[on the original topic: I personally like git but would leave the decision to move on to the components]
On 2014-09-10, Gilles wrote: > [The advantages of "git" must be somewhere else.] Not sure about "the advantage", but let me show you an example where a DVCS (any DVCS) would have been really useful. Back in 2012 there was some minor security issue in Compress. Apache policy says the fix for a security issue should be a single commit - this is for the benefit of packagers who may want to backport the fix to their older versions. The policy also says the fix should be developed in private and only be committed when ready shortly before building the release so potential attackers watching the commits don't get too much of a head-start. I didn't know about the policy at that time (pure ignorance) and created more than a dozen svn commits experimenting and exploring the fix as it wasn't easy. All visible to the public. My point now is, even if I had known about the policy I would have needed some sort of SCM to explore the problem without too much fear. I personally rely on the safety net offered by an SCM and don't like to develop bigger chunks of code without safepoint commits. With a DVCS like git I can do so in a private branch that I can share with my peers without committing to the ASF git server (have them pull from my private repository) - so we can agree on the patch in private. Once the patch is ready I can rebase my branch and squash all commits to a single one that I can then merge to master and push to the ASF server. I guess what I'm trying to say is a DVCS makes it easier to experiment in a controlled manner and for security issues it offers big advantages. Stefan --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
