Git allows you to commit as "whoever you want" - e.g. like in SMTP
email, the headers are decided by the sender. SVN on the other hand
will show the authenticated user in the commit log. So - speaking as a
former sysadmin - it sounds a bit daring to let anyone new to Apache
from a fresh Incubator proposal to also get instant write access to
all Incubator projects, including those that are just about to
graduate.

That said - assuming there has not been any reported abuse of this
global write access - then it is a very good sign of all the new
committers being responsible people - or perhaps they just didn't know
they had that write access to begin with :). It's a trust-thing - I
remember when I started my first proper sysadmin job, and on day one
received the root passwords for systems running web and email for
30.000 students. "Don't mess it up" was implicit.

Apache Commons has already given write access to *all* ASF committers
[1] - which would presumably include any incubator committers.  If
it's good enough for for Commons, it should be good enough for
Incubator. Part of moving to Apache is also to trust all your
committers.

[1] 
https://mail-archives.apache.org/mod_mbox/commons-dev/201412.mbox/%3ccab917rjy57z-4pnwthvr9tuq7y3td8usg8jcmhvdthalwho...@mail.gmail.com%3E


Even with the danger of introducing a bigger temptation by explicitly
documenting the incubator-wide write policy - I would still +1 to
document this so you are aware and don't accidentally push back (as
git workflow is to commit locally and it is a bit easy to accidentally
do "git push") - with a clause that this does not mean you have
formally become a committer on the other incubator projects.


I would propose to also improve documentation at

http://wiki.apache.org/general/GitAtApache
http://www.apache.org/dev/git.html
http://www.apache.org/dev/writable-git

so it does not give impression you have to use SVN-with-git-mriroring
or that writeable GIT is "experimental". I don't know enough about the
particular setup at git.apache.org yet to do it myself.

On 31 December 2014 at 14:56, Ted Dunning <ted.dunn...@gmail.com> wrote:
> On Wed, Dec 31, 2014 at 12:27 PM, John D. Ament <johndam...@apache.org>
> wrote:
>
>> On Wed Dec 31 2014 at 2:45:48 PM David Nalley <da...@gnsa.us> wrote:
>>
>> > On Wed, Dec 31, 2014 at 2:40 PM, John D. Ament <johndam...@apache.org>
>> > wrote:
>> > > On Wed Dec 31 2014 at 2:24:36 PM David Nalley <da...@gnsa.us> wrote:
>> > >
>> > >> On Wed, Dec 31, 2014 at 11:59 AM, John D. Ament <
>> johndam...@apache.org>
>> > >> wrote:
>> > >> > Hi,
>> > >> >
>> > >> > So something Jan and I ran into on the infra list, does anyone know
>> > >> > definitively what the access rights given to a podling's git repo
>> > are, if
>> > >> > they request one (instead of a svn directory)?
>> > >> >
>> > >> > If nothing else we should document it somewhere on the incubator
>> site
>> > >> > indicating the permission sets for both svn and git.  My current
>> > >> > understanding is that svn sites are typically incubator wide, svn
>> > repos
>> > >> are
>> > >> > confined to a specific list, and git repos are incubator wide.  The
>> > git
>> > >> one
>> > >> > in particular because we don't create ldap groups for podlings and
>> > I've
>> > >> > heard that we only do groups in git (not individual lists).
>> > >> >
>> > >>
>> > >> git is tied to LDAP, and all podling repos are writable by anyone in
>> > >> the incubator LDAP group. (there are no podling LDAP groups)
>> > >>
>> > >
>> > > Got it thanks.  I'll update the docs to reflect this as the permission
>> > > scheme.
>> > >
>> > > And here I think will come in Jan's bigger question - do we really want
>> > all
>> > > podling committers to be able to commit to all other podlings?
>> > >
>> >
>> > My question is: What problem are you trying to solve? And has it
>> > really proven to be a problem?
>> > I don't think anyone has abused their ability to commit to all
>> > projects, and it's been this way as long as git has been available.
>> >
>>
>> I'm not sure that there will be an issue.  It could just be a couple of
>> IPMC members being a little more cautious that needed.  It's more than
>> likely no one's going to care.
>>
>> To date, we have always told podlings that the initial committers and your
>> mentors are the ones who have write access.  Now we're saying if you're
>> using git, it's any of the 1k + (i might be way off) members of the
>> incubator group.
>>
>> Would it be much harder to create the ldap group up front when the
>> podling's created, and shuffle people in/out at graduation?
>
>
>
> If it ain't broke ...
>
> Is there even a problem?  I haven't ever heard of it.
>
> If there isn't a problem, why are you worried about it?



-- 
Stian Soiland-Reyes
Apache Taverna (incubating)
http://orcid.org/0000-0001-9842-9718

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org

Reply via email to