Hi, On Sun, Apr 26, 2015 at 6:01 PM, Russel Winder <[email protected]> wrote: > ...I am not sure I understand why a Git commit made directly to an ASF > repository is any less traceable, logged etc. than a commit made by > the same person on GitHub and then mirrored to ASF...
I think this infrastructure-dev thread explains that, it's what Andrew mentioned earlier in this thread with a bit more detail: http://markmail.org/message/3kcms6pll7ouj35l Commits made directly to ASF-hosted Git repositories, OTOH, are controlled by the ASF authentication mechanism that we trust. Commits made directly on github do not currently provide that level of trust. The ASF wants committers to take responsibility for what they commit according to the iCLA that they file, that's what we need strong traceability of the provenance of each line of code here. -Bertrand
