1 |
In gentoo git tree all git commits will be signed by commiter gpg keys |
2 |
(and this will be requerd!) |
3 |
|
4 |
Aaron W. Swenson писал 2012-05-25 00:00: |
5 |
> -----BEGIN PGP SIGNED MESSAGE----- |
6 |
> Hash: SHA256 |
7 |
> |
8 |
> On 05/24/2012 03:57 PM, Dan Douglas wrote: |
9 |
>> Git is about decentralized version control. When you clone a repo, |
10 |
>> you have your own "fork". When everyone has their own branch, |
11 |
>> everyone is effectively equal. So yes you can expect much much |
12 |
>> more forking. In Git land, forks are good. There's no way to |
13 |
>> enforce that people only pull from some "official" source. |
14 |
>> |
15 |
>> It works out in practice so that 99% of the time people only care |
16 |
>> about a couple branches of one repository. Counterintuitively, this |
17 |
>> comes as a side- effect of git actually doing distribution properly |
18 |
>> and making it easier for everybody's workflow. The overlay model by |
19 |
>> contrast is quite broken on its own and virtually forces creation |
20 |
>> of new overlays in order to make changes without the benifits of |
21 |
>> version control (with regards to the rsync tree at least). |
22 |
>> |
23 |
>> What Github does is facilitate making it easy to fork/branch and |
24 |
>> provide a central way to push changes back into a remote through |
25 |
>> pull requests. Pull requests and other web services around git |
26 |
>> hosting are pretty much the thing that makes github worth using. |
27 |
>> From the standpoint of accepting patches, the differenc e to you is |
28 |
>> rather than (or in addition to) accepting patches through bugzilla, |
29 |
>> you can choose to accept a push directly from someone else's copy |
30 |
>> of the repo. It isn't like a wiki - everybody commits to their own |
31 |
>> repositories and pushing to a remote is on a whitelist basis just |
32 |
>> like in centralized version control. |
33 |
> |
34 |
> This gets us into another topic altogether. |
35 |
> |
36 |
> I do believe git pull-requests should go through Bugzilla. A |
37 |
> pull-request is the equivalent to bump requests, patch fixes, and all |
38 |
> sorts of stuff that we already handle through Bugzilla. Bugzilla also |
39 |
> contains our history. |
40 |
> |
41 |
> If they happen to be needing to be pulled from github, that's fine. |
42 |
> Definitely convenient for the contributor. |
43 |
> |
44 |
> We'll also need to clearly document how the pull-request is to be |
45 |
> generated. (I vote for requiring signed pull-requests. [1]) |
46 |
> |
47 |
> github should not be our central point of contact. We have b.g.o for |
48 |
> that. github should be on the fringes as a tool that we can use if we |
49 |
> want to. |
50 |
> |
51 |
> [1] |
52 |
> |
53 |
> http://git-blame.blogspot.com.ar/2012/01/using-signed-tag-in-pull-requests.html |
54 |
> |
55 |
> - - Aaron |
56 |
> -----BEGIN PGP SIGNATURE----- |
57 |
> Version: GnuPG v2.0.17 (GNU/Linux) |
58 |
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ |
59 |
> |
60 |
> iF4EAREIAAYFAk++oYEACgkQVxOqA9G7/aC1WgD/V33WU0Cvc/po2Evrrjk6fM4d |
61 |
> IHt8FtD21rKfyrxmCeQA/A7t/nCJOA5UURm2ILAraPLWu598G8bKV7RNKtRKrqhQ |
62 |
> =MVyV |
63 |
> -----END PGP SIGNATURE----- |
64 |
|
65 |
-- |
66 |
Best Regards, |
67 |
Alexey 'Alexxy' Shvetsov |
68 |
Petersburg Nuclear Physics Institute, NRC Kurchatov Institute, |
69 |
Gatchina, Russia |
70 |
Department of Molecular and Radiation Biophysics |
71 |
Gentoo Team Ru |
72 |
Gentoo Linux Dev |
73 |
mailto:alexxyum@×××××.com |
74 |
mailto:alexxy@g.o |
75 |
mailto:alexxy@×××××××××××××.ru |