Le 27/04/15 10:18, Jochen Theodorou a écrit : > Am 26.04.2015 18:45, schrieb Emmanuel Lécharny: > [...] >> This is not a question of traceability. It's just that when Github wil >> shutdown, or close their repository, we won't be dead in the water, as >> we have the main repository on *our* servers. >> >> And if it sounds hypothetical, then think about what happened recently >> to codehaus... > > Git is not subversion. Still. The ASF repo *must* be the reference.
> If codehaus suddenly had shutdown, we would have still local copies of > the repository (even ignoring that github already was the main repo > and codehaus only a copy). And it took weeks of work to find a new home and to migrate everything. Something you want to do again ? > In git everyone has the full repo locally as well, as long as it is > updated. You can do shallow copies in git, but they are not standard. Standard for The ASF means something that we can bring to a juge, if needed. This is quite complicated to guarantee if we don't have the main repo in our walls. > >> From the legal POV, the ASF distribute sources, and provide protection >> to committers by the means of being able to exhibit the full history. >> Again, if github decides to just limit the project history to, say, one >> year, we would be dead in the water again. And again, if it seems >> spurious to keep all the history, know that we are sometime asked to >> provide this source history in court. > > Same story if for example the repository gets corrupted by file errors > in a way that allows still the usage of the repo, but some data has > been altered. Though, such things can imho happen on Apache as well We do have some periodic backups. I hope that we can detect alteration fast enough to be able to restore the data in their pristine state. I happened a couple of time a few years ago when The ASF has been hacked (yes, we are not immune against such attacks ;-) > >> Last, not least, we protect *committers* against any legal action, >> committers being voted people. Being able to give access to a selected >> number of person who have signed a CCLA/ICLA is a key for The ASF, >> something you are not likely to be able to enforce in github (and if you >> can, again, we have no guarantee we can control such protecion for ever) > > Well, following this strictly we should never ever merge pull requests > from github Why ? The committer who push such pull request does it under his own responsability... > >> Hope it clarifies why we push commits to the ASF Git repository. > > You mean clarifies why we have to push commits to the ASF Git > repository as primary repository.... and not really to be frank. Sorry, but I don't see what is your problem them, beside some philosophical aspects...
