A FOSS tale in 3 acts
Act 1:
Maintainer of popular project from large company (name rhymes with froogle) opens a bug report on one of my smaller libraries, mentioning their project is considering using my lib.
Yay, great news! 🎉Love my code being used on larger tools!
(🧵 thread)
Act 2:
Said maintainer sends huge PR fixing that bug plus changing ALL THE THINGS. Some bugfixes, some just to introduce different tooling.
Yay, great news! 🎉 They want to contribute back!
As I always do when reviewing a PR, I start by thanking them for their contribution. I then kindly ask them to split the PR in more manageable chunks so they can be reviewed and/or merged independently.
All pretty standard in open source.
Act 3:
A few hours later, I get this email, basically saying it's too much hassle to follow typical open source etiquette and that I should either hand over the project to them, or they'll just maintain their own fork.
Of course it's within their rights to maintain their own fork. Forks are great, and the only way forwards for abandoned codebases, or an entirely different direction.
But what I love about open source is when we all work on something together and contribute to a common project.
Maintaining your own fork when the maintainer is generally happy to merge in PRs, just because you can't be bothered to send proper PRs upstream is just …not very nice. 😕
Update: This story does have a happy ending!
Apparently this blew up internally and several of his colleagues explained to him that this is not appropriate conduct.
He wrote back to apologize, and is now sending several smaller PRs, which I've so far been merging.
I think I'll add him as collaborator soon, organically, like I do with everyone that has several substantive merged PRs. 😊
@tcannonfodder @leaverou "maintain a fork"... Bro's gonna apply the patch, disable the tests make a single release to their internal packing mirror using the same name as your package and then switch teams, leaving no docs and meaning every dev on that team in the future is going report bugs in his fork on your project
Even if you put "I don't work on team xxx" in your bug report template you'll still get your queue filled with possibility automated bug reports
It's also a fun way to introduce tons of future breaking changes and maintenance nightmares for whoever gets stuck dealing with what's using the fork.
Loads of fun for everyone.
@iamdtms Nearly all of my projects are MIT license. Forking is perfectly fine with most (all?) OSS licenses.
Being an asshole is not generally illegal. 🤷🏽♀️
@leaverou Yikes. Very "my way or the high way" despite this being your project.
Also I'm sorry for being nosy but I got curious and… they threw TypeScript refactor in there? Really?? 😅
GitHub's code review interface is bad. It's horrible. Surely it could be worse, and probably some people learned to love it because they're stuck with it, but it's still a lot of pain for me to use compared to Froogle internal tools.
That's why you need to split stacked commits in several PRs in GitHub. To keep each PR focused on single narrow topic with few comments, so that fix-up commits stay in the same PR and you can easily view the diff between each review round.
For someone used to Froogle tools, this makes no sense. If they have never reviewed a (large) PR on GitHub, they have no idea how painful it is. With a better review system, you can just comment on each *commit* of a single PR, as if they were independent PRs, use `git commit --amend` for fixing up review comments, and the system keeps track of things neatly for you, allowing you to see the diff of each amended commit individually. That's how Gerrit works: https://www.gerritcodereview.com/
@leaverou That's the missing part in your initial screenshot: yes, that have changed ~10k lines at once, but they did so in 14 commits. And it's possible they didn't realize that something that would be a routine review in a better-designed system is intractable in Github's.
(Full disclosure: I left Froogle2 years ago, don't know the author of the PR nor their team. And again I don't understand the last part of their email. I'm just trying to offer perspective in the hope of collaboration.)
@GabrielKerneis Thanks for the background.
GitHub does allow you to review individual commits too these days. But the point about not being able to merge them at different speeds (or not merge some at all) still applies, right?
Also, reviewing commits is the wrong level of granularity, unless the requester has carefully gone through the log and squashed.
@leaverou You cannot really comment on each commit in GitHub: you can view them individually, but the comment is attached to the PR, not the commit, and there is no notion of commit identity that would survive `git commit --amend`. That's why reviewing at the commit level feels the bad granularity. But it's the common level of granularity for Linux for instance, that does reviews by email, or for projects using Gerrit as a review system.
Eg. see the "relation chain" on https://fuchsia-review.googlesource.com/c/fuchsia/+/316985
@leaverou And note the "patchset" drop-down that allows you to see iterations of the commit (basically one patchset for every "git push"). So you can compare any file at any specific point during the review, eg. between patchset 17 and 34 : https://fuchsia-review.googlesource.com/c/fuchsia/+/316985/17..34/src/ledger/bin/storage/impl/page_storage_impl.h
Green/Red are diffs with actual changes from this commit. Yellow/Blue are diffs due to a `git rebase` in between those patchsets.
@GabrielKerneis So the intended workflow is that you continuously force push and rewrite history in that branch, and comments survive this, then when the PR is merged you rebase that polished commit log? Fascinating.
But still, how do you decide to only merge some of the changes?
@leaverou The docs don't cover those topics exactly, but they are nice entry points:
- https://gerrit-review.googlesource.com/Documentation/intro-gerrit-walkthrough-github.html
- https://gerrit-review.googlesource.com/Documentation/intro-user.html#multiple-features
And you can apparently configure "cherry-pick" as a merge strategy for your project, but it'd be very error-prone in my opinion (you need to remember to merge in the right order): https://gerrit-review.googlesource.com/Documentation/config-project-config.html#cherry_pick
@GabrielKerneis @leaverou to split hairs here, you can't split a pr without breaking your changes down into separate commits because you need a commit per PR.
If one wanted to allow the author to choose which fixes they want that can be achieved by having the "rewrite to type script" commit as the first commit in each of the other bug fix PRs, making them individually mergable.
(or talk to the owner before writing a bunch of code predicated on a change that might not be accepted)
@GabrielKerneis @leaverou In a case like this it might make sense for the PR to become the next major release?
I don't maintain anything public (not because of this, but in part because I've seen things like this at places I've worked) so I'm betting there are consequences for having a rewrite on either side of a support horizon
@leaverou @GabrielKerneis I am sure a lot of them are.
I do often find myself paired with someone who half-jokingly suggests following the "fix it later" methodology, only to gleefully plow ahead when I point out that submitting a PR with tests and adding a temp work around to the app is both less work short term and less cursed long term
You know, the old "oh, why do we depend-exact-version on a version of libxxx from 1997?" or "Is this just the whole of X::Y pasted in here"?
@leaverou I’ve seen corporations suck the very life out of FOSS, and I tend to avoid doing anything adjacent to certain corporation in my areas of interest.
It’s also fairly sad they didn’t even both to work with you. What’s worse, they likely wouldn’t have done any sponsoring, even if you had acquiesced to their massive PR demand.
@leaverou That company's engineering culture seems to have quite a few strengths, but collaborating with anybody or any FLOSS project outside the corporate fence isn't it. This seems to be largely rooted in having totally different tooling for QA available that just would not make sense outside. Just imagine being able to use tools to automatically add security patches to code maintained by other teams – while being confident that nothing will break because a large build/testing infrastructure would tell you about regressions…
I have had the "pleasure" of trying to contribute to "open source" projects where new code from within that company was simply thrown over the fence every few weeks or months. Try rebasing patchsets and discussing improvements when the entire code base is turned inside-out and reformatted on a regular basis… But then, there have been other projects from within the same company where collaboration has worked nicely for me over many years.
That engineer probably means well and has simply forgotten what life was like on the outside. ;-) Stay polite, just like you did in your answer to their PR. If they can't be bothered to contribute on your terms, let them seek happiness with their fork/rewrite. I'd suggest that they rename the forked project to avoid confusion for their colleagues, though.
John Carroll
Lea Verou, PhD
Melanie
Sandor Szücs
Thomas Cannon
EndlessMason
🐡🏳️🌈
jr conlin —〰—
Dan Burzo
Sara Joy 
iamdtms
Rick Rae
Hilko Bengen
Christopher Kirk-Nielsen
otsch (Christian Olear)
Jason Levine
Ьλ∂λ
AlisonW ♿🏳️🌈♾️
Brendan Hayward
2¢
Gabriel Kerneis
shironeko
Arne Brasseur
Sheogorath
David Beazley
hrbrmstr 🇺🇦 🇬🇱 🇨🇦
Jeremy Kun