do you know I didn't use some proprietary static code analysis
tool to discover that error? Does it even really matter? The bug
speaks for itself. It is like worrying about whether somebody who
filed a bug was running Windows or another proprietary OS or browser
on their desktop.

It matters if someone can't then reproduce the bug which happens
somewhat often here.

-----BEGIN PGP SIGNATURE-----

iNUEARYKAH0WIQQlpruI3Zt2TGtVQcJzhAn1IN+RkAUCY2mjPF8UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MjVB NkJCODhERDlCNzY0QzZCNTU0MUMyNzM4NDA5RjUyMERGOTE5MAAKCRBzhAn1IN+R kGoTAQDBLIv3aJeTMCYA9J9Z/hVa144feOdgfV7bL6nCqq9a9AEAwyoYuCmLs+81 eTnN0dE+RjD8YDgvcMYAFJO2kuB9cQ4=
=V6dn
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, Nov 7, 2022 at 6:16 PM Sam James <sam@gentoo.org> wrote:

On 7 Nov 2022, at 06:07, Oskari Pirhonen <xxc3ncoredxx@gmail.com> wrote:

On Sun, Nov 06, 2022 at 11:37:24 +0100, Piotr Karbowski wrote:

I would be in favour of stepping up the social contract and actually
prohibiting this kind of things, we had that before too, the nattka you
mgorny wrote is replacement for old bugzilla bot that was ...
closedsource and perished, though nattka now have way more features than >> the old thing ever had.

As a user, I think it would be really cool if there was a requirement
that all infra and infra-adjacent stuff was free software.

I feel like I've read that Debian already has something like this. While doing some quick searches I didn't find a full-on requirement, but all their infra bits I did find were powered by free software. The most relevant ones being buildd [1] and debci [2]. Additionally, the debci
docs has inctructions on reproducing tests yourself [3] which is a nice extra IMO.

Gentoo has https://www.gentoo.org/get-started/philosophy/social-contract.html.

I feel like something like a dev-run tinderbox is a bit out of the
scope of that.

Suppose I file a bug against a package, pointing out some issue in it.
How do you know I didn't use some proprietary static code analysis
tool to discover that error? Does it even really matter? The bug
speaks for itself. It is like worrying about whether somebody who
filed a bug was running Windows or another proprietary OS or browser
on their desktop.

Well, a tinderbox is just an automated process for doing just that.
We don't require any dev to use a proprietary tinderbox before
committing. It is something that individual devs choose to use for
themselves, automating the testing workflow and possibly the
submission of bugs.

I think the key is something that was brought up earlier in the
thread: is this causing problems? If somebody is running some tool
against the repository and automatically filing bugs, and those bugs
are not useful/actionable and waste the time of volunteers, then that
is a problem. Proprietary tools do contribute to this since they can
generate results that are harder to reproduce, but if they are clear
and accurate and actionable it could still be a net-positive.

Of course if somebody wants to contribute to 100% FOSS tinderbox
efforts that would be even better. Perhaps if our 100% FOSS tinderbox
efforts addressed our needs very well, then nobody would want to
bother with the proprietary reports, or generating them. IMO it would
be better to create the FOSS solution before abandoning the
proprietary one. Doing otherwise is basically burning bridges - it
can be motivating in a sense but not really ideal. I'd love to have a
100% FOSS solution around all of this, but I appreciate what has been
created and can hardly criticize volunteers for failing to make it
happen, especially since I haven't contributed to that myself.

--
Rich

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------E390JV7FGRKggIldVeKMgqaX
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 06/11/2022 10.34, Sam James wrote:

...

That had two parts:
1. https://github.com/projg2/nattka/issues/72 & https://github.com/projg2/nattka/pull/73 (done)
2. https://github.com/arthurzam/tattoo/issues/1 (not done)

I was waiting for nattka-0.4 (which returns the field value) and was
hoping to wait until it becomes stable, so it will be able to upgrade
nattka on all devboxes easily and just use new API. Seeing this
conversation, made me understand that it is desired to do it ASAP, so I
added it now with a little ugly code around (import guards to check that
nattka supports the new field).

So currently tattoo skips all bugs marked with Manual testing.


I also plan to create a small dashboard showing special cases of Arch
Testing bugs, such as:

1. Bugs with only one arch remaining
2. Bugs blocked by blocker bug
3. Bugs without any info and activity (not blocked, untouched, not done)

This is in hopes to have a more organized and priority bugs, to mitigate
cases when something somewhere failed, and we lose the bug until pinged.

My current plan is to have a script that generated a HTML file that I
will host on ~dev space, and will have a scheduled process to regenerate
the HTML. I'm still planning the solution and how to schedule it, so no promises :)

--
Arthur Zamarin
arthurzam@gentoo.org
Gentoo Linux developer (Python, Arch Teams, pkgcore stack, GURU)


--------------E390JV7FGRKggIldVeKMgqaX--

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE/axFlFuH2ptjtO5EAqCvUD0SBQQFAmNp4fAACgkQAqCvUD0S BQQtgwgAqayUN9u0SMDyz0FyWsj/sU47+SUpUxR8n+Guxrs1DumkgMfjRdYbHRuy d+VjVlzZgYjD83ZtSThBLbhUx6efEiG0/fhSlyoy6iiQYEyZaxdFi9cCDt+TV4/p orxh2rNMYu1hHVbyHJiiXlbx/jnaZJygDpgrkp6gb2WtcdhhCb/SoKiEffP54Z1Z NyMxYzs2gBaRtCEmcoPGPvIWkufTgy5HwAfgd2oPhtbPrrqmBl+LL19sD74Qo8Iv O9CGsqMxuksL/1pAWLCuN1zGWZERX1Z8cjbug/V/+hOedm3Y8IWYXfdQXw+G+zCT HrEgKYeFdb4+FMji5vyUFiD8x0BxaQ==
=iwBM
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------W8TcXg0ivaszXGnKG0NzVIFd
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 8.11.2022 2.23, Rich Freeman wrote:

Of course if somebody wants to contribute to 100% FOSS tinderbox
efforts that would be even better. Perhaps if our 100% FOSS tinderbox efforts addressed our needs very well, then nobody would want to
bother with the proprietary reports, or generating them. IMO it would
be better to create the FOSS solution before abandoning the
proprietary one. Doing otherwise is basically burning bridges - it
can be motivating in a sense but not really ideal. I'd love to have a
100% FOSS solution around all of this, but I appreciate what has been
created and can hardly criticize volunteers for failing to make it
happen, especially since I haven't contributed to that myself.

https://gitweb.gentoo.org/proj/tinderbox-cluster.git/ https://wiki.gentoo.org/wiki/Project:Tinderbox-cluster

Hopefully soon.

-- juippis

--------------W8TcXg0ivaszXGnKG0NzVIFd--

-----BEGIN PGP SIGNATURE-----

iQGTBAEBCgB9FiEEltRJ9L6XRmDQCngHc4OUK43AaWIFAmNp8gRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDk2 RDQ0OUY0QkU5NzQ2NjBEMDBBNzgwNzczODM5NDJCOERDMDY5NjIACgkQc4OUK43A aWJHjggAqq55GqPODKvHUbQti2tjePzkLbYHTOXUTY/N+b0riXIZ2lqvfyMAMkoN id4OFuDLQ1PtPJJ07QohVQcoASkf7ovQKf1RH7RtpAKOuX1k86bPJxBMfhfFSwZV s+KDeiCnzEg8xTj/lEhTyLdRnnkMshJ0AbZQZdqowUFC3q5DerTx7hFGewYcm7lT ILHdZV7FCG21cfpwE5uKyID+99MLf52HiTFceBVi7w+zxSGoDdF06Bl/MKpzBX8a WNqJ1D7MKCzm8rQfxO1MCvrpoTMi3a8TxAvqRU8dlDWWkpfWTuJkhUEt+AjvmE90 TNEIIAXBHv39XdvW1LKN9eSuZXmYZA==
=8OMb
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, Nov 07, 2022 at 08:26:15 +0200, Joonas Niilola wrote:

I _believe_ ago's tinderbox isn't being paid by the GF _anymore_ due to
this reason, but he keeps it running with his own expenses. I don't mind
this as long as the results are desirable and not phony. I still see a
lot of value in most of ago's work.

Don't get me wrong, I really appreaciate the work that all of you do to
keep my favorite distro running. And maintaining the level of quality
that I've grown to expect from Gentoo over the years too :)

It is unfortunate we don't get to see the engine behind and copy it,
since I'd be really interested in using his automated bug search /
report tool. Even tattoo (https://github.com/arthurzam/tattoo) lacks
that at the moment.

Perhaps he would be open to the idea of releasing some parts of it? (pun intended)

- Oskari

-----BEGIN PGP SIGNATURE-----

iHUEABYIAB0WIQQfOU+JeXjo4uxN6vCp8he9GGIfEQUCY2oH+QAKCRCp8he9GGIf Eah7AQD8wGAP9eyNwq34jjCieYWBNmI0Sqa5V0Woej2BQdt8qQEA37bfi9249jJa vBFOZxWFaJ7SPm8jXlUcy+pwzG4f3gE=
=f3su
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is a multi-part message in MIME format.

Hi,

Whatever outside the arch testing (like tinderbox) is off topic here since it is a completely different argument.

To make John Helmert III happy, I just switched to tatt; so my actual
workflow is tatt + nattka and there is nothing more.

If there are unanswered questions about the arch testing, please let me
know.

Agostino

<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">Hi,</p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">Whatever outside the arch testing (like tinderbox) is off topic here since it is a completely different argument.</p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">To make John Helmert III happy, I just switched to tatt; so my actual workflow is tatt + nattka and there is nothing more.</p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">If there are unanswered questions about the arch testing, please let me know.</p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">Agostino</p>
</body>
</html>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is a multi-part message in MIME format.

On martedì 8 novembre 2022 14:26:18 CET Michał Górny wrote:

If the code was
public, I could try figuring it out and perhaps even fixing it.

Stable requests are handled by many people. o, since your requests were ignored by all members and sam said that him, arthurzam, jsmolic are using tattoo, my guess is that you have already everything in place.

Quoting the relevant part from sam's email:



Agostino

<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">On martedì 8 novembre 2022 14:26:18 CET Michał Górny wrote:</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; If the code was</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; public, I could try figuring it out and perhaps even fixing it.</p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">Stable requests are handled by many people. o, since your requests were ignored by all members and sam said that him, arthurzam, jsmolic are using tattoo, my guess is that you
have already everything in place.</p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">Quoting the relevant part from sam's email:</p>
<br /><br /><br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">Agostino </p>
</body>
</html>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, 2022-11-07 at 19:23 -0500, Rich Freeman wrote:

On Mon, Nov 7, 2022 at 6:16 PM Sam James <sam@gentoo.org> wrote:

On 7 Nov 2022, at 06:07, Oskari Pirhonen <xxc3ncoredxx@gmail.com> wrote:

On Sun, Nov 06, 2022 at 11:37:24 +0100, Piotr Karbowski wrote:

I would be in favour of stepping up the social contract and actually prohibiting this kind of things, we had that before too, the nattka you mgorny wrote is replacement for old bugzilla bot that was ... closedsource and perished, though nattka now have way more features than
the old thing ever had.

As a user, I think it would be really cool if there was a requirement that all infra and infra-adjacent stuff was free software.

I feel like I've read that Debian already has something like this. While doing some quick searches I didn't find a full-on requirement, but all their infra bits I did find were powered by free software. The most relevant ones being buildd [1] and debci [2]. Additionally, the debci docs has inctructions on reproducing tests yourself [3] which is a nice extra IMO.

Gentoo has https://www.gentoo.org/get-started/philosophy/social-contract.html.

[...]

I think the key is something that was brought up earlier in the
thread: is this causing problems?

We're talking about handling arch testing and not tinderboxing
in general but yes, this is causing problems.

If someone's running automation that takes care of a significant portion
of arch testing, it effectively leads to monopolized arch testing.
Other arch testers don't need to do anything, so they eventually stop
paying attention and everyone assumes "X will take care of it anyway".

Now, the first problem is the bus factor. If X stops doing arch
testing, requests pile up. It takes time before others resume their
work. If the software used to do the automation was proprietary, others
have to start over. Of course, this is better now that we have
an alternative.

The second problem is that we don't really know *how* things are
processed. As I've said, it happened to me before that stablereqs were
ignored for months. My guess is that the automation couldn't figure out
how to process them, so it skipped them, silently. I still don't know
what was the problem, or how to avoid it in the future. If the code was public, I could try figuring it out and perhaps even fixing it.

--
Best regards,
Michał Górny

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, Nov 08, 2022 at 09:43:19AM +0100, Agostino Sarubbo wrote:

Hi,

Whatever outside the arch testing (like tinderbox) is off topic here since it
is a completely different argument.

To make John Helmert III happy, I just switched to tatt; so my actual workflow is tatt + nattka and there is nothing more.

If there are unanswered questions about the arch testing, please let me know.

Agostino

Great, thanks!
-----BEGIN PGP SIGNATURE-----

iHUEABYKAB0WIQQyG9yfCrmO0LPSdG2gXq2+aa/JtQUCY2pzLAAKCRCgXq2+aa/J tf6EAQD/mTFggX1JSuFQwvaFhPdqDZenZl4SSXo1ysPq9L1iBAEAhmZvOo18MO4p 9D0wOezeBMpvTR7ihsOeHeV2lJu7eA0=
=WTKr
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)