30 Sep
2020
30 Sep
'20
10:36 a.m.
Hello,
We're going ahead with this new process. For changes made since the last release (2.24.0 and corresponding updates to long-time support branches), the ChangeLog file will only record user-visible changes, and entries will not be used to credit contributors. We're updating ChangeLog.d/00README.md accordingly (https://github.com/ARMmbed/mbedtls/pull/3726).
--
Gilles Peskine
Mbed TLS developer
On 20/09/2020 23:41, Gilles Peskine via mbed-tls wrote:
> Hello,
>
> The Mbed TLS team is soliciting feedback on a proposed change of our
> contributor acknowledgement policy.
>
> Background: our current policy is to acknowledge all contributors who
> are not Arm employees in the ChangeLog files. This is a tradition that
> dates back from when the version control history of Mbed TLS (then
> PolarSSL) was not public.
>
> Proposed change: the ChangeLog file will no longer mention who
> contributed a patch (“Contributed by …”). A patch will require a
> ChangeLog entry only if it makes a user-visible changes, regardless of
> who contributed it. We will still credit reporters in the ChangeLog
> file, at least for security issues.
>
> Rationale: the ChangeLog file had a dual purpose: informing users, and
> acknowledging contributors. It will now have the single purpose of
> informing users. There are better ways of acknowledging contributors
> nowadays: the Git history is public, and your contributions are visible
> from your GitHub profile. (Note that we don't squash commits, and
> attempt to preserve authorship as much as possible when we have to
> rebase a patch.) Furthermore, writing a good ChangeLog entry often turns
> out to require some back-and-forth, so lessening this requirement will
> make it easier to accept contributions and to merge them faster (this is
> in fact our primary motivation for the change).
>
> We are also thinking of creating an acknowledgement page out-of-tree. It
> isn't clear yet what its scope would be, but it would include
> acknowledging contributions in the form of reviews, which we wish to
> encourage. (Please stay tuned for future announcements and discussions
> regarding the Mbed TLS review process.)
>
> Question to potential contributors, or people who have participated in
> other open-source projects: do you think that there is any value in
> keeping acknowledgements in a file that is distributed with Mbed TLS? Is
> there any value in maintaining an exhaustive list of contributors in a
> form other than the Git history?
>
> Best regards,
>
1514
days inactive
1514
days old
mbed-tls@lists.trustedfirmware.org
0 comments
participants
participants (1)
-
Gilles Peskine