[zeromq-dev] CZMQ community & red cards

Benjamin benjamin.l.cordes at gmail.com
Thu Oct 16 17:37:54 CEST 2014

For me, "misleading" and "hiding" are quite strong words, and griwes
rant did not help.

Linus has some strong views about Github which are related to your
points, especially how pull requests work [1]. But that's more of a
Github issue in general. In the end you need many people actively
engaged in checking code, right? So in that case checking the source
code changes (on the level commits or PR's?)


On Thu, Oct 16, 2014 at 4:58 PM, Goswin von Brederlow <goswin-v-b at web.de> wrote:
> On Thu, Oct 16, 2014 at 03:24:16PM +0200, Benjamin wrote:
>> Hi Pieter,
>> I'm a lurker here on the mailing list. Thanks for all the phantastic
>> work. Two quick comments: mrvn implied you're misleading people? that
> I don't imply that Pieter is misleading anyone. The pull title is
> misleading, not the person. This is in no way a reflection on any
> person or an accusation or disrespect.
>> makes little sense. What griwes had to say about this, I don't
>> understand either. I've never seen a project which is better
>> documented, so his comments are unfair. I think the confusion came
>> from the naming of pull requests versus the naming of commits.
> The problem is this:
> In my inbox, like everyone following pull requests, I get a mail about
> the pull request. The mails subject is Documentation changes. The
> body shows me a list of 97 changed files, 1678 insertions and 1533
> delection. According to the subject it is documentation changes and
> all I see at first glance is files in doc/ being changed. So I think:
> A harmless commit that changes documentation. Nothing that could
> possibly break code or add amazing new features that I always wanted
> to have.
> But uppon closer examination one also sees that include/zmsg.h and
> src/zmsg.c are changed, adding 20 lines for one new function. That
> tiny change of the code is easily overlooked because it is hidden by
> all the other changes. I'm in no way saying Pieter is purposefully
> hiding that code or any other malicious intent. The code is not wrong
> or bad at all. All I'm saying is that it gets hard to spot, easily
> missed. The signal-to-noise ratio of 20 lines vs >3000 is just to low.
> The pull requests title misleads one into thinking the request has no
> code changes and the list of files changed seems to confirm that until
> one takes a close enough look. It's the first time, that I noticed,
> that a pull request fixes two problems in a single request.
> Also consider this: In other projects people have made similar changes
> under similary neutral titels, adding just a tiny fix for something
> among a lot of other harmless stuff. And next you know ssh-keygen only
> uses the PID as only source of entropy, allowing for only 65536
> different ssh keys to be possible and you have a security nightmare.
> Again I'm not saying that Pieter is doing any of that on purpose, not
> even accidentally in this case. But by combining two issues into one
> pull requests the code change gets less notice than it deserves. It
> greatly decreases the number of eyes looking at the new code
> esspecially because most people skip documentation changes. Accidents
> happen and this kind of pull request makes them hard to spot.
>> Regards,
>> Benjamin
>> On Thu, Oct 16, 2014 at 2:58 PM, Pieter Hintjens <ph at imatix.com> wrote:
>> > Sorry... this is the last thread: https://github.com/zeromq/czmq/pull/733
>> >
>> > Related older threads from CZMQ:
>> >
>> > - https://github.com/zeromq/czmq/pull/725
>> > - https://github.com/zeromq/czmq/pull/673
>> >
>> > Also at least one long and confused thread on this group.
>> >
>> > -Pieter
>> >
>> > On Thu, Oct 16, 2014 at 2:15 PM,  <rf at q-leap.de> wrote:
>> >>>>>>> "PH" ==  Pieter Hintjens <ph at imatix.com> writes:
>> >>
>> >> Hi Pieter,
>> >>
>> >>     PH> I'd like to get feedback on a thread[1] regarding what I
>> >>     PH> consider to be unacceptable behavior from a CZMQ contributor.
>> >>
>> >> you forgot to add the reference ([1]) to this thread. Could you please
>> >> send it as well?
>> >>
>> >> Thanks,
>> >>
>> >> Roland
> MfG
>         Goswin

More information about the zeromq-dev mailing list