On Wed, Dec 2, 2009 at 11:39 AM, Daniel Kulp <[email protected]> wrote: > On Mon November 30 2009 4:50:15 pm Howard Lewis Ship wrote: >> The reality is that regardless of whether code comes in as patches in >> JIRA or as Git pull requests on GitHub, there is still a committer >> making the change and committing it to the "master" repository. Using >> Git instead of SVN does not affect the underlying process, especially >> as it concerns CLA. > > I think you've kind of missed the issues that Jukka was describing. > > As I see it, there are two main issues: > > 1) As you mentioned, we can easily ensure that only committers (that have > CLA's on file) can push to the master, git doesn't record WHICH committer that > was. It records the original author of the work. (where the committer > originally pulled the changes from) Thus, we'd have no way to track that > commit back to a PARTICULAR CLA. > > 2) We have no (standard) way to make sure that the original author of the work > (if they don't have a CLA on file) has given the OK to have the work included > in the Apache work. With JIRA, we have the "grant to Apache" checkbox for > the patch. Thus, if the commit message contains the JIRA ID (big if, wish > this was somehow more automatic), we can easily trace the commit back to both > the committer AND the original author and check the legal bits for both. If a > problem pops up, we have two names to contact immediately. > > > What's interesting is that the problem with git is the exact opposite of svn, > but I really think it's really still a problem for svn. With svn, unless the > committer puts something (like a jira ID) in the commit comment, we have a > committer ID, but not an author ID. With git, unless the "signed off by" > thing is used, we have a author id, but not a committer id. The "svn" > problem is more tolerable as the committer SHOULD at least have some idea > where the code came from. It's more in our control. > > That said, we could probably put some hooks into the git repo that would do > some type of verification like: > 1) if the author id is a committer id, OK it. > > 2) if the author id is NOT a committer id, require the "signed off by" thing > to be set and/or a JIRA ID (that would assumably have a patch attached with > the grant checkbox checked). >
I'm pretty sure that when using the sign off option, both you (the committer) and the contributor (the author) are identified. > That would require someone to write the hooks, do thorough testing, etc... > That's not on infrastructures todo list at all. > > > Anyway, that all said, I'd LOVE to be able to use a central git repo instead > of svn as well. svn is painfully slow when your used to git. > > Dan > > So what I'm hearing is that as long as external code is delivered via a JIRA patch, and the JIRA issue is referenced in the commit, then there's no difference between Git and SVN from a legal stand point. > > >> On Mon, Nov 30, 2009 at 1:43 AM, Greg Stein <[email protected]> wrote: >> > Jukka was working through the hosting issues. Last I heard, while at >> > ApacheCon a few weeks ago, was that it wasn't really possible for Git >> > to meet all the requirements. I don't recall what it is, but you're >> > talking things like recovery, authentication/authorization, >> > intercontinental replication/failover, etc. >> > >> > Personally, I find the notion of Apache developers working on private >> > git repositories (rather than the central svn repository) to be >> > anti-community. But I understand you can *make* git work in a more >> > communal and open fashion. But my opinion is neither here nor there. >> > The technical issues need to be solved first. >> > >> > Cheers, >> > -g >> > >> > On Sun, Nov 29, 2009 at 18:23, Howard Lewis Ship <[email protected]> wrote: >> >> Ok, what will it take to go beyond simple mirroring to full-fledged >> >> project hosting? >> >> >> >> On Sat, Nov 28, 2009 at 9:53 PM, Philip M. Gollucci >> >> >> >> <[email protected]> wrote: >> >>> Howard Lewis Ship wrote: >> >>>>>From what I can tell, Git at Apache is limited to clones of Subversion >> >>>> >> >>>> repositories. >> >>>> >> >>>> The members of the Tapestry project are all very interested in using >> >>>> Git for day-to-day work on Tapestry. Are there any plans to set up >> >>>> read/write Git repositories at Apache? I haven't seen any useful >> >>>> information about this here, or on the Apache Board mailing list. >> >>> >> >>> There are no current plans to expand beyond what is available at >> >>> git.apache.org. >> >>> >> >>> >> >>> >> >>> >> >>> -- >> >>> ----------------------------------------------------------------------- >> >>>- 1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C >> >>> Philip M. Gollucci ([email protected]) c: 703.336.9354 >> >>> VP Apache Infrastructure; Member, Apache Software Foundation >> >>> Committer, FreeBSD Foundation >> >>> Sr. System Admin, Ridecharge Inc. >> >>> Consultant, P6M7G8 Inc. >> >>> >> >>> Work like you don't need the money, >> >>> love like you'll never get hurt, >> >>> and dance like nobody's watching. >> >> >> >> -- >> >> Howard M. Lewis Ship >> >> >> >> Creator of Apache Tapestry >> >> >> >> The source for Tapestry training, mentoring and support. Contact me to >> >> learn how I can get you up and productive in Tapestry fast! >> >> >> >> (971) 678-5210 >> >> http://howardlewisship.com >> > > -- > Daniel Kulp > [email protected] > http://www.dankulp.com/blog > -- Howard M. Lewis Ship Creator of Apache Tapestry The source for Tapestry training, mentoring and support. Contact me to learn how I can get you up and productive in Tapestry fast! (971) 678-5210 http://howardlewisship.com --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
