[ef4]

Color me deeply skeptical of the suggestion to try to lock people out of community participation unless they pay.

The real secret to not burning out is to scale up the set of maintainers in proportion to the users. You do that by lowering the barriers to involvement, not raising them.

Most maintainers err on the side of controlling too much. Which makes them into bottlenecks.

One or two good PRs is enough for me to give you commit bit on my repos. This has never yet resulted in abuse, and has brought in a many helpful co-maintainers.

Bad commits can be easily reverted. Whereas giving people a bit of trust often inspires them to help more.

[zzzeek]

Bad commits are the absolute most difficult thing to reverse when they get released and the userbase codes to them. When I don't pay super close attention to what's being contributed, it creates three times as much work after I let it through.

[bartread]

Superficially, that sounds more like a release process issue than a bad commit issue.

[nextlevelwizard]

How often is commit bad enough to require revert, yet made it through testing and got released?

[btown]

Code style, inconsistent APIs, a feature that's barely tested by its own contributor, introducing dependencies on innards that were planned to be removed by an ongoing refactoring project, etc. So many ways contributions can go wrong.

[diggan]

All those things should and hopefully would have been caught when the PR was made, not after the commits made it into master.

[btown]

The entire context of this thread is that adding committers can introduce risk in the quality of accepted contributions. Building a trusted network of gatekeepers is hard.

[nextlevelwizard]

Just because stuff gets to master doesn't mean they get to the release.

[snakeanus]

> Code style

How is that an issue in this day and age? Just run astyle or indent.

[gopalv]

> Just run astyle or indent.

"Style" is more than indentation - my favourite example is something I worked with very closely, but always needed a cheat-sheet on my desk - the PHP arrays api.

Just look at the docs for array_search and array_replace.

This is much worse in managed memory languages - do you allocate memory, who frees it, who can use a buffer in zero-copy mode, who can't ... whether the functions are always re-entrant.

All that said - any originating coder who burns out due to support issues, killing the community is measurably worse off than someone who has thousands of users who demand that you support such "legacy" APIs for another six months.

[zzzeek]

I'm talking here about a developer API that is extremely flexible and extensible. Even one-liner contributions can have bad effects, and virtually all contributions I receive "work" at a superficial level and if they provide tests the tests usually pass. "made it through testing" is a low bar, the bigger implications of a patch need to be considered.

Examples of PRs that "work" exactly as intended yet are the wrong way to solve the problem:

https://github.com/zzzeek/sqlalchemy/pull/381

https://github.com/zzzeek/sqlalchemy/pull/382

Here's a large PR:

https://github.com/zzzeek/sqlalchemy/pull/365

that after lots and lots of back and forth I finally merged with lots of edits from me at: https://github.com/zzzeek/sqlalchemy/commit/7d3da6f850dca54b...

...aannnnndddd - after all that work and testing, it was wrong! Fortunately someone caught the mistake within the beta release:

https://bitbucket.org/zzzeek/sqlalchemy/issues/4072/mysqldml...

if I had released that fully and the whole world coded to "mysql.insert.values.bar == 5", that's broken API since it breaks the values() method. Backwards-incompatible fix required.

[ianamartin]

Do you think that's generally true? Or is it a facet of your experience running three of the most important Python packages around?

[imhoguy]

"a bit of trust" this! Most often maintainers ego is the issue and too much control over ones baby project is the road to frustration and burnout. The way the power is shared and the shape of community structure is huge factor often neglected by tech-only focused maintainers/owners. There is a good piece of wisdom on social aspect of open-source in Social Architecture by Pieter Hintjens[0]. I recommend learning about his pov to anyone interested in open-source open-projects.

[0] https://www.gitbook.com/book/hintjens/social-architecture/de...

[ngrilly]

Excellent read! Thanks!

[Klathmon]

I completely agree, the only thing I still like to keep to myself (or to a very select group) is the ability to cut a release.

If you want commit access, just ask. But I still want to validate releases that get pushed out to a bunch of people.

[mjevans]

My policy is to never ask, and to only accept if I think I can be worthy of the work at the time (so I might accept at a later date if I feel I don't have the bandwidth today).

[Klathmon]

And I tend to try and offer if i start to notice the name in a few issues or PRs.

[ATsch]

A gitlab feature I miss on Github is "protected branches" and being able to add contributors that can only push to unprotected branches. This way you can give people access to the main repo while still being able to check code before it goes into master

[eb3c90]

You can do this now. $work uses github and has it so that a bit of code has to have be reviewed before it can be merged to master.

[hnlmorg]

You can do this on Github. It's even called the same. Go to your repo -> settings -> branches and it's the 2nd item (Protected branched).

I use this feature at work so I can confirm it behaves as expected.

[ATsch]

Oh, great! I tried it a while ago and the setting was nowhere to be found!

[lamby]

You can do this on Github with custom hooks etc. But yes.

[hnlmorg]

That's potentially one way of doing it but Github does also have a specific feature for doing this literally called "Protected branches":

https://github.com/blog/2051-protected-branches-and-required...

[jordigh]

We kind of did this with a project I was working on once. Someone was being helpful, main maintainer was getting tired, so helpful guy got full rights to the repo. He went on a several-year-long frenzy of activity, up to being a release manager, putting lots of micro-optimisations into the code and still being generally helpful until he got sucked up by Google and vanished.

Sadly, lots and lots of little bugs and awkward design decisions crept through. Obscure ones, hard to find, and a coding style that tended towards obfuscation. Guy had a habit for assemblyish/fortranish code.

I think the lesson learned is, sure, maybe give the helpful guy full access, but still keep your eye on them and encourage everyone else to do so too.

[mikegerwitz]

> main maintainer was getting tired

Would the project have had much development at all without the "helpful guy"? If the maintainer was too tired to even keep an eye on him/her, then it sounds like the project would have stalled without that help.

[j_s]

The Pull Request Hack | https://news.ycombinator.com/item?id=5357417 (March 2013)

http://felixge.de/2013/03/11/the-pull-request-hack.html

> Whenever somebody sends you a pull request, give them commit access to your project.

I agree with requiring more accountability before granting the ability to create official releases.

[asdfasdfasd333]

Absolutely this.

This applies to engineering at software companies as well.

[hacking_again]

> One or two good PRs is enough for me to give you commit bit on my repos. This has never yet resulted in abuse, and has brought in a many helpful co-maintainers.

In addition, I find it's helpful to identify the really keen contributors and ask them privately see if they want to take on more responsibilities.

[ngo123]

> Most maintainers err on the side of controlling too much.

Burnout can happen by working too much. It can also happen by too many discussions/politics if you give out commit rights like cookies.