[Microbit-Python] Open sourcing the code

Nicholas H.Tollervey ntoll at ntoll.org
Wed Oct 21 00:55:36 CEST 2015 

Hi Folks,

I'm still mid-answering emails after today's announcement.

My 2c - I think the biggest blocker will be the BBC. Basically, they
have lawyers and infosec people who want to audit / know who is
responsible for the code. They are (quite rightly) concerned with who
has access to the code given that it's such a high profile project for
the BBC. A high profile project that includes children. There are all
sorts of onerous ramifications if things go wrong. Having some trusted
gatekeepers helps our cause in this respect: and I agree that trust goes
a long way - but these are lawyers we're dealing with here... ;-)

Ergo how about the following middle ground..?

Those people who had push rights on this list can have them re-installed
if they want them. We appease the BBC because you've already been "let
in", as it were, to the circle of trust. This would certainly help
mitigate against a low bus factor.

Henceforth, if new people want push rights they'll need to prove they
are legitimate, capable and ethical contributors.

Does that make sense? (It may not, because I've been up since 5am and I
still have 10 emails to reply to and I'm feeling a bit frazzled at the
moment).

As always, I'm more than happy to discuss any/all of the above and move
forward in a way so that we achieve a consensus that everyone is happy
with.

Comments, constructive critique and good ideas are most welcome!

Best wishes,

N.

On 20/10/15 23:43, Damien George wrote:
> Hi Mark,
> 
> I think everyone has their own way of using github in a collaborative
> way.  For example, in MicroPython (upstream) we have 3 people with
> push rights and we trust each other to just push changes they consider
> minor, and put larger changes up as a PR for comment/review.  Usually
> then it is the author that merges their own PR after taking feedback.
> We find this works very well (we have CI to keep us honest) and means
> we can move very fast with updates and features.
> 
> I'm happy to use a different work-flow for the microbit, and certainly
> happy to have you (and others) with push rights.  But we need
> Nicholas' input here regarding the administration side of things.
> 
> Cheers,
> Damien.
> 
> 
> 
> On Tue, Oct 20, 2015 at 11:29 PM, Mark Shannon <mark at hotpy.org> wrote:
>> Hi Damien,
>>
>> The way GitHub works is that in order to review and then merge code, the
>> reviewer needs push rights.
>>
>> As I said, I don't think anyone should merge their own code.
>> Ideally all code gets reviewed and merged by someone other than the author,
>> after all we can all make mistakes.
>> But to do that, you need to give more people push access.
>>
>> A bit of trust goes a long way.
>>
>> Cheers,
>> Mark.
>>
>>
>>
>> On 20/10/15 23:21, Damien George wrote:
>>>
>>> Hi Mark,
>>>
>>> We can't have too flat a hierarchy because then we'd lose control.
>>> Who/what do you mean by "most" in "most people should have push
>>> access"?
>>>
>>> The great thing about git(hub) is that anyone can clone the repo and
>>> hack on it themselves, without concent from the original
>>> author(s)/owner(s).  And then they can use such firmware on their
>>> microbit.
>>>
>>> Also, the real issue here is that the firmware generated from
>>> bbcmicrobit/micropython will be the firmware that kids use, and so it
>>> needs strict control as to what is commited.  That's going to be the
>>> controlling factor when it comes to push rights.
>>>
>>> Cheers,
>>> Damien.
>>>
>>>
>>>
>>>
>>> On Tue, Oct 20, 2015 at 7:34 PM, Mark Shannon <mark at hotpy.org> wrote:
>>>>
>>>>
>>>>
>>>> On 20/10/15 08:46, Nicholas H.Tollervey wrote:
>>>>>
>>>>>
>>>>> Hi Folks,
>>>>>
>>>>> We're very please that the BBC have finally allowed us to open source
>>>>> our repos. As a result we're going to have to change the permissions on
>>>>> it now that it's vaguely public.
>>>>>
>>>>> The new repository is here:
>>>>>
>>>>> https://github.com/bbcmicrobit/micropython
>>>>>
>>>>> Its hosted under the auspices of the BBC because that gives us
>>>>> legitimacy and acknowledges we're actually part of the "official"
>>>>> micro:bit effort (which we've always been, but because of NDA have been
>>>>> unable to talk about).
>>>>>
>>>>> Damien has announced MicroPython's involvement in the project here:
>>>>>
>>>>> http://forum.micropython.org/viewtopic.php?f=8&t=1042
>>>>>
>>>>> I have blogged the historical context here:
>>>>>
>>>>> http://ntoll.org/article/story-micropython-on-microbit
>>>>>
>>>>> I'll be submitting something to tech news places later. Here's hoping
>>>>> people get interested. As a starter, here's the link to my submission on
>>>>> Hacker News:
>>>>>
>>>>> https://news.ycombinator.com/item?id=10417919
>>>>>
>>>>> Please up-vote..!
>>>>>
>>>>> Because we're now "open" we're going to use the standard GitHub
>>>>> fork->branch->PR methodology that people are used to.
>>>>
>>>>
>>>>
>>>> Aren't we already doing that?
>>>>
>>>> Ergo, we're going
>>>>>
>>>>>
>>>>> to revoke push access for everyone except for Damien (and probably me as
>>>>> backup) - who will act as official gatekeeper.
>>>>
>>>>
>>>>
>>>> Given that this is a nominally a BBC and/or PSF project (please correct
>>>> me
>>>> if I'm wrong) wouldn't be better if we had a flatter hierarchy.
>>>> What I would suggest is that most people should have push access, but
>>>> that
>>>> everyone (including Damien and yourself) should submit PRs which are then
>>>> merged by the reviewer.
>>>> That way all code gets at least two pairs of eyes on it before it is
>>>> merged.
>>>>
>>>> I'm happy to review any PRs.
>>>>
>>>>>
>>>>> Please fork the repos!
>>>>>
>>>>> If this is a real pain in the neck for you we'll re-add you if you let
>>>>> us know.
>>>>>
>>>>> Best wishes,
>>>>>
>>>>> Nicholas.
>>>>>
>>>>
>>>> Cheers,
>>>> Mark.
>>>> _______________________________________________
>>>> Microbit mailing list
>>>> Microbit at python.org
>>>> https://mail.python.org/mailman/listinfo/microbit
>>>
>>> _______________________________________________
>>> Microbit mailing list
>>> Microbit at python.org
>>> https://mail.python.org/mailman/listinfo/microbit
>>>
>> _______________________________________________
>> Microbit mailing list
>> Microbit at python.org
>> https://mail.python.org/mailman/listinfo/microbit
> _______________________________________________
> Microbit mailing list
> Microbit at python.org
> https://mail.python.org/mailman/listinfo/microbit
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <https://mail.python.org/mailman/private/microbit/attachments/20151020/4779fc11/attachment.sig>

More information about the Microbit mailing list