Formalize a QA Member role [Was: Re: PHP Security Advisory - Apache Module bugs]

[Hans Bergsten <ha...@gefionsoftware.com>]

I'm just reposting this again with a more appropriate subject,
in case someone who doesn't care about PHP security wants to
join the discussion ;-)


-------- Original Message --------
Subject: Re: PHP Security Advisory - Apache Module bugs
Date: Wed, 17 Jan 2001 21:41:47 -0800
From: Hans Bergsten <ha...@gefionsoftware.com>
Reply-To: general@jakarta.apache.org
To: general@jakarta.apache.org
References: <B6...@latchkey.com>

Jon Stevens wrote:
> 
> on 1/17/01 8:44 PM, "Hans Bergsten" <ha...@gefionsoftware.com> wrote:
> [...]
> > Do we have to limit the size of the team. I think it would be
> > a good idea to define QA Member as a new role, between User and
> > Developer in terms of active involvement and authority. See more
> > below.
> 
> Yes. I think it is important to limit the size of the team. At this point,
> our experiences with giving everyone and their brother commit access has
> actually seemed to prove to not be beneficial towards overall project health
> and has simply proven to cause problems.
> [...]

I can buy that. We can put in the role description that at any point in
time, the number of QA Members should not be more than 3 (or whatever
number seems right), with the explanation you just gave; more focused
and more sense of responsibility.

> > I don't think it's fair to require anyone in this type of organization
> > to be responsible for finding their replacement. Besides, it would be
> > hard to enforce.
> 
> However, I'm trying to establish stronger a chain of responsibility here as
> I think that that is lacking in the organization. In other words, if you
> sign up to be part of a team, then you are committing yourself to being part
> of that team. If you can't do your duties, then it should be your
> responsibility to find a replacement.

I agree with the goal, but I think it's better to say something like this:

  If a QA Member realizes that he/she can not perform the duties, 
  he/she must announce this (to the Users list? to teh General list?) so 
  that a new QA Member can be nominated and elected. 

That is a more fair distribution of responsibilities between the 
individual and the community IMHO.

> > At times, QA Members may go inactive for a variety of reasons. A
> > QA Member that has been inactive for 6 months or more may lose his or
> > her status as a QA Member.
> 
> I think that 6 months is WAY to long for that. Especially if we go with a
> smaller group size. I would say 2 months and/or the time between a release
> of the software. These people have to be around for the time that there are
> releases.

I agree, I just copy/pasted from the Committer process. 2 months sounds 
okay.

> [...]

Hans
-- 
Hans Bergsten		hans@gefionsoftware.com
Gefion Software		http://www.gefionsoftware.com
Author of JavaServer Pages (O'Reilly), http://TheJSPBook.com

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
For additional commands, e-mail: general-help@jakarta.apache.org

Re: Formalize a QA Member role

[Hans Bergsten <ha...@gefionsoftware.com>]

Ted Husted wrote:
> 
> On 1/18/2001 at 3:06 PM Hans Bergsten wrote:
> > In terms of a +1 on a release, I suggest that we clarify that this
> means commitment to support the released product (bug fixes, user
> questions, etc.). A release requires at least three +1 votes, so that
> gives you at least three committers that agree to support the released
> product. I have started a new thread about this.
> 
> I would suggest that < http://jakarta.apache.org/site/roles.html > be
> amended to include a clause like:
> 
> "Committers who approve a public release are expected to prioritize
> their contributions so that Bug Reports regarding that release are
> quickly resolved, as the individual Committer's skill set permits. A
> Committer who approves (votes +1) on a public release, but then fails
> to support that release to the best of their ability, may lose his or
> her status as a Committer."
> 
> I would also suggest that a plain-text copy of the current Guidelines
> be mailed to a new Committer, and that they affirm that they understand
> and agree to the Guidelines before receiving their login.

I agree with both suggestions.

Hans
-- 
Hans Bergsten		hans@gefionsoftware.com
Gefion Software		http://www.gefionsoftware.com
Author of JavaServer Pages (O'Reilly), http://TheJSPBook.com

Re: Formalize a QA Member role

[Ted Husted <ne...@husted.com>]

On 1/18/2001 at 3:06 PM Hans Bergsten wrote:
> In terms of a +1 on a release, I suggest that we clarify that this
means commitment to support the released product (bug fixes, user
questions, etc.). A release requires at least three +1 votes, so that
gives you at least three committers that agree to support the released
product. I have started a new thread about this.

I would suggest that < http://jakarta.apache.org/site/roles.html > be
amended to include a clause like: 

"Committers who approve a public release are expected to prioritize
their contributions so that Bug Reports regarding that release are
quickly resolved, as the individual Committer's skill set permits. A
Committer who approves (votes +1) on a public release, but then fails
to support that release to the best of their ability, may lose his or
her status as a Committer."

I would also suggest that a plain-text copy of the current Guidelines
be mailed to a new Committer, and that they affirm that they understand
and agree to the Guidelines before receiving their login. 

-T.

Re: Formalize a QA Member role

[James Duncan Davidson <du...@x180.net>]

On 1/18/01 3:06 PM, "Hans Bergsten" <ha...@gefionsoftware.com> wrote:

> In terms of a +1 on a release, I suggest that we clarify that this
> means commitment to support the released product (bug fixes, user
> questions, etc.). A release requires at least three +1 votes, so that
> gives you at least three committers that agree to support the released
> product. I have started a new thread about this.

Sounds good.

-- 
James Duncan Davidson                                        duncan@x180.net
                                                                  !try; do()

Re: Formalize a QA Member role

[Hans Bergsten <ha...@gefionsoftware.com>]

Jon Stevens wrote:
> 
> on 1/18/01 12:59 PM, "Hans Bergsten" <ha...@gefionsoftware.com> wrote:
> 
> > I do agree that PMC decided that sufficient support
> 
> then please define "sufficient support"...that is what i was also trying to
> do.

Okay. First, according to the existing rules:

  "The act of voting carries certain obligations. Voting members are 
   not only stating their opinion, they are also agreeing to help do 
   the work."

In terms of a +1 on a release, I suggest that we clarify that this
means commitment to support the released product (bug fixes, user
questions, etc.). A release requires at least three +1 votes, so that
gives you at least three committers that agree to support the released
product. I have started a new thread about this.

I also suggest that this must be explicitly stated in the mail where 
the release it put up for a vote, so that everyone voting is aware of
this rule. Isn't that enough?

Hans
-- 
Hans Bergsten		hans@gefionsoftware.com
Gefion Software		http://www.gefionsoftware.com
Author of JavaServer Pages (O'Reilly), http://TheJSPBook.com

Re: Formalize a QA Member role

[Jon Stevens <jo...@latchkey.com>]

on 1/18/01 12:59 PM, "Hans Bergsten" <ha...@gefionsoftware.com> wrote:

> I do agree that PMC decided that sufficient support

then please define "sufficient support"...that is what i was also trying to
do.

-jon

-- 
Honk if you love peace and quiet.

Re: Formalize a QA Member role

[Hans Bergsten <ha...@gefionsoftware.com>]

Jon Stevens wrote:
> [...]
> One other thing I would like purposefully noted here in case it comes up in
> the future (and I can thus point at it):
> 
> I am bringing up the role of a QA Team as well as helping define its purpose
> as an open community based effort by carrying on the discussion on the
> General@Jakarta mailing list. This is because I have expressed that I have a
> requirement of seeing Tomcat 3.x and 4.x have a support structure that is
> capable of handling QA and support issues. In other words, this is partly my
> itch, so I'm helping build the foundation to in order to scratch it. It will
> be up to the Jakarta/Tomcat community to follow through on this effort.

I figured that was what you're trying to do.

> Therefore, if it comes to pass that no one (or not enough people...ie: 2-3
> people on both the 3.x and 4.x QA teams...yes, there can be overlap in that
> the same people can be on both teams if they wish) steps up to the plate to
> become a member of the QA Team and asserts themselves in their
> responsibilities in a consistent state, I hereby declare that it is my
> intention to raise serious doubts into the possibility of a future release
> of the Tomcat software (3.x and 4.x) as I have stated at the PMC meeting.
> 
> It is also my belief that the PMC has agreed to place a *requirement* of the
> support burden of proof on the QA Team (this will be revealed when the PMC
> meeting notes are posted). If no one steps up to become members of the QA
> Team, then the burden of support proof then falls on the active developers
> of the product.

I don't agree with "burden of proof on the QA Team", since the role doesn't
exist yet. I do agree that PMC decided that sufficient support must be
evident for a new 3.x release to be approved, since 3.x is considered the
"stable" version (based on the FreeBSD model described by Brian in the 
meeting) and we must therefore be ver careful with how we deal with
new releases of this code base.

> I hope I'm making myself *very* clear. If not, then speak up now and ask for
> clarification or modifications or forever hold your peace.
> 
> thanks,
> 
> -jon

Hans
-- 
Hans Bergsten		hans@gefionsoftware.com
Gefion Software		http://www.gefionsoftware.com
Author of JavaServer Pages (O'Reilly), http://TheJSPBook.com

Re: Formalize a QA Member role

[Micael Padraig Og mac Grene <ca...@harbornet.com>]

Hi, Jon,

You are not making yourself clear with me.  I have no idea what you are
talking about.  Would you just directly state what it is you are concerned
about?

Thanks

Micael
----- Original Message -----
From: "Jon Stevens" <jo...@latchkey.com>
To: <ge...@jakarta.apache.org>
Sent: Wednesday, January 17, 2001 11:05 PM
Subject: Re: Formalize a QA Member role


>
> One other thing I would like purposefully noted here in case it comes up
in
> the future (and I can thus point at it):
>
> I am bringing up the role of a QA Team as well as helping define its
purpose
> as an open community based effort by carrying on the discussion on the
> General@Jakarta mailing list. This is because I have expressed that I have
a
> requirement of seeing Tomcat 3.x and 4.x have a support structure that is
> capable of handling QA and support issues. In other words, this is partly
my
> itch, so I'm helping build the foundation to in order to scratch it. It
will
> be up to the Jakarta/Tomcat community to follow through on this effort.
>
> Therefore, if it comes to pass that no one (or not enough people...ie: 2-3
> people on both the 3.x and 4.x QA teams...yes, there can be overlap in
that
> the same people can be on both teams if they wish) steps up to the plate
to
> become a member of the QA Team and asserts themselves in their
> responsibilities in a consistent state, I hereby declare that it is my
> intention to raise serious doubts into the possibility of a future release
> of the Tomcat software (3.x and 4.x) as I have stated at the PMC meeting.
>
> It is also my belief that the PMC has agreed to place a *requirement* of
the
> support burden of proof on the QA Team (this will be revealed when the PMC
> meeting notes are posted). If no one steps up to become members of the QA
> Team, then the burden of support proof then falls on the active developers
> of the product.
>
> I hope I'm making myself *very* clear. If not, then speak up now and ask
for
> clarification or modifications or forever hold your peace.
>
> thanks,
>
> -jon
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: general-help@jakarta.apache.org
>
>

Re: Formalize a QA Member role

[Jon Stevens <jo...@latchkey.com>]

One other thing I would like purposefully noted here in case it comes up in
the future (and I can thus point at it):

I am bringing up the role of a QA Team as well as helping define its purpose
as an open community based effort by carrying on the discussion on the
General@Jakarta mailing list. This is because I have expressed that I have a
requirement of seeing Tomcat 3.x and 4.x have a support structure that is
capable of handling QA and support issues. In other words, this is partly my
itch, so I'm helping build the foundation to in order to scratch it. It will
be up to the Jakarta/Tomcat community to follow through on this effort.

Therefore, if it comes to pass that no one (or not enough people...ie: 2-3
people on both the 3.x and 4.x QA teams...yes, there can be overlap in that
the same people can be on both teams if they wish) steps up to the plate to
become a member of the QA Team and asserts themselves in their
responsibilities in a consistent state, I hereby declare that it is my
intention to raise serious doubts into the possibility of a future release
of the Tomcat software (3.x and 4.x) as I have stated at the PMC meeting.

It is also my belief that the PMC has agreed to place a *requirement* of the
support burden of proof on the QA Team (this will be revealed when the PMC
meeting notes are posted). If no one steps up to become members of the QA
Team, then the burden of support proof then falls on the active developers
of the product.

I hope I'm making myself *very* clear. If not, then speak up now and ask for
clarification or modifications or forever hold your peace.

thanks,

-jon

Re: Formalize a QA Member role

[Jon Stevens <jo...@latchkey.com>]

on 1/17/01 9:46 PM, "Hans Bergsten" <ha...@gefionsoftware.com> wrote:

> I agree with the goal, but I think it's better to say something like this:
> 
> If a QA Member realizes that he/she can not perform the duties,
> he/she must announce this (to the Users list? to teh General list?) so
> that a new QA Member can be nominated and elected.

...this (to the tomcat-dev list and whatever other lists are relevant) so...

> That is a more fair distribution of responsibilities between the
> individual and the community IMHO.

+1

> I agree, I just copy/pasted from the Committer process. 2 months sounds
> okay.

+1

-jon

-- 
Honk if you love peace and quiet.