IRC logs for #trustable for Monday, 2017-01-09

*** LaurenceUrhegyi ( has joined #trustable07:58
*** sambishop ( has joined #trustable08:35
*** ctbruce ( has joined #trustable08:46
*** toscalix (~toscalix@ has joined #trustable09:09
*** brlogger (~supybot@ has joined #trustable09:22
*** brlogger (~supybot@ has quit (Read error: Connection reset by peer)09:34
*** brlogger (~supybot@ has joined #trustable09:36
*** brlogger (~supybot@ has quit (Read error: Connection reset by peer)09:46
*** brlogger (~supybot@ has joined #trustable09:48
*** tiagogomes ( has joined #trustable09:48
*** brlogger (~supybot@ has quit (Read error: Connection reset by peer)09:54
jmacsLaurenceUrhegyi: Is there a setting for the mailing list that causes all the 'From' addresses to be instead of the sender's name?10:08
jmacsIt's a bit difficult to tell who's who in my client10:09
LaurenceUrhegyijmacs: not that I know of. For me, they appear as 'Laurence Urhegyi via C-safe-secure-studygroup' (for example). I shall have a look though. 10:12
LaurenceUrhegyiThere's an option to: Hide the sender of a message, replacing it with the list address (Removes From, Sender and Reply-To fields).10:22
LaurenceUrhegyiBut it's set as 'No'10:22
LaurenceUrhegyiI assume you don't have this issue with other mailing lists, using the same client?10:22
jmacsNo, your messages from trustable-software appear to be from you10:23
rjekThat setting is to work around people who can't run a mail server properly. 10:25
rjekIt surprised me that it is enabled on these lists10:25
LaurenceUrhegyiwhat setting? 10:26
*** tiagogomes ( has quit (Remote host closed the connection)10:27
rjekMunge the from address10:27
jmacsMunge it from what to what? I don't know in which direction you're arguing.10:28
*** sambishop ( has quit (Ping timeout: 240 seconds)10:29
LaurenceUrhegyirjek: that setting was recommended to me by dp, since it could be a useful 'hack' for anyone who who outsources their email to Gmail or Outlook 10:30
LaurenceUrhegyijmacs: the setting which I believe rjek is referencing is: Replace the From: header address with the list's posting address to mitigate issues stemming from the original From: domain's DMARC or similar policies. 10:31
rjekUnneeded unless somebody has misconfigured their hosted gmail10:31
rjekAnd just causes confusion 10:31
rjekThere are a handful of misguided organisations for which it is needed, but I really wouldn't turn it on unless one of them joins on10:32
-andrewleeming_ is now known as leeming10:32
jmacsI really have no idea what you're talking about now, but emails from c-safe-secure all come from, and on every other mailing list I'm on, they come from the sender themselves10:33
LaurenceUrhegyiConfusing indeed. I have turned it off now, as I don't think any 'misguided organisations' are on the list. 10:33
rjekAnd then I'd recommend they fix their email instead10:33
LaurenceUrhegyijmacs: I'll be posting to the list later, see if there's any difference10:33
rjekjmacs: the problem is some organisations block mail with a from header claiming to be their domain from an ip that is not theirs10:34
jmacsI'm still unclear as to which behaviour you think is correct10:35
chrispolinOn my client, they appear as '<sender> via C-safe-secure-studygroup'10:36
jmacsThe full From line is From: Martin Sebor via C-safe-secure-studygroup10:36
jmacs <>10:36
chrispolinAh sorry, yes. Me too.10:37
LaurenceUrhegyiI had it set as 'munge from' on the setting I posted at 10:3110:37
LaurenceUrhegyiAnyway, hopefully sorted now10:37
LaurenceUrhegyiSo, onto something else....I mentioned last week I'd been working on an 'Idiot's Guide' to Trustable - I've now completed the first draft, barring a few sections which I haven't had a chance to do yet (I've also changed it to be called the 'Introductory Guide to Trustable') 10:38
LaurenceUrhegyiWhich is here:
LaurenceUrhegyiIt's an attempt to introduce someone with little to no prior knowledge to the project to the key aspects of Trustable.10:38
LaurenceUrhegyiI still need to work on:10:38
LaurenceUrhegyiTrustable Software Workflow10:38
LaurenceUrhegyiOpen Control10:38
LaurenceUrhegyiGit Audit10:38
LaurenceUrhegyiIf anyone has a chance to review it this week then that'd be really helpful. It's become a little longer than I had anticipated, but it tries to be comprehensive whilst giving the relevant background and context, which is not a trivial task.10:39
LaurenceUrhegyiIf I could request that you use the comments function rather than editing the text itself. 10:39
jmacsPlease don't put git-audit in it10:39
LaurenceUrhegyiwhy not?10:40
jmacsIt's a throwaway tool I wrote in 4 hours as a proof of concept10:42
jmacsIt's not meant to be used in anger10:42
*** sambishop ( has joined #trustable10:47
*** tiagogomes ( has joined #trustable10:47
LaurenceUrhegyiI think it should still be in there. It'll just be an introduction to the principles of the tool, and how they fit into the TSW.10:51
jmacsAs long as it's described in that context, that's fine10:52
LaurenceUrhegyiThat's the plan. The idea is just to introduce each topic we've focused on to someone who hasn't been involved in the project. 10:54
*** sambishop ( has quit (Ping timeout: 258 seconds)10:58
LaurenceUrhegyipaulsherwood: Is there any news from FOSDEM re your talk? 11:01
LaurenceUrhegyijmacs: I know the other submission, for the breakout room (if that's what it was called), was turned down. Did they give a reason? Was it full?11:02
jmacs35 submissions and only room for 7-9 apparently11:06
jmacsThat was for the testing and automation dev room11:06
*** toscalix (~toscalix@ has quit (Quit: Konversation terminated!)11:09
*** toscalix (~toscalix@ has joined #trustable11:11
*** toscalix (~toscalix@ has quit (Read error: Connection reset by peer)11:11
*** toscalix (~toscalix@ has joined #trustable11:11
paulsherwoodLaurenceUrhegyi: talk was rejected11:18
*** sambishop ( has joined #trustable11:21
*** mdunford ( has quit (Ping timeout: 272 seconds)12:01
*** mdunford ( has joined #trustable12:19
paulsherwoodLaurenceUrhegyi: thanks for the minutes. can i suggest, though, that you reformat them as an email and send to the list?13:39
-*- paulsherwood notices
-*- paulsherwood doesn't think we need to rely on google for this content13:41
LaurenceUrhegyipaulsherwood: fine by me, sure.14:07
*** LaurenceUrhegyi ( has quit (Ping timeout: 240 seconds)14:33
*** LaurenceUrhegyi ( has joined #trustable14:34
*** brlogger (~supybot@ has joined #trustable16:25
*** brlogger (~supybot@ has quit (Read error: Connection reset by peer)16:42
*** brlogger (~supybot@ has joined #trustable16:43
*** AlisonChaiken (~alison@ has joined #trustable16:46
*** brlogger (~supybot@ has quit (Read error: Connection reset by peer)17:04
*** brlogger (~supybot@ has joined #trustable17:08
*** brlogger (~supybot@ has quit (Read error: Connection reset by peer)17:13
*** brlogger` (~supybot@ has joined #trustable17:13
pedroalvarezI believe that brlogger is stable now17:51
pedroalvarezI've recovered logs for previous days17:51
pedroalvarezapologies for this, and for the noise caused :)17:51
persiapedroalvarez: Thank you for your work on brlogger.  Having reliable logs is very much appreciated.17:52
*** mdunford has quit IRC17:55
*** ctbruce has quit IRC17:58
jmacs is what I have on review metadata at the moment. Most of the git-candidate investigation turned out to be more relevant to gerrit so it's in that section.18:01
jmacsI'll add it to the list of pages if there are no objections overnight18:02
*** mdunford has joined #trustable18:07
*** toscalix has quit IRC18:35
persiajmacs: I wonder if it is worth considering the storage of information about multiple revisions of a candidate in each of the review systems.18:47
persia(including rebases)18:47
persiaI don't know about gitlab, but I suspect there is an API.  Most of the gerrit users I interact with use API clients such as git-review and gertty for reviews, rather than the web UI.18:48
*** LaurenceUrhegyi has quit IRC18:49
persiaIn another freenode channel, I've also seen the assertion "git-series is for contributors, git-appraise more for reviewers" as part of a discussion about selecting appropriate tools to track project changes as the project matures.18:50
persiaAnyway, I think it is worth adding this to the list of pages: the core content expressed is more useful than specific  addressing of any of my notes.18:53
persiaOn another subject, I think we've done ourselves a disservice with the TrustableSoftwareWorkflow diagram.  Reading through, I think mixing different UML diagrams served to confuse more than illuminate.18:54
persiaI find myself agreeing with many of the diagram critiques (actor roles unspecified, desire for sequence diagrams, etc.), but thinking that some of the core ideas (e.g. generation of compliance documentation for each candidate revision of anything) were not clear.18:56
* persia hopes that some User Stories will be a better platform to discuss who does what, and how, in the hopes of achieving consensus18:57
persiaLooking more at the git-candidate codebase, I think it contains more metainformation than gerrit, as git-candidate seems to permit cover letters and patchsets, whereas gerrit only manages patches (potentially with other patches as parents, but no explicit series support), and no cover letters.19:14
jmacsThanks persia; git-appraise is one I hadn't heard of21:23
persiaI'm not a particular fan, but it's a reasonable implementation of a solution to the problem, in go.  Adoption appears low.21:24
persia is yet another solutiion, providing some additional benefits over a raw mailing list.21:25
persiaOne of the things that bothers me about git-appraise is that it attempts to categorise and distinguish all the potential classes of review (CI vs. analysis vs. discuss).  I'm not confident there is enough noticeable differences between humans and robots that such distinctions help especially  (or maybe I don't really like the idea of encoding roles in the metadata representation vs. interpolating roles from the identities and timestamps in the21:34
jmacsNo, I don't think I see the need for that distinction either21:35
persiaI've also heard second-hand comments that Phabricator is a good review platform, although I know nothing about it.  If you're looking to be comprehensive, it may be worth finding a Phabricator-using project and looking at their workflow.  I believe it stores metadata in a backend DB, and I believe the API only provides limited access to internals, but both of those datapoints are hearsay.21:38
persiaI believe github and gitlab are similar enough to not need duplicate review, but I've only used them for hosting, so may be mistaken.21:39

Generated by 2.14.0 by Marius Gedminas - find it at!