On 24/04/2024 12:55, Andre Przywara wrote:
>
>> For sending other people patches, we could disagree. I stand that I
>> would not ever send incorrect patch intentionally.
>
> Sure, and the patch was not incorrect, I trust James that far, because I
> know him and talked to him about this patch and the process before.
>
>> Therefore reviewer's statement of oversight is entirely redundant as well.
>
> Maybe I missed that, but I don't see anything in the documentation that
> would support this statement. The "reviewer's statement of oversight"
> is only expressed by an explicit Reviewed-by: tag, it seems, and none of
> the other tags seem to include that. I would agree that authorship does,
> somewhat naturally, but I don't see that sending or SoB does.
If you send someone's patch, the patch must be correct to your best
knowledge. Therefore Reviewer's statement of oversight does not cover
anything more.
Otherwise such submitter of someone's patches must not be trusted.
>
>> I just cannot send
>> someone's patch without reviewing, thus without adhering to points
>> expressed by statement of oversight.
>
> As you mention elsewhere, this seems to be individual.
> I personally feel that this assumed "implicit review", given through
> the SoB tag or through sending, is weaker than an explicit Rb tag. I agree
> that by sending a patch from someone else I take some kind of
> responsibility for the patch, but in this case I wanted to express
You take full responsibility, not some.
> that I did a proper review of the patch, going beyond the usual process
> checks. Hence the reply with the R-b tag.
>
>>> independent from review. I mean I doubt that every maintainer sending
>>> patches up the chain (when they add their SoB) implies a *review*? Surely
>>
>> Yes, every. This applies to mass-maintainers, like netdev, Greg, Andrew etc.
>>
>> Every patch I apply to my subsystems is reviewed by me. I cannot do
>> else, because that is the requirement of maintainership.
>
> I don't see it that way, I guess many maintainers rely on (thorough)
> reviews from third parties, and just glance over each patch before
I also rely on reviews on other parties, but that does not mean I do not
perform review.
> sending? Doesn't mean that they can and do reviews, but I feel it's not a
> requirement to do so *yourself* for *every* patch?
Reviews are different. If someone trusted performs review, I can relax
and spend less time on it making less thorough review. It's still a review.
>
>> There are however maintainers (see i2c patches or Intel DRM) who accept
>> patches and do not review them. When they review, they provide
>> additional Rb tag + Sob. This is weird because it means when they accept
>> patch, they take it unreviewed! Their SoB does not imply reviewing patch
>> and this is in contrast to kernel process.
>>
>> BTW, Stephen Rothwell mentions this to every maintainer on adding their
>> tree to linux-next ("You will need to ensure that ... reviewed by you
>> (or another maintainer of your subsystem tree)").
>
> But this hints that there must be *some* review taking place, and it's the
> maintainer's responsibility to ensure this. But that doesn't mean that the
> maintainer cannot delegate? And then they would just forward patches
> reviewed by trusted people.
Yes, then can delegate to other maintainer, not to random person.
>
>>> they do agree on the patch (also typically expressed by an Ack), otherwise
>>> they wouldn't send it, but a "review" is still a different thing.
>>
>> IMO, this would mean such maintainers accept code which they do not
>> understand/review/care. They are just patch juggling monkeys who take
>> something and push it further without doing actual work.
>>
>> That's not how maintainership should look like. Maintainer must take
>> reviewed code and, if other maintainers do not review, then they must
>> perform it.
>
> Of course, but I feel this discussion goes into a different direction. I am
> not a maintainer for the sunxi tree, I am a mere messenger here,
> forwarding a patch. And I didn't think this implies an implicit review.
> A did an explicit one, to stress that I did look into the patch more
> thoroughly, and also because we are not exactly drowning in reviewers ;-)
>
>>> The Linux history has both Rb + SoB from the same person and just SoB
>>> signatures, so I assume that it's not implied.
>>
>> It depends on people. As I said, I2C and DRM provide Review tag. For me
>> this is silly and suggest that all my work, that 1000 patches I took,
>> was not reviewed.
>
> If you forward a thousand patches, I wouldn't expect you did review all of
> them *yourself*. This would be an almost impossible task, unless "review"
> just means something like: "uses tabs for indentation".
Obviously if someone forwards 1000 patches the review is much shallower,
less careful. To which extend? It's individual. Now go to several
patches for netdev and USB, from less trusted sources, which did not
receive other reviews and look for answers. You might see really
diligent review.
>
>>>> And you have there SoB which indicates you sent it...
>>>
>>> Yes, but SoB just means I sign off on the legal aspects: that I got the
>>> patches legally, compliant with the GPL, and that I am fine with and
>>> allowed to release them under GPL conditions.
>>> That does not include any code review aspect, AFAICT.
>>
>> So you want to say, that you are fine in sending intentionally buggy
>> code, knowingly incorrect, because your SoB and your "git send-email"
>> does not mean you reviewed it?
>
> Where did I claim that? Of course I would not send intentionally buggy
> code, and of course I did some high level checking of the patch before I
> attached my name to it. But to me this is still different from a proper
> "review", hence my reply.
You did not say that. I am here merely twisting the concept to border
case to show the point.
If you send someone's patch and add Review tag, what does it mean? That
you reviewed this code, so to your best knowledge it is good.
If you send someone's patch and did not add Review tag, what does it
mean? That you did not reviewed this code? So whatever is in the code is
okay? How such case should be understood.
If we take such approach, we must never trust submitters of someone's
else patches, unless they provide review tag. Without review tag, that
person does not take responsibility of that patch.
And that's just not the process which is in practice.
Best regards,
Krzysztof
