In gentoo git tree all git commits will be signed by commiter gpg keys
(and this will be requerd!)
Aaron W. Swenson писал 2012-05-25 00:00:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 05/24/2012 03:57 PM, Dan Douglas wrote:
Git is about decentralized version control. When you clone a repo,
you have your own "fork". When everyone has their own branch,
everyone is effectively equal. So yes you can expect much much
more forking. In Git land, forks are good. There's no way to
enforce that people only pull from some "official" source.
It works out in practice so that 99% of the time people only care
about a couple branches of one repository. Counterintuitively, this
comes as a side- effect of git actually doing distribution properly
and making it easier for everybody's workflow. The overlay model by
contrast is quite broken on its own and virtually forces creation
of new overlays in order to make changes without the benifits of
version control (with regards to the rsync tree at least).
What Github does is facilitate making it easy to fork/branch and
provide a central way to push changes back into a remote through
pull requests. Pull requests and other web services around git
hosting are pretty much the thing that makes github worth using.
From the standpoint of accepting patches, the differenc e to you is
rather than (or in addition to) accepting patches through bugzilla,
you can choose to accept a push directly from someone else's copy
of the repo. It isn't like a wiki - everybody commits to their own
repositories and pushing to a remote is on a whitelist basis just
like in centralized version control.
This gets us into another topic altogether.
I do believe git pull-requests should go through Bugzilla. A
pull-request is the equivalent to bump requests, patch fixes, and all
sorts of stuff that we already handle through Bugzilla. Bugzilla also
contains our history.
If they happen to be needing to be pulled from github, that's fine.
Definitely convenient for the contributor.
We'll also need to clearly document how the pull-request is to be
generated. (I vote for requiring signed pull-requests. [1])
github should not be our central point of contact. We have b.g.o for
that. github should be on the fringes as a tool that we can use if we
want to.
[1]
http://git-blame.blogspot.com.ar/2012/01/using-signed-tag-in-pull-requests.html
- - Aaron
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iF4EAREIAAYFAk++oYEACgkQVxOqA9G7/aC1WgD/V33WU0Cvc/po2Evrrjk6fM4d
IHt8FtD21rKfyrxmCeQA/A7t/nCJOA5UURm2ILAraPLWu598G8bKV7RNKtRKrqhQ
=MVyV
-----END PGP SIGNATURE-----
--
Best Regards,
Alexey 'Alexxy' Shvetsov
Petersburg Nuclear Physics Institute, NRC Kurchatov Institute,
Gatchina, Russia
Department of Molecular and Radiation Biophysics
Gentoo Team Ru
Gentoo Linux Dev
mailto:alexx...@gmail.com
mailto:ale...@gentoo.org
mailto:ale...@omrb.pnpi.spb.ru
