Bug#935706: lintian: Make tag certainty a programmatic assessment

To: "Chris Lamb" <lamby@debian.org>
Cc: 935706@bugs.debian.org, "Felix Lechner" <felix.lechner@lease-up.com>
Subject: Bug#935706: lintian: Make tag certainty a programmatic assessment
From: Russ Allbery <rra@debian.org>
Date: Fri, 06 Mar 2020 22:34:29 -0800
Message-id: <[🔎] 87v9ngbrm2.fsf@hope.eyrie.org>
Reply-to: Russ Allbery <rra@debian.org>, 935706@bugs.debian.org
In-reply-to: <[🔎] 2d2cabf1-05f7-408b-a067-4fc4c9a4e05e@sloti26t01> (Chris Lamb's message of "Thu, 05 Mar 2020 01:57:08 -0000")
References: <CAFHYt57Z=qx0RvHQpqkJZfQ38yPk6GGck+bhzb4fSdjMGoc7-A@mail.gmail.com> <[🔎] 2d2cabf1-05f7-408b-a067-4fc4c9a4e05e@sloti26t01> <CAFHYt57Z=qx0RvHQpqkJZfQ38yPk6GGck+bhzb4fSdjMGoc7-A@mail.gmail.com>

"Chris Lamb" <lamby@debian.org> writes:

> Controversial opinion — the "certainty" of tags is of no actionable
> benefit to either the users of Lintian or its developers and should be
> removed.

I may be able to provide a bit of historical context here, since I was
maintaining Lintian when this was introduced.  This is not disagreement
with your proposal (I find your argument persuasive), just context so that
you know what problem we were trying to solve.

Prior to certainty, Lintian set the level of the tags directly.  However,
they didn't have any well-defined meaning, and there was some confusion
and controversy over why a given tag would have a given level.

It seemed natural to tie the severity of the tag to the severity of the
bug that would be filed were one to file bugs based on lintian tags, since
that was tied into other project work and judgments (policy, BTS
conventions, and so forth).  Debian maintainers already understood the
difference between serious, important, and normal, so reusing that
terminology seemed wise and it would put the level of each tag on more
concrete footing.

The problem, though, was that in some cases the bug would be a serious
Policy violation *if Lintian were right*, but Lintian was often wrong.
Certainty was an attempt to somehow capture that so that Lintian could
express to the maintainer "this is a serious problem with your package if
what I found is true, but there's a good chance this is a false positive."

The "certain" severity was always a problem; only a few things are truly
certain, since there are always special exceptions, and that's always
annoyed people.  From my perspective, the certainty concept is more useful
for the wild-guess end of the spectrum, where it's conveying useful
information ("this would be a serious problem, but we're bad at reliably
detecting it").

A theory at the time was that maintainers could use these two metrics to
filter output on.  Maintainers that only cared about actual Policy
violations, not Lintian's various advice, could filter on severity of
normal (or important), but allow any certainty.  Maintainers who wanted
the advice but didn't want to be bothered with false positives could
enable any severity but filter out certainty of wild-guess and maybe even
possible.

In practice, I don't think this has happened.  My impression is that the
classification system is more fine-grained than the users of Lintian care
about, so maintaining it is to some extent wasted effort.

-- 
Russ Allbery (rra@debian.org)              <https://www.eyrie.org/~eagle/>

Reply to:

References:
- Bug#935706: lintian: Make tag certainty a programmatic assessment
  - From: "Chris Lamb" <lamby@debian.org>

Prev by Date: Bug#935706: lintian: Make tag certainty a programmatic assessment
Next by Date: [root@lindsay.debian.org: Cron <lintian@lindsay> find /srv/lintian.debian.org/scratch -maxdepth 1 -type d -name '*lintian-lab*' -mtime +1 -exec rm -fr {} +]
Previous by thread: Bug#935706: lintian: Make tag certainty a programmatic assessment
Next by thread: Bug#935706: lintian: Make tag certainty a programmatic assessment
Index(es):
- Date
- Thread