Proposal: KDE CVS Commit Policy
Dirk Mueller
kde-policies@mail.kde.org
Sun, 30 Mar 2003 21:55:32 +0200
On Son, 30 M=E4r 2003, Cornelius Schumacher wrote:
> 1. Think before committing.
Is this a policy? If yes, what does it say? What does it require to prove=
=20
that I think before I commit?
Obviously everybody thinks before committing. Just sometimes they don't=20
think *enough*, or do their thinking on wrong assumptions (or, being humans=
,=20
make mistakes).=20
I personally don't think your suggestion is a useful policy. It neither=20
documents the currently established common sense, no improves the situation=
.=20
KDE CVS has been traditionally very=20
bad, and I can sum up some exisiting problems, which in turn, when you=20
negate them, give a useful policy:=20
1. Lack of communication. The maintainer does not know about the commits,
nor has seen the patch before. Bigger commits usually contain therefore
essential flaws.=20
2. Lack of reviews before committing. Public API extensions and modification
is rarely reviewed or discussed before committing. Hence we end up=20
with major compatibility breakage in every major release. 3rd party
application vendors find this a big annoyance.=20
Furthermore, big api extensions are usually done by people with very
low experience. They don't implement maintainable interfaces, which
includes simple thinks like d pointers, but extends to missing/too many
virtuals, wrong inheritance, incorrect method naming, awkward API,=20
terrible reusability and overfeaturism of little details and behaviour-
modifications that can easily be implemented in a 20 lines of code
additional layer that is much easier to grasp for the application=20
developer. KExtendedSocket being a classic example.=20
Furthermore, I often see newly committed code with undefined or untested
memory management and ownership policy. For code that should be
resusable, documentating and defining this is topmost priority.
Implementations of "nice to have" API without general proof of its
necessity or relation to the class where they're implemented in
(KApplication::randomString. I think this 5 line method had about 25
bugs so far, besides being fatally missplaced in kdelibs. )
3. Lack of focus on maintainability, stability and security. Lack of
understanding about security implications and coding style to avoid
the associated problems (shell quoting, buffer overflows, format
string vulnerabilities, i18n bugs). Lack of common coding style
(spaces vs tabs, indentation. curly bracket placement).=20
4. Big code reorganizations without prior discussion, including massive
renaming of files and moving around in CVS modules (see ksplashml
for example lately. ). CVS-unfriendly usage of CVS: import in a separate
directory, which will make later tracking of history almost impossible
when the directory will be copied over to kdebase/ksplash
5. So called "fixes" which have obviously not been regression tested.=20
The kdelibs/tests check applications most often don't even compile
after such a commit.=20
6. Patches for supposed fixing of problems which have not been completely
investigated or understood by the committer. ("I don't know why it
crashes, but when I do this, it does not crash anymore." or
"I don't know what happens, but till somebody finds out, I'm disabling
it". or "I'm not completely sure if thats right, but at least it=20
works for me.")
7. Constant build breakages. Continuous fiddling with makefiles, with
include paths, addition of uic or moc generated files to CVS,=20
lack of committing necessary files (new header files, new icons etc).=20
Introduction of GNUisms in implementations, ugly shell hacks in
install-local: and similiar targets in the Makefile.am=20
(result of lack of understanding of the KDE build system).=20
8. Lack of descriptive log entries. Often bugreports are not mentioned=20
in the commit log, or are not closed at the same time. the log
entries usually just describe what can be read from the diff, but don't
explain the _how_ or _why_.=20
9. Lack of maintenance of the stable release series. Often useful, smaller
new features are not backported, while dangerous, untested "code=20
cleanups" are immediately backported. Massively introduced regressions
are not being cleaned up in the stable branch and end up in a release
(I can't remember a single KDE release where kio_http's proxy support
wasn't flawed in one or another way).=20
10. Lack of direction. Several developers refuse to accept guidance
by more experienced contributors, expressed in irrational and provocative
ways ("release dictator", "maintainer", "if you don't do it my way
I'll fork KDE").
11. Lack of acceptance of release schedules ("I'm allowed to commit my
stuff when I think its ready". "Do what you want, I create my own
branch and work in there". "Hey, CVS is for everybody, so don't=20
interfere with my time schedule").=20
12. Lack of willingness to change the situation. Most often people don't
care about even massive breakages or obvious introduced regressions
as long as they still find a way to work around it (or revert to an
older version until somebody else is stupid enough to fix it).=20
--=20
Dirk