On Thu, Dec 18, 2014 at 11:36 AM, Daniel Gruno <humbed...@apache.org> wrote: > > On 2014-12-18 17:28, Sam Ruby wrote: >> >> On 12/18/2014 11:16 AM, Marko Rodriguez wrote: >>> >>> Hello Jake, >>> >>> When talking with Sam Ruby (cc:d) we voiced our concerns about moving >>> all of our infrastructure over to The Apache Foundation. In particular, >>> our GitHub presence and our public user-mailing list (i.e. tech support >>> mailing list). I have articulated our concerns in the freshly updated >>> proposal. >>> >>> https://wiki.apache.org/incubator/TinkerPopProposal >>> Please see "W. Mailing Lists", "Y. Git Repository", and "X. Subversion >>> Directory". >>> >>> Sam Ruby had stated that using GitHub for source control is an accepted >>> practice now. >> >> >> Let's split that into two pieces. >> >> Git is a DVCS, which means that it can be at multiple places. Using git >> for source control is an accepted practice at the ASF now. GitHub can be >> one of the places. >> >> From the ASF perspective, GitHub is a mirror. From GitHub's perspective, >> the ASF is a mirror. > > No, from GitHub's perspective, ASF is the canonical source. There is no way > to twist this into anything else. > It says right on every single Apache GitHub mirror that it is "Mirrored from > http://git.apache.org/...";. > > You cannot merge pull requests from GitHub via GitHub, that's simply not > going to work, and it should be plenty clear to everyone by now why that is > the case. >
Because people new to the ASF won't be familiar I'll reiterate the some of the infra concerns issues: The ASF cares deeply about (and has a responsibility to deal with) code provenance. The committer and author records in git itself are relatively fungible, so the canonical record is the push records that record when, what account, what IP address, etc. At present, Github does not expose those, and has expressed concerns about privacy issues in exposing those records to us. We have discussed with them multiple times the issues that we see as a concern, and we haven't yet found a way to overcome them. Other folks have other concerns - but that's the current 'big issue' from an infrastructure perspective. (there are others like programmatically managing access control to hundreds of repos that isn't tied to our authn/z systems, getting real commit messages, etc. - but that's likely something that could be conquered. ) We also realize that Github is huge locus for developers, and particularly developers working on OSS. To that end, we maintain mirrors on github, and a number of projects make use of pull requests and issues in the workflow, and to non-committers it gives the appearance that everything happens on Github. (and in reality 90% does). We have built API interaction to capture PR comments and other actions and send those on to a mailing list - so that we retain a history of all of that information locally. (Github has no real SLA to open source projects who get services for free, and there's important provenance information in PRs, tickets, comments as well) Every few months this comes up - and from a pragmatic side, Infrastructure would love to 'outsource' maintaining a git service to someone who offers an incredibly nice service and does so for free; but we haven't solved all of the problems that go along with it. In general, moving project websites, mailing lists, and revision control to the ASF is not negotiable. Most of the other aspects the project can make decisions on themselves. If you have concerns or questions, I am sure folks like Sam can answer them all, but I am happy to make myself available to talk through things with you. --David --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
