[csw-maintainers] (now about sudo)

Maciej (Matchek) Blizinski maciej at opencsw.org
Fri Jan 29 15:19:45 CET 2010 

On Thu, Jan 28, 2010 at 8:00 PM, Dagobert Michelsen <dam at opencsw.org> wrote:
> Hi folks,
>
> Am 16.12.2009 um 00:00 schrieb Sebastian Kayser:
>>
>> Philip Brown wrote on 15.12.2009 22:12:
>>>
>>> On Tue, Dec 15, 2009 at 12:57 PM, Maciej (Matchek) Blizinski
>>> <maciej at opencsw.org> wrote:
>>>>
>>>> On Tue, Dec 15, 2009 at 4:45 PM, Philip Brown <phil at bolthole.com> wrote:
>>>>>
>>>>> there is at least ONE "known bug", that you havent fixed: perms on
>>>>> sudo_ldap.
>>>>> please fix that.
>>>>
>>>> I'll pass for now.  I'm offering only the version bump.
>>>
>>> It's a trivial change. one line in the prototype file.  I wont accept
>>> the packages until you fix it.
>>
>> It's not about "the one prototype line".
>
> I am a bit puzzled here: If it is just one changed line, Maciej,
> why don't you simply fix it? Or is there anything else going on
> here I don't understand?

There is.  Here goes one more long e-mail from me.

Remember one of the first scenes in The Matrix[1]?

Agent Smith: Lieutenant?
Lieutenant: Oh shit.
Agent Smith: Lieutenant, you were given specific orders --
Lieutenant: I'm just doing my job.  You gimme that Juris-my dick-tion
and you can cram it up your ass.

Agent Smith was right, the police couldn't handle this one little
girl.  But he wasn't doing a good job at establishing a good
relationship with the lieutenant.  Perhaps he didn't need to.  But
I'll get to that later.

The initial problem with sudo was that a combination of an old enough
version of CSWsudo and the way pkg-get upgrades packages (doesn't
remove all the dependencies before installing new packages) resulted
in a missing /opt/csw/bin/sudo.  I wrote a fix and distributed it to
my Solaris fleet at work.  I believe that sharing my work with others
is the right thing to do, so I spent some time explaining the failure
mode in the butracking system[2] so that the maintainer could fix the
problem.  Soon enough it turned out that the sudo maintainer is on
sabbatical.  OK, this was more that I initially intended to do, but I
decided to move forward and deliver a fix to the project.  I submitted
my code to the repository, and rebuilt the sudo and sudo_common
packages.  Phil didn't accept my fix.  He started coming up with
failure modes which involved sudo_ldap, an alternative version of
sudo.  The failure modes he presented didn't look very convincing to
me, mainly because they involved modifications of paths controlled
directly by packages / pkgmap files.  The main premise was that
sudo_ldap is a working alternative to sudo, and can be installed at
the same time.  Phil suggested writing a postinstall script which
would try to guess what to do about symlinks - what to do if sudo_ldap
is there, what to do if it's not, etc.  I didn't agree that it was a
good solution.

All these arguments were under the premise that sudo_ldap is a working
package.  When I discovered that the sudo.ldap binary wasn't setuid
root, Phil wanted me to fix it.  It was out of the scope of what I
intended to fix, so I opened a bug in mantis[3] in so that the problem
isn't forgotten, and said that I don't want to extend the scope of my
work.  There was only one specific bug I intended to fix.

I maintain that sudo_ldap is a work in progress, it's not a finished
solution, and it's unlikely that anybody actually uses it.  And if
anybody does, there's a number things that they have to be aware of
and fix after the installation and each upgrade, so they probably
don't expect an upgraded package to work out of the box.

But Phil insisted.  OK, again I decided to go beyond what I initially
intended, and solve the problem of alternative binaries in a proper
way.  Delivering hackish postinstall scripts sounds like a bad idea,
so if sudo and sudo_ldap are to be used as alternatives, there needs
to be an alternatives system in place.  I packaged up Debian's
solution.  You can argue that this package is not perfect, but it's
there and it can get the job done.  I offered the alternatives
package.   It was rejected.

In the meantime, a new version of sudo was released.  Already bitter
about the whole thing, I gritted my teeth and packaged the upgrade.
Since sudo_ldap should get an upgrade as well, I packaged it up too.
But I didn't want to fix the sudo_ldap package.

Mind you, a short time before that, Phil has rejected my work on a
solution to a problem that he imposed on me in the first place.
There's only so much I can be pushed around like this.  Working
sudo_ldap is a premise for arguments that make my life difficult, I'm
not going to have my hand in making it come true.

The sudo_ldap non-fix was a test.  Phil could have said: "fair enough,
you fix one thing, the other thing at least doesn't get any worse,
perhaps you can do it at later time".  If he did, I'd be quite likely
to go back to sudo_ldap after the alternatives issue gets resolved
(because it's a dependency).  But instead he said "Fix this now or
else!"

I agree that it's something that needs to be eventually fixed.  But
I'm not going to fix it because there's pressure inflicted on me.  In
circumstances like this, inflicting pressure on me is a guarantee that
I'm not going to touch the damn thing.  I'm sorry, I'm not going to
work like this.

What I'm doing might seem like an overreaction, but it's not the only
issue I'm having with Phil.  There has been a number of occasions at
which Phil has collected bad karma.  Here are some examples:

* website html code update:  I wanted to offer an update to the
website.  There already has been an argument about the website source
code, in which Phil insisted on not submitting the HTML code to the
repository.  I gritted my teeth, copied the files, modified them and
sent Phil a patch.  Instead of just taking the patch and applying it,
Phil pushed back, telling me to send the whole file and point him at a
live instance of the modified page.  I did that.  When he looked into
the directory and saw that the whole web directory has been copied, he
started lecturing me that it was messy, and I should have copied only
what was necessary.  Not using source control, not accepting a
patch... and lecturing me about messiness.

* lecturing me about how open source works: I started working on a web
app to display package / maintainer information.  When I wrote about
what I intended to do, Phil started giving me a lecture about how the
development in open source works[4].  Until today, I don't know what
was the intention behind this e-mail, was it to educate me, or rebuke
me (by implying that I don't know certain things and have to be
taught), or was it something else.

* database update rejection: I offered a package database update, that
I needed to use the db from Django.  It was backwards compatible.  I
offered a complete SQL script, doing a backup of the affected tables.
There was also code to roll the changes back if anything went wrong.
It was rejected, and the comment I received in private is that Phil
doesn't have time to read other people's code.  Then he started
lecturing me about how I should go and fix Django.

* rxvt-unicode rejection: I've built it on Solaris 10; it wouldn't
compile on Solaris 8 or 9.  The package was rejected.  I understand
that certain packages, such as libraries need to be compiled on
Solaris 8.  But this is a terminal emulator which differs from xterm
basically only in the capability of displaying unicode characters.
How is it important to build it on Solaris 8, I don't understand.  It
still sits in testing/ and each time I do ls -l /home/testing | grep
maciej, I see it and it makes me sad.


There are also constant smaller issues such as yelling in e-mail and
unreasonable arguments in discussions ("I don't use autocompletion").

Back to the Matrix analogy: Perhaps Phil, just like Agent Smith,
understands more and has reasons to do what he does, but in either
case I'm not going to submit to "You were given specific orders."  I
needed to draw a line somewhere, and sudo_ldap is my line.

I don't know whether it's just one core issue that led to the current
situation, or is it only an unfortunate combination of reckless use of
language in e-mails, annoying technical issues, and our past
experiences.  I think that most probably Phil means well, and I know I
do too.  But I've experienced a lot of things I didn't like.  They
make me sad and bitter, and I don't want to be sad nor bitter.  I want
to work on solving technical problems with like-minded individuals and
be happy.

Maciej

[1] http://www.imsdb.com/scripts/Matrix,-The.html
[2] http://www.opencsw.org/bugtrack/view.php?id=4004
[3] http://www.opencsw.org/bugtrack/view.php?id=4074
[4] http://lists.opencsw.org/pipermail/maintainers/2009-March/001791.html

More information about the maintainers mailing list