The Wiki page mentions SSL certificates/SSH keys for commit access, but doesn't mention self-service SSH key management. I don't know the full details of how this works, but the ability to add/remove keys without involving Digium folks would be very nice. Management of keys/certificates is something worth noting for the different options being considered. I'm guessing this doesn't apply if SSL certificates are used.
On Tue, Sep 16, 2014 at 10:53 PM, Matthew Jordan <[email protected]> wrote: > > > On Tue, Sep 16, 2014 at 6:00 PM, Russell Bryant <[email protected]> > wrote: >> >> On Tue, Sep 16, 2014 at 6:12 PM, Russell Bryant >> <[email protected]> wrote: >>> >>> On Tue, Sep 16, 2014 at 6:01 PM, Russell Bryant >>> <[email protected]> wrote: >>>> >>>> From a high level, all patches go to a code review system. *Every* >>>> patch must be peer reviewed (usually by 2 people, but that's a policy >>>> decision). *Every* patch must also pass tests. Once a patch passes both >>>> tests and peer review, it is automatically merged into the repository. >>> >>> >>> I just thought of another important bit of the workflow ... the CLA >>> handling. >>> >>> With Asterisk today, all patches go through the issue tracker. The issue >>> tracker handles the CLA. Uploading code to the issue tracker bypasses that, >>> so we had to hack reviewboard to also know about CLAs. OpenStack uses a >>> CLA, as well, and gerrit has built-in CLA handling. >> >> > > Yup, CLAs still matter. > > For what it's worth, we wrote a Crowd plug-in for Review Board that allows > authenticated users who have signed a CLA to log in and/or post code. That > helps to keep non-licensed contributions from getting pushed too far into > the process. > > The fact that gerrit has an option for this is a huge plus. > > >> >> Some more workflow comments, sorry... and then maybe I'll shut up. :-) >> >> One thing I really like about gerrit vs review board is that gerrit is >> focused on git and as a result, has more native git integration. Posting >> code reviews is just "git review" from your git tree. "git review" is >> really just a helper around a normal "git push". You can push a patch >> series to gerrit and gerrit understands what that is and tracks the patch >> dependencies. Last I checked, review board still lacked any sort of support >> for a series of patches related to each other. >> >> Also, if you're really attached to doing code reviews in a console and >> maybe even offline, someone in the OpenStack community made gertty [1], >> which is a replacement for using the web UI. It's gerrit, but entirely >> synced locally and in a terminal. I've used it for several hours while >> offline on an airplane and it's pretty darn amazing. It syncs all the >> reviews you did back to gerrit once you're back online. >> >> [1] >> http://lists.openstack.org/pipermail/openstack-dev/2014-September/045013.html >> > > I'm not tied to doing code reviews off-line - we can't right now! - so this > would be a benefit over the current workflow with Review Board. > > -- > Matthew Jordan > Digium, Inc. | Engineering Manager > 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA > Check us out at: http://digium.com & http://asterisk.org > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-dev mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-dev -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
