| 1 |
W dniu czw, 12.07.2018 o godzinie 15∶52 +1200, użytkownik Kent Fredric |
| 2 |
napisał: |
| 3 |
> On Mon, 09 Jul 2018 10:40:22 +0200 |
| 4 |
> Michał Górny <mgorny@g.o> wrote: |
| 5 |
> |
| 6 |
> > Hi, |
| 7 |
> > |
| 8 |
> > We currently don't enforce any particular standard for e-mail addresses |
| 9 |
> > for developers committing to gentoo.git. FWICS, the majority of |
| 10 |
> > developers is using their @gentoo.org e-mail addresses. However, a few |
| 11 |
> > developers are using some other addresses. |
| 12 |
> > |
| 13 |
> > Using non-@g.o e-mail addresses generally causes problems |
| 14 |
> > in accounting for commits. For example, our retirement scripts can't |
| 15 |
> > detect commits made using non-Gentoo e-mail address. My dev-timeline |
| 16 |
> > scripts [1] account for all emails in LDAP (which doesn't cover all |
| 17 |
> > addresses developers use). FWIK gkeys accounts for all addresses |
| 18 |
> > in the OpenPGP key UIDs. In my opinion, that's a lot of hoops to jump |
| 19 |
> > through to workaround bad practice. |
| 20 |
> > |
| 21 |
> > Therefore, I'd like to start enforcing (at the level of the hook |
| 22 |
> > verifying signatures) that all commits made to gentoo.git (and other |
| 23 |
> > repositories requiring dev signatures) are made using @gentoo.org e-mail |
| 24 |
> > address (for committer field). |
| 25 |
> > |
| 26 |
> > Is anyone opposed to that? Does anyone know of a valid reason to use |
| 27 |
> > non-@g.o address when committing? |
| 28 |
> > |
| 29 |
> > [1]:https://dev.gentoo.org/~mgorny/dev-timeline.html |
| 30 |
> > |
| 31 |
> |
| 32 |
> There's one fun problem here technologically for proxy-maint, but |
| 33 |
> getting the conditions right for it to occur happen very rarely. |
| 34 |
> |
| 35 |
> 1. Assume the proxied maintainer has a git repo, where they commit |
| 36 |
> themselves. |
| 37 |
> |
| 38 |
> 2. Assume their proxy has said git repo as an alternative remote, for |
| 39 |
> which they relay work. ( That is, they work closely together directly |
| 40 |
> instead of via github pull requests and textual patches ) |
| 41 |
> |
| 42 |
> 3. ::gentoo is quiet, and the proxied maintainer has rebased their own |
| 43 |
> work on top of ::gentoo, setting Committer: metadata and signing |
| 44 |
> commits. |
| 45 |
> |
| 46 |
> Then, in that situation, it is trivial for the proxy to relay those |
| 47 |
> commits verbatim to ::gentoo, without changing either Committer: or |
| 48 |
> signature data. |
| 49 |
|
| 50 |
...and the git hook would've rejected them because they aren't signed |
| 51 |
by a Gentoo developer. |
| 52 |
|
| 53 |
-- |
| 54 |
Best regards, |
| 55 |
Michał Górny |
Archives