Add MAINTAINERS file + associated policy / tools

[edolstra]

Following up on http://lists.science.uu.nl/pipermail/nix-dev/2016-February/019811.html.

To prevent the Nixpkgs from descending into chaos, we need some policy about who is allowed to commit/merge what. We already have meta.maintainers for packages, but not for other parts of Nixpkgs/NixOS. In particular it's completely unclear who "owns" central parts like lib/ so it risks becoming a free-for-all.

So I would like to propose the following:

• Add a MAINTAINERS file (in the style of https://www.kernel.org/doc/linux/MAINTAINERS) listing who is responsible for particular topics / subsystems. This would generally only list things that cannot be expressed via the meta.maintainers field in packages or modules, such as cross-cutting concerns or general responsibility for a set of related packages like KDE. Example entry would be

  HASKELL INFRASTRUCTURE
  H: peti
  F: pkgs/top-level/haskell-packages.nix
  F: pkgs/development/compilers/ghc/*
  F: pkgs/development/haskell-modules/lib.nix
  

  where "H:" is a GitHub user name and "F:" are filename-matching regexps to help identify whether a particular change affects this subsystem (not required).

• Add meta.maintainers fields to NixOS modules.

• Document the policy (e.g. changes need approval from the responsible maintainers).

• Make a little tool that given a diff tells you who the responsible maintainers are. It would do this by 1) matching the modified files in the diff against the "F:" regexps in the MAINTAINERS file; and 2) looking for a meta.maintainers field in the modified files. Also make a GitHub bot that applies this tool to incoming PRs and pings/assigns the maintainers.

Does this sound reasonable?

[7c6f434c]

   HASKELL INFRASTRUCTURE
   H: peti
   F: pkgs/top-level/haskell-packages.nix
   F: pkgs/development/compilers/ghc/*
   F: pkgs/development/haskell-modules/lib.nix

where "H:" is a GitHub user name and "F:" are filename-matching regexps to help identify whether a particular change affects this subsystem (not required).

Do I understand correctly, that H: line can also be repeated?

• Add meta.maintainers fields to NixOS modules.
• Document the policy (e.g. changes need approval from the responsible maintainers).
• Make a little tool that given a diff tells you who the responsible maintainers are. It would do this by 1) matching the modified files in the diff against the "F:" regexps in the MAINTAINERS file; and 2) looking for a meta.maintainers field in the modified files. Also make a GitHub bot that applies this tool to incoming PRs and pings/assigns the maintainers.

Does this sound reasonable?

What do we do with PRs effectively creating new subareas?

What do we do with tools/misc and similar?

How can I mark a package «feel free to ping me for review/ask for
help/etc., but I also trust any willing NixPkgs committer to apply
a change that is not obvoiusly bad and keeps the thing building»
(this is meaningful for many small leaf packages, I think).

For small things the key (in my obviously wrong opinion) thing we lack
is even more manpower for keeping them up-to-date and not-bit-rotted;
for core and complicated things, stability matters, of course.

[heydojo]

👍
100% agree @edolstra

[edolstra]

@7c6f434c

• Yes there could be multiple maintainers.
• This would probably fall under a general "Nixpkgs scope" topic (presumably maintained by me).
• Well, pkgs/tools/misc are just regular packages with meta.maintainers attributes, so no need to list them in MAINTAINERS.
• The kernel's MAINTAINERS file has an "R: ..." field to list designated reviewers, which could be useful for this (and maybe an analogous meta.reviewers attributes). And we could have some way to mark a package that anybody can update (maybe simply something like meta.maintainers = [ community ]).

[jagajaga]

👍
But I thing that we should also have people who can coordinate others in PRs. Like nowadays I usually merge things myself but if I'm not sure about the patch or it's too complicated for me I call the responsible guys. (Also I have great experience with our repository and know well it's infrastructure that's why I know who can help us to solve problems or just help in a PR). Also nowadays @pSub do @joachifm do a great job with labeling pkgs.
And I thing we must leave several core people with current rights as they have them, like @peti @domenkozar @vcunat @abbradar @aszlig @pSub @7c6f434c @nckx @wizeman @edwtjo @ttuegel @bjornfor @jagajaga (myself) @shlevy @lethalman if they want to.

[7c6f434c]

• This would probably fall under a general "Nixpkgs scope" topic (presumably maintained by me).

Please assign some more trusted reviewers for such things, we need all
of you alive.

Adding things should have a lower risk of breaking everything,
hopefully…

• Well, pkgs/tools/misc are just regular packages with meta.maintainers attributes, so no need to list them in MAINTAINERS.

Ah, so not all packages fall into such groups. Noted.

• The kernel's MAINTAINERS file has an "R: ..." field to list designated reviewers, which could be useful for this (and maybe an analogous meta.reviewers attributes). And we could have some way to mark a package that anybody can update (maybe simply something like meta.maintainers = [ community ]).

meta.reviewers, probably — there are maintainers who can help with
debugging an update, but a working update can be reviewed by whoever
agrees (in contrast to some other areas where there are some people who
are good at debugging such things, but wouldn't accept the
responsibility of the final review).

[ttuegel]

👍

And I thing we must leave several core people with current rights as they have them, like @peti @domenkozar @vcunat @abbradar @aszlig @pSub @7c6f434c @nckx @wizeman @edwtjo @ttuegel @bjornfor and @jagajaga (myself) @shlevy @lethalman if they want to.

If I understand correctly, this is not about restricting the actual permissions of committers, but establishing policy and developing tools to notify the appropriate maintainers. At this point, I am comfortable trusting all the committers to follow an established policy; the only problem is that we don't as yet have one 😃

[jagajaga]

Oh! I misunderstood. I agree wholeheartedly with establishing policy!

[abbradar]

Yay! I returned again and again to a thought "how would I specify that I (or someone else) is responsible for this directory tree / feature / function?". This would scratch my itch.

[7c6f434c]

And I thing we must leave several core people with current rights as they have them, like @peti @domenkozar @vcunat @abbradar @aszlig @pSub @7c6f434c @nckx @wizeman @edwtjo @ttuegel @bjornfor and @jagajaga (myself) @shlevy @lethalman if they want to.

If I understand correctly, this is not about restricting the actual permissions of committers, but establishing policy and developing tools to notify the appropriate maintainers. At this point, I am comfortable trusting all the committers to follow an established policy; the only problem is that we don't as yet have one 😃

It could be nice to have brief recommendations for people with bigger
NixPkgs experience about gotchas for updating various libraries.

For example, a few years ago GNU TLS updates loved breaking libsoup and
WebKit-using browsers using libsoup… I guess there are some such things
now and when updating (say) LibreOffice and needing a newer version of
some dependency knowing what to check would make things go smoother.

[lucabrunox]

Different proposal

I think linux long flat file is nice, but maybe there's something better we can think nowadays, and different because of our nixpkgs layout. Also, consider that regexp are not much of any use in our tree because most of stuff is a single file in a directory.

• Put a MAINT.md in a subtree. The first line of the file looks like: "Maintainer: peti". The second line of the file looks like: "Subtree: Haskell Infrastructure", or something like that.
• In the MAINT.md you can add other stuff that briefly document how that subtree works in terms of maintenance. It might help other people jump on maintaining that subtree as well, or describe some maintenance design decisions that do not belong to any of our current manuals.
• The little tool would achieve point 1) of the @edolstra proposal by going upwards in the tree until a MAINT.md is found, and returning the first line of the file.

I think this will also make us think about subtrees differently: more maintenance-wise than category-wise. Like, why do we have pkgs/development/compilers/ghc and pkgs/development/haskell-modules ? Maybe we should just forget about "compilers" category being useful to anybody, and put everything under pkgs/lang-support/haskell for example.

EDIT: slightly changed the header of the MAINT.md, but that's only a detail of this proposal.

[maurer]

@lethalman
Won't the hierarchical MAINT.md method have issues with e.g. pkgs/top-level/haskell-packages.nix being delegated to the appropriate maintainers? Additionally, you end up with two MAINT.md files for a logical subtree in the case of the gnome3 subtree or similar ones which simultaneously have files in nixos/modules and in pkgs.

Re: the compilers category, it might be a useful designation for packages which are known to gate many other packages and whose build failure should be taken more seriously when cutting releases.

The overall oddity of the MAINT.md approach seems to be that it expects the directory structure of nixpkgs to match the maintenance structure. I suppose this is possible, but it's not immediately clear to me that this is ideal.

I agree that having the description of the subtree procedures sounds useful, as does not having everything in one monster file, just trying to note some potential complications to address beforehand.

P.S.: I'm mostly a user, not a bigshot maintainer, so these are just my two cents, sorry if I'm bothering you folks.

[lucabrunox]

@maurer I don't see any issue in creating more MAINT.md with the same maintainer. It's just your github username. About nixos and pkgs, it may or may not be a problem. You can have two different descriptions. At least for gnome, the two descriptions would be very different. Also it does not expect the tree to match the maintenance structure, it only induces to have a more maintenance-wise structure.

[benley]

There is a pretty decent semi-standard file format for exactly what we're trying to accomplish here:
https://github.com/bkeepers/OWNERS

It's used in chromium's git repos:
https://www.chromium.org/developers/owners-files
https://chromium.googlesource.com/chromium/tools/depot_tools/+/master/owners.py

Another related implementation, as a Gerrit plugin:
https://gerrit.googlesource.com/plugins/owners

More related tooling:
https://github.com/Nextdoor/git-change#owners-scope

Some commentary about origins and reasoning:
bkeepers/OWNERS#1 (comment)

The net effect is comparable to the linux MAINTAINERS file, but this can be distributed throughout a codebase like @maurer's MAINT.md proposal.

[dezgeg]

I don't think per-subdirectory files would work well in this specific case which was about cross-cutting concerns, which kind of tend to touch files all across the directory tree. For instance I'd be thinking of something like this for myself:

ARM AND OTHER ARCHITECTURE SUPPORT
F: pkgs/misc/uboot
F: pkgs/top-level/platforms.nix
F: pkgs/stdenv/linux/make-bootstrap-tools-cross.nix
F: nixos/modules/installer/cd-dvd/sd-image*.nix
F: nixos/modules/system/boot/loader/generic-extlinux-compatible
F: nixos/modules/system/boot/loader/raspberrypi

...which is already all over the place and directories like pkgs/top-level contain files that other people maintain.

Also if we use the MAINTAINERS format from kernel, we can also steal their script (https://github.com/torvalds/linux/blob/master/scripts/get_maintainer.pl) which does other kinds of useful stuff already (like ignore files and using git blame to find additional reviewers like Mention Bot)

[bendlas]

Can somebody give perspective on OWNERS vs MAINTAINERS differences, with respect to encodable information vs tooling? I have seen both things but don't know the first thing about them. bkeepers/OWNERS#1 (comment) seems to suggest that OWNERS is more geared towards machine-readability.
Their usage seems to be about equal:

---

MAINTAINERS.md: 1,859
https://github.com/search?utf8=%E2%9C%93&q=filename%3AMAINTAINERS.md&type=Code&ref=searchresults

MAINTAINERS: 219,266
https://github.com/search?utf8=%E2%9C%93&q=filename%3AMAINTAINERS&type=Code&ref=searchresults

---

OWNERS.md: 323
https://github.com/search?utf8=%E2%9C%93&q=filename%3AOWNERS.md&type=Code&ref=searchresults

OWNERS: 224,132
https://github.com/search?utf8=%E2%9C%93&q=filename%3AOWNERS&type=Code&ref=searchresults

[edolstra]

@lethalman What @maurer said. Some topics don't correspond to subtrees, in fact some may not correspond to any specific files at all. (E.g., "Nixpkgs coding style", "New packages / modules", ...)

[lucabrunox]

@edolstra I wonder what means being maintainer of nixpkgs coding style.

[edolstra]

Regarding existing tooling, we'll probably have to write/adapt our own anyway because it will need to be able to handle meta.maintainers in addition to MAINTAINERS/OWNERS.

[matthiasbeyer]

HASKELL INFRASTRUCTURE
H: peti
F: pkgs/top-level/haskell-packages.nix
F: pkgs/development/compilers/ghc/*
F: pkgs/development/haskell-modules/lib.nix

I like the general idea, though I wouldn't bind that file to the github infrastructure so closely, but allow email entries like so:

HASKELL INFRASTRUCTURE
H: Github-User-Name
M: github_user_name@some_mail.ext
F: pkgs/top-level/haskell-packages.nix
F: pkgs/development/compilers/ghc/*
F: pkgs/development/haskell-modules/lib.nix

So we can also be reached by non-github users via email.

[7c6f434c]

I like the general idea, though I wouldn't bind that file to the github infrastructure so closely, but allow email entries like so:

HASKELL INFRASTRUCTURE
H: Github-User-Name
M: github_user_name@some_mail.ext
F: pkgs/top-level/haskell-packages.nix
F: pkgs/development/compilers/ghc/*
F: pkgs/development/haskell-modules/lib.nix

So we can also be reached by non-github users via email.

Add the name of maintainers.nix entry then. And display name.

[domenkozar]

Wouldn't it be better to add a list of paths maintained to lib/maintainers.nix or some other file so it can reference the maintainer name and email? Otherwise we have to maintain two list of maintainers.

[jagajaga]

@matthiasbeyer

M: github_user_name@some_mail.ext

Why github_user_name?

[matthiasbeyer]

@jagajaga This was just an example. Of course it would be @matthiasbeyer and mail at beyermatthias [dot] de for me.

[joachifm]

To my mind, the assignment of ownership is what makes this proposal valuable. That there is ownership is more important than who owns what or how it is recorded. I hope this doesn't get bogged down by trying to hash out all the details up front ... What @edolstra proposes seems perfectly workable as-is to me, though @domenkozar's idea of re-using maintainers.nix makes a lot of sense, esp. for the long term. Just my 2 NOK.

[Profpatsch]

Also make a GitHub bot that applies this tool to incoming PRs and pings/assigns the maintainers.

Will we keep the bot that looks up blame information and cc’s the responsible users then? I like having everyone interested in cc, but I’m afraid of creating too much noise in general.
Maybe keep both active until too many people complain?

Another thing I loathe about the current system is that there is sometimes no connection between mail address, IRC user name and Github user name.
That bugs me when I look up git information in my local repository and want to find out the handle of that person on Github. Maybe add that to the maintainer file?

[7c6f434c]

Another thing I loathe about the current system is that there is sometimes no connection between mail address, IRC user name and Github user name.
That bugs me when I look up git information in my local repository and want to find out the handle of that person on Github. Maybe add that to the maintainer file?

You may want to run my vanity counter from maintainers/scripts and use
its output (it does deduplication, so it tries to match names, emails
and GitHub usernames even when a person varies the name spelling or
changes the email while keeping the name spelling the same). The commit
counts would be a useless side effect for you.

[aszlig]

Hm, what about running our own mention bot instead (we could even patch it to incorporate maintainers meta info), because CODEOWNERS looks a bit redundant to me.

[edolstra]

Yeah, a patched mentionbot that uses meta.maintainers would be ideal.

[vcunat]

Nitpick: then it would be a rather important requirement to enforce matching maintainer IDs with github account names or add some extra mapping for that. (For instance, Eelco's names don't match :)

[7c6f434c]

Maybe add optional fields like Nix-related GitHub username, Nix-related GitLab user name, etc.?

(Yes, my maintainers.nix name is my Nix SVN username back from when it made sense, and my GitHub username is the same user-part as the email I use in connection to Nix stuff. These two are different)

[domenkozar]

Very relevant thoughts: http://blog.ffwll.ch/2017/08/github-why-cant-host-the-kernel.html

[dezgeg]

So what's the next actionable thing to do given that the CODEOWNERS file was merged in #27499?

[vcunat]

Some support for meta.maintainers, I guess? (Assuming that we don't want to duplicate that information in CODEOWNERS.)

[edolstra]

As to the next actionable things:

• @vcunat pointed out that CODEOWNERS allows us to require review from owners. Enabling this might be a good idea, since it fixes the current anarchic situation where any of a few dozen committers can change anything, including core components.

• If we use CODEOWNERS for mandatory reviews (rather than as a mentionbot replacement) then we should document this policy somewhere.

• @aszlig expressed some interest in writing a bot to use meta.maintainers for finding reviewers, though I don't think he's working on it at the moment.

[vcunat]

I think there would be the downside that the feature can only be used if we disallow direct pushing, i.e. even noncritical changes would AFAIK have to go through PRs, which tends to be annoying in my experience for trivial/safe changes. (I use it in gitlab for my paid job, but the speed of changes is much slower in there.)

[matthiasbeyer]

I think there would be the downside that the feature can only be used if we disallow direct pushing

My experience from "allow direct pushing" is "I can do this, I know my code works" ... except when it doesn't. So I'd opt for disallowing direct pushing everywhere, even for security patches (for example, I cannot push to master in my own projects, where I even work alone on the codebase - just because "My code always works" does simply not exist).

But that's just my 2ct.

[vcunat]

Well, if we had some (more) reliable CI for PRs, that would be a different question... (But even there – it feels strange to wait for functional tests when you only want to fix a typo in docs.)

[7c6f434c]

Yet different question if there were not a huge backlog of PRs…

[vcunat]

CODEOWNERS might help with this problem, via faster notification of interested people with push access, at least in some parts of the nixpkgs tree.

[TheNeikos]

@vcunat Regarding the typo fixes, one could look at how rust-lang/rust does it. They have two kinds of patches, 'real' patches and fixups. Fixups get batched and periodically run, removing pressure for such changes.

[matthiasbeyer]

@vcunat Regarding the typo fixes, one could look at how rust-lang/rust does it. They have two kinds of patches, 'real' patches and fixups. Fixups get batched and periodically run, removing pressure for such changes.

That's indeed a good idea! I would even include smaller package updates into such a branch (like if abook gets updated... nobody cares that much to have the latest abook as fast as possible). If these kind up package updates appear once a week or twice a month in unstable, everything should be fine, IMHO.

[7c6f434c]

Erm. I do actually care about some of the leaf-package updates specifically at the moment I perform them.

[vcunat]

We actually batch the "larger updates", as they are often mass rebuilds :-) EDIT: I suppose Rust's motivation is partially similar and they have some extensive test suite which isn't economical to run for each small fix.

[nbp]

Add meta.maintainers fields to NixOS modules.

This now exists, and is used.

[edolstra]

Closing in preference of NixOS/rfcs#19.

[nixos-discourse]

This issue has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/missing-documentation-of-makeautostartitem/20496/2