search

austrianredcross / meta

Cooperation and meta discussions
2 stars 1 forks source link

Meta: Open Source Direction #8

Open mitsuhiko opened 4 years ago

mitsuhiko commented 4 years ago

I'm posting this here because this is at the moment the most active repository for better visibility.

As you can see this application comes out of a development process that wasn't started on Github :) As a result of this a lot of background information and commit history are not visible here. There is also no complete clear direction yet for how future development can ideally go. I'm assisting the Red Cross and the contracted developers (Accenture) to figure this out though.

This is very much a learning by doing exercise for everybody involved.

For now if you have some input on how you feel the future development of the app should go, feel free to reply to this issue.

The likely next steps will be to share the already existing roadmap, some of the items from the backlog which are relevant and to see that the backend can be put on github as well. The latter however I don't have timelines on right now because the team is busy with the 1.2 release right now.

wollmers commented 4 years ago

Best way would be to integrate the work of contracted developers as soon as possible into these GitHub repositories.

If they still use some kind of VCS (version control system), it should be possible in some way.

I'm not a friend of separated activities, or only using github as a mirror. Open source projects, even dual-life or dual-license, have fewer problems with a central repository and issue system.

Maybe there exist same legal problems, e. g. comments not intended by the authors for a public audience at time of writing. Intellectual properties, contract problems.

I trust that all participants want the best. Contribute to a trustworthy app, minimise time to market, leave no issues for auditors, or room for any doubt. Trust is very important to get a critical mass of users.

In my experience open source projects work best, if all participants (payed, sponsored or unpayed) are open minded, see the benefit of submitted bugs and issues. Live the spirit.

DJCrashdummy commented 4 years ago

this is not a post about this projects lead resp. its future in particular but IMHO it somehow fits here...

  1. i want to thank all developers, project leaders, consultants, universities, companies etc. which contributed to this project and made it possible to open source this project! :clap:
  2. sadly i had to doubt, that we would have critical software in austria as open source any time soon (at least not without a mandatory EU regulation).
  3. it is somehow disappointing that an NGO has to show our politicians, that it is possible and how it can be done. to every politician, decision-maker, manager, leader etc.: please have a look at this short but eye-opening video.

sorry for getting slightly off topic.

the-habu commented 4 years ago

I'm not a friend of separated activities, or only using github as a mirror. Open source projects, even dual-life or dual-license, have fewer problems with a central repository and issue system.

I am also not-at-all fond of the "using github as a mirror" approach and it drives my motivation to review directly into the ground. Nobody knows if what you're looking at is still valid or already changing/changed.

I get why the history might have not been imported. Maybe it was not intended to become open source in the first place and nobody wanted to invest in cleaning up the history and removing potential things that should not become publicly available. But it does not justify the mirror approach.

Sorry not being overly productive here and keeping to fortify @wollmers comment. But it seriously drives me mad. The Stopp Corona topic has already evolved to something which I keep coming back to if I want a dose of madness (seriously, it is). I get it, mistakes are made, but please go flatout on the path of making it a good project. The project needs very good reputation to skyrocket install numbers. Otherwise it'll stay a moneypit, 100.000+ installs is not enough for it to make sense.

bastianh commented 4 years ago

We are in the process of using Github as base of all development in the future. It took some time because of changes needed to get CI running with github and stuff like that.

uliluckas commented 4 years ago

Development has switched to github.

mitsuhiko commented 4 years ago

I moved this issue to the new meta repository which contains general conversations about the project as such.

TuxCoder commented 4 years ago

There is still missing transparency. I understand that not all can be done on one day and I see that it gets better (smaller commits, access to more issues, more PR from developers,...)

But now the second ticket got moved to a private repo without any message to the issue creator. https://github.com/austrianredcross/stopp-corona-android/issues/32 (remove P2PKit) https://github.com/austrianredcross/stopp-corona-android/issues/13 (?security bug? ?in tan api think related to this: https://github.com/austrianredcross/stopp-corona-android/issues/16 )

This really does not help to trust this project.

@uluckas It is nice to see that the VCS and the merging infrastructure is moved to Github, but development also includes the issue tracker. There are still references to an internal tracker that is not accessable by the public. one example: https://github.com/austrianredcross/stopp-corona-android/pull/48 This fixes three unknown issues.

https://github.com/austrianredcross/meta/blob/master/COOPERATION.md Why do I need to be a Organizations to see the current issues with this App/Project ?

There are "obvious" improvements. I also see that a good amount of this "obvious" improvements are already addressed and planed to fix, but we still have no access to a rodemap/internal issue tracker, this leads to discussion with the same result. Q: XY would be a nice feature, A: XY is already planed.

A lot of them are planed, but there is currently to less communication (or to much different channels).

Lot of sources for information:

It would be nice to have a central point communication channel about this app, that is trustworthy and has up to date information about the project and the plans.

I miss in the COVENANT.md an important point FOSS - "Free as in freedom not as in free beer". All parts of the app should be understandable and accessible also the source code. If this is not done false assumptions are made about what data is collected and stored, also it make it hard to trust something you can not understand.

Also this project should meet min. all of the 10 points from the CCC: en: https://www.ccc.de/en/updates/2020/contact-tracing-requirements de:https://www.ccc.de/de/updates/2020/contact-tracing-requirements Also interesting discussion (Constanze Kurz by Jung & Naiv, German): https://www.youtube.com/watch?v=XvRnyv9fPns

Looking forward for the roadmap!

It is still a long way to that goal. I hope we will reach it healthy!

mitsuhiko commented 4 years ago

@TuxCoder

You're absolutely right that transparency is needed. I moved one issue to private and I reached out to the creator of this issue. They should also have received an email because i moved it after I replied. I'm not sure why the second issue was moved. I will figure this out.

Why do I need to be a Organizations to see the current issues with this App/Project ?

You shouldn't have to, and in light of moving issues to private this obviously doesn't instill a lot of confidence. This was intended to be exclusively for working together for responsible disclosure which is always something that is kept private within a reasonable time frame. Obviously meta discussions are not supposed to be covered by that.

I'm currently trying to plot a path towards this becoming a true community supported open source project and had some pretty good initial feedback.