+1 for moving to git, and using Atlassian's stash and crucible. Git branching is very different than subversion, and any feature or issue can have it's own branch and merged into master through a pull request. We can also have rules on code reviews before a branch is merged onto master or say rules like the branch must have a green build before it's merged into master. Using Stash and crucible integrates the workflow quite seamlessly and it integrates well with Jira. My 2 cents...
Dipanjan On Wednesday, 10 September 2014, Gilles <gil...@harfang.homelinux.org> wrote: > On Wed, 10 Sep 2014 12:00:12 +0200, Stefan Bodewig wrote: > >> [on the original topic: I personally like git but would leave the >> decision to move on to the components] >> >> On 2014-09-10, Gilles wrote: >> >> [The advantages of "git" must be somewhere else.] >>> >> >> Not sure about "the advantage", but let me show you an example where a >> DVCS (any DVCS) would have been really useful. >> >> Back in 2012 there was some minor security issue in Compress. Apache >> policy says the fix for a security issue should be a single commit - >> this is for the benefit of packagers who may want to backport the fix to >> their older versions. The policy also says the fix should be developed >> in private and only be committed when ready shortly before building the >> release so potential attackers watching the commits don't get too much >> of a head-start. >> >> I didn't know about the policy at that time (pure ignorance) and created >> more than a dozen svn commits experimenting and exploring the fix as it >> wasn't easy. All visible to the public. >> >> My point now is, even if I had known about the policy I would have >> needed some sort of SCM to explore the problem without too much fear. I >> personally rely on the safety net offered by an SCM and don't like to >> develop bigger chunks of code without safepoint commits. >> >> With a DVCS like git I can do so in a private branch that I can share >> with my peers without committing to the ASF git server (have them pull >> from my private repository) - so we can agree on the patch in private. >> Once the patch is ready I can rebase my branch and squash all commits to >> a single one that I can then merge to master and push to the ASF server. >> >> I guess what I'm trying to say is a DVCS makes it easier to experiment >> in a controlled manner and for security issues it offers big advantages. >> >> > That is quite convincing! Such a use case could be the basis for Apache > to _force_ all projects to switch to "git"... > > Thanks, > Gilles > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
