1 |
W dniu czw, 12.07.2018 o godzinie 15∶52 +1200, użytkownik Kent Fredric |
2 |
napisał: |
3 |
> On Mon, 09 Jul 2018 10:40:22 +0200 |
4 |
> Michał Górny <mgorny@g.o> wrote: |
5 |
> |
6 |
> > Hi, |
7 |
> > |
8 |
> > We currently don't enforce any particular standard for e-mail addresses |
9 |
> > for developers committing to gentoo.git. FWICS, the majority of |
10 |
> > developers is using their @gentoo.org e-mail addresses. However, a few |
11 |
> > developers are using some other addresses. |
12 |
> > |
13 |
> > Using non-@g.o e-mail addresses generally causes problems |
14 |
> > in accounting for commits. For example, our retirement scripts can't |
15 |
> > detect commits made using non-Gentoo e-mail address. My dev-timeline |
16 |
> > scripts [1] account for all emails in LDAP (which doesn't cover all |
17 |
> > addresses developers use). FWIK gkeys accounts for all addresses |
18 |
> > in the OpenPGP key UIDs. In my opinion, that's a lot of hoops to jump |
19 |
> > through to workaround bad practice. |
20 |
> > |
21 |
> > Therefore, I'd like to start enforcing (at the level of the hook |
22 |
> > verifying signatures) that all commits made to gentoo.git (and other |
23 |
> > repositories requiring dev signatures) are made using @gentoo.org e-mail |
24 |
> > address (for committer field). |
25 |
> > |
26 |
> > Is anyone opposed to that? Does anyone know of a valid reason to use |
27 |
> > non-@g.o address when committing? |
28 |
> > |
29 |
> > [1]:https://dev.gentoo.org/~mgorny/dev-timeline.html |
30 |
> > |
31 |
> |
32 |
> There's one fun problem here technologically for proxy-maint, but |
33 |
> getting the conditions right for it to occur happen very rarely. |
34 |
> |
35 |
> 1. Assume the proxied maintainer has a git repo, where they commit |
36 |
> themselves. |
37 |
> |
38 |
> 2. Assume their proxy has said git repo as an alternative remote, for |
39 |
> which they relay work. ( That is, they work closely together directly |
40 |
> instead of via github pull requests and textual patches ) |
41 |
> |
42 |
> 3. ::gentoo is quiet, and the proxied maintainer has rebased their own |
43 |
> work on top of ::gentoo, setting Committer: metadata and signing |
44 |
> commits. |
45 |
> |
46 |
> Then, in that situation, it is trivial for the proxy to relay those |
47 |
> commits verbatim to ::gentoo, without changing either Committer: or |
48 |
> signature data. |
49 |
|
50 |
...and the git hook would've rejected them because they aren't signed |
51 |
by a Gentoo developer. |
52 |
|
53 |
-- |
54 |
Best regards, |
55 |
Michał Górny |