Author: anonym Date: To: The Tails public development discussion list CC: support Subject: Re: [Tails-dev] Contributing to Tails: our experience
GoodCrypto Support: > We realize how difficult it is to get feedback from our own users so we
> decided that it was important that we share our experience contributing
> to Tails.
Thank you!
> We love Tails and were eager to contribute. When the call for help with
> ticket 11198 was posted to the Tails home page, we jumped in.
And thank you for your massive contribution!
> Within a couple of weeks, we had converted a number of scripts. Although our
> only feedback was from sajoida who let us know that the git structure was
> correct, we continued to convert scripts as time allowed. By the end of June,
> we had converted all but 1 of the scripts over 30 lines in /usr/local/bin
> and /usr/local/sbin plus the associated libraries.
>
> From our viewpoint the nightmare scenario is that the translation introduces
> a serious security bug. Of course we've checked and written rudimentary
> tests, but we're human. It's just good security for someone other than us to
> look at the code.
>
> It has now been more than 6 months and the original ticket has been split
> into multiple tickets. Sajoida keeps suggesting action, but the target slips
> from one version to the next. Because of the delays, it's very likely that
> much of our work will have to be re-done to accommodate new changes to the
> bash scripts. One possible path is to replace one script at a time, starting
> with the least critical.
>
> There are bumps in any software development. But this experience won't
> encourage volunteers.
And finally, thank you for an insightful and well-tempered reaction to
my failure of handling your contribution! I wish this just was a
procedural problem, but unfortunately it was more about severe lack of
resources (time for reviewing/testing etc). So if there is a procedural
correction to be made on my side, I guess it is to be much more cautious
about asking for help.
I am very sorry you've had to deal with the frustration of having your
efforts ignored. The "one script at a time" approach seems like a good
idea -- my current plan is to create an integration branch where I
import the scripts one at a time and let our infra automatically test
the results. Given how my current workload is I think squeezing this in
could be possible. I'm sorry that I cannot promise anything better!