From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 0E7888ABCF for ; Fri, 21 Oct 2022 13:38:49 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id DB0C92189B for ; Fri, 21 Oct 2022 13:38:18 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Fri, 21 Oct 2022 13:38:18 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id F36A744B12; Fri, 21 Oct 2022 13:38:17 +0200 (CEST) Message-ID: <7e1140af-0bf3-ee06-7e07-4749d5095171@proxmox.com> Date: Fri, 21 Oct 2022 13:38:17 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Thunderbird/106.0 Content-Language: en-US To: Thomas Lamprecht , Proxmox VE development discussion Cc: Wolfgang Bumiller References: <20221021083117.1239396-1-d.csapak@proxmox.com> <20221021083117.1239396-2-d.csapak@proxmox.com> <04a8f643-cb3f-daf8-480b-240726cec255@proxmox.com> From: Dominik Csapak In-Reply-To: <04a8f643-cb3f-daf8-480b-240726cec255@proxmox.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.068 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment NICE_REPLY_A -0.001 Looks like a legit reply (A) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [PATCH access-control v2 1/3] authenticate_2nd_new: only lock tfa config for recovery keys X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Oct 2022 11:38:49 -0000 On 10/21/22 13:29, Thomas Lamprecht wrote: > Can we *please* get sane commit subject for *human* consumption?! > > The worst one, that really triggers me: >> authenticate_user: pass undef instead of empty $tfa_challenge to authenticate_2nd_new > Instead of a high level human overview it gives basically another almost > machine readable diff of the lower level changes. So there's close to zero > of useful higher level and/or _new_ info in there, but sure makes one stop > to parse on seeing this in some log. > > Copying the method name (nor file module name!) is basically never a good > idea, especially as tag and especially for (admin) user facing changes - it > can naturally be OK for library stuff (i.e., dev-only facing changes), but > even then seldom as start `:`... > > following would allow for a quicker to read, and (granted, slightly > subjective) better high level understanding of the commits, thus better > categorizing for when skimming through the log, e.g., in search of relevant > changes due to some new/questionable/.. behavior; besides that it makes > d/changelog writing easier. > > * tfa: only lock config for recovery keys on authentication > * tfa: rename outdated $otp variable to $tfa_response > (this is internal and won't ever make it in the d/changelog so only dev > readability matters) > * auth: drop passing bogus challenge variable when checking first factor > (also internally, dev oriented) > > This should be also verified and either amened or commented on by the > maintainer (planning) pushing a commit/series - while its obviously 1) hard > and 2) a lot overhead to have a very strict rule book that's fine for a > partially subjective thing like this, it should be that hard to detect the > obvious cases, at least for user facing changes. > > May look like a small thing to "rant" on, but I spend a lot of time in git > log et al. and copy pasted method/file names without simple concise tagging > and for-human info can make it much harder with no benefit for anyone. > > Naturally applies to all devs/maintainers not just those in To/Cc here. yes, you're completely right of course. i don't think that it's a 'small thing to rant on' at all, i often looked for commits where a better subject would have made it much more obvious what is happening and would have been easier to identify i'll use better commit subjects in the future.