Re: [LEDE-DEV] Proposal to sign all commits
On 16-05-06 08:28 PM, Kus wrote: > Daniel, I like what you said. I hinted something like that in the original > message. Er, sorry which part - I think you mean about fast-forward only and not the ideal world where everything is always tested no matter who it's from? Regards, Daniel > > I don't like the idea of making changes to history after it is published. > Personally, I don't care about commit pollution but if the team thinks it is > important, then we should squash commits before we merge with master. History should never be rewritten in a *public* (meaning one that is supposed to be pulled from rather than a feature or staging branch that is intended for testing and rebasing and so on) branch. Ever. IMNSHO. (Unless it's something like a personal tree on github that hasn't been forked and you have no reason believe someone else has even noticed it, yet, and you have a good reason). In other branches only history not already in public branches should be rewritten else you've got an ugly problem. > In an ideal world, we'd make all commits on master and we'd have 100% > confidence that each commit is guaranteed to cause no regression. If wishes > were fishes... Heh, if that were the case we'd be the robots that took over the world because we were better than our human creators > Maybe require all commits in master be signed and encourage but not require > signing for others? Would that be acceptable? > Make sense to me. Regards, Daniel ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
Re: [LEDE-DEV] Proposal to sign all commits
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > Regarding signing commits with GPG key, it would be nice to recommend it but > making it a requirement sounds like a barrier. I'd argue such a barrier is OK if we want to quickly increase the size of the team of people with commit access. I think we're underestimating our contributors here. I agree that we shouldn't have unnecessary barriers (such as copyright assignment to give a specific example). I am getting mixed signals here though. Some people say requiring signing causes friction and limits participation. Others say that there will only be a couple of people who will ever have commit access so signing is unnecessary. I don't want to take too much time here because signing commits is a lower priority compared to doing the actual work of writing code/documentation (including a wiki), increasing/maintaining test coverage, and setting up automatic signed builds and so on (being discussed in separate threads). I don't think there's a definite right or wrong answer here as long as we understand and accept the trade offs. Sincerely, -BEGIN PGP SIGNATURE- Version: APG v1.1.1 iQJRBAEBCgA7BQJXLL6NNBxLdXNoYWwgSGFkYSAoZGV2ZWxvcGVyKSA8a3VzaGFs ZGV2ZWxvcGVyQGdtYWlsLmNvbT4ACgkQJsInd2b1xmPv9w/+Km0COpDHFHWjahVX XCGZdokz4BZn41ZF54R4z7iyexzZ9uviLJfQyftHODHYCvdl/P+zA3WYX2nyEQ5j zDIkXuGKmrG68zt55Y2layVgOrqJ3BswwdkFhG7mFEyvTJQDWYp50F6a9JjURZmB x1YCUO7fQidrmjOYdE9omEeJCBukujGtBFG1i2YxGPHA8hWANxB+hZD5AZHouNto i5YG7ssjJXusdoCtReIxUsimUwQ6s5IqSiOSZPwlGGl3lTj4rVcQtUNZzTlwBRsL 3VEAAlXNd6Kl0oKaet9wVJNwiF3nrDiLAgwTjS2T5ZIe5l4+TwcSAsN3xJUAe1tx 7ysWFEbgYNLxXuI8cvEXr9g9n7BW3QnbgQzpgadjQisGeIOzwsCirpGKrSBJDXVP RDClZQe9FhJ4edxgWig4htvH4eHsyyzic0RDaG+70aSNlWS4gVniAZ+dvn4cxnlF 22v7Ryl/Sb3dmhub2bQVVP4TZyYityNNfyW74cODj4mx2cYYwEhVEIAbvKz+ZE7r D6T2svtOSJpaPBGKL4JGhXxdwo6UZJucA13h3nrxYH+nHlm6v0xHWkV955LyP976 SYS7Nw6Opw0L66L5jAJjQ3z6+YAabd00AmxWMnL6pMJk3k8sY8sH45CLghCvQNzr xeFklDOsle8MwWAuuBb9CMB1OLI= =bVJi -END PGP SIGNATURE- ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
Re: [LEDE-DEV] Proposal to sign all commits
Hi, > I am concerned that git signing gives little, if any value, while making > it harder to contribute (and making it easier to contribute is one of > the *stated* goals of LEDE) and is another example of a tendency toward > a particular brand of technical elitism that will kill this project if > not nipped in the bud. I tend to agree here - people specifically ask about being able to contribute via Github because it allegedly makes contributions easier. My experience has shown that a lot of contributors already struggle with the concept of sign-off lines. Require them to PGP sign stuff would pretty much kill any effort in this direction right away. ~ Jo ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev