-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2016-12-09 17:59, Marek Marczykowski-Górecki wrote:
> [...] I'm slightly leaning towards having it separate, but enabled
> by default. But I'd like to hear other opinions.
>
IMO, separate sounds fine.
> Extra thought: maybe builder-github shoul
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sat, Dec 10, 2016 at 10:47:02AM -0500, Jean-Philippe Ouellet wrote:
> On Sat, Dec 10, 2016 at 9:59 AM, Marek Marczykowski-Górecki
> wrote:
> > A `git diff` could be used to avoid this, but still it makes much sense
> > to have it always fast-forw
On Sat, Dec 10, 2016 at 9:59 AM, Marek Marczykowski-Górecki
wrote:
> A `git diff` could be used to avoid this, but still it makes much sense
> to have it always fast-forward.
This does not catch someone rewriting old commit messages to hide
things. AFAIK there is no better way than manually check
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sat, Dec 10, 2016 at 09:35:33AM -0500, Jean-Philippe Ouellet wrote:
> On Sat, Dec 10, 2016 at 9:12 AM, Marek Marczykowski-Górecki
> wrote:
> >> The purpose of the github PRs here would be to improve the workflow of
> >> a maintainer telling the w
On Sat, Dec 10, 2016 at 9:35 AM, Jean-Philippe Ouellet wrote:
> On Sat, Dec 10, 2016 at 9:12 AM, Marek Marczykowski-Górecki
> wrote:
>> This is the workflow we started in this repository and probably will
>> implement in others too (especially using PR, then pushing to -staging to
>> always go th
On Sat, Dec 10, 2016 at 9:12 AM, Marek Marczykowski-Górecki
wrote:
>> The purpose of the github PRs here would be to improve the workflow of
>> a maintainer telling the world "Hey, here's a set of complete and
>> locally-tested changes, please review." with two goals:
>> 1) Help ensure things get
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sat, Dec 10, 2016 at 12:05:07AM -0500, Jean-Philippe Ouellet wrote:
> (Re-ordered the quoted email for more readable reply)
>
> On Fri, Dec 9, 2016 at 11:06 PM, Marek Marczykowski-Górecki
> wrote:
> > Depending only on github repo permissions is
On Sat, Dec 10, 2016 at 12:05 AM, Jean-Philippe Ouellet wrote:
> IMO something like this should already be the workflow for reviewing
> PRs to core (non -contrib) code. (Perhaps it is, idk.)
I am actually quite curious what your reviewing workflow currently
does look like.
--
You received this
I guess more succinctly:
I think signed tags triggering builds makes a lot of sense.
I think signed tags triggering code reviews does not.
I believe that a workflow involving PRs would be preferable because:
- Random comments on commits are IMO not an effective way to keep
track of issues.
- PRs
(Re-ordered the quoted email for more readable reply)
On Fri, Dec 9, 2016 at 11:06 PM, Marek Marczykowski-Górecki
wrote:
> Depending only on github repo permissions is against the rule of not
> trusting the infrastructure.
I definitely agree, and on the "here's what we actually download and
comp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Fri, Dec 09, 2016 at 10:46:25PM -0500, Jean-Philippe Ouellet wrote:
> On Fri, Dec 9, 2016 at 8:59 PM, Marek Marczykowski-Górecki wrote:
> > I think handling contributions there can be easily automated with
> > https://github.com/QubesOS/qubes-issu
On Fri, Dec 9, 2016 at 8:59 PM, Marek Marczykowski-Górecki wrote:
> I think handling contributions there can be easily automated with
> https://github.com/QubesOS/qubes-issues/issues/1818
> So, the only actual work needed, will be reviewing changes, then adding
> a signed tag. Everything else will
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Fri, Oct 14, 2016 at 07:33:59PM -0700, Andrew David Wong wrote:
> On 2016-10-14 06:54, Wojtek Porczyk wrote:
> > On Thu, Oct 13, 2016 at 02:19:35PM -0700, Andrew David Wong wrote:
> >> On 2016-10-13 13:22, Marek Marczykowski-Górecki wrote:
> >>> O
On Thu, Oct 13, 2016 at 01:34:13PM +0200, Wojtek Porczyk wrote:
> > Option 4 sounds fine to me.
> Second that.
same here, even though I'm late to this party. :)
Regarding the name, maybe something more general, like
QubesOS-3rdparty? I fear that QubesOs-Apps could become too wrong /
misnomed too
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2016-10-14 06:54, Wojtek Porczyk wrote:
> On Thu, Oct 13, 2016 at 02:19:35PM -0700, Andrew David Wong wrote:
>> On 2016-10-13 13:22, Marek Marczykowski-Górecki wrote:
>>> On Thu, Oct 13, 2016 at 11:30:39AM -0700, Andrew David Wong wrote:
If w
On 10/14/2016 01:54 PM, Wojtek Porczyk wrote:
>
> Just a thought: can't we invite those original authors to this new
> organisation? They could upload the code directly, but we'd still have
> to tag
> the code for builder to verify. They'll have a nice logo on their GitHub
> profile as a token of r
On 10/13/2016 09:19 PM, Andrew David Wong wrote:
>
> I think it's fine to choose option 4 here, in line with your preference.
> Since it would be a dedicated GitHub organization, we could simply
> preserve the upstream names. Or, if there are organizational benefits
> to prefixing (e.g., to sort th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, Oct 13, 2016 at 02:19:35PM -0700, Andrew David Wong wrote:
> On 2016-10-13 13:22, Marek Marczykowski-Górecki wrote:
> > On Thu, Oct 13, 2016 at 11:30:39AM -0700, Andrew David Wong wrote:
> >> If we want to allow authors to retain control (on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2016-10-13 13:22, Marek Marczykowski-Górecki wrote:
> On Thu, Oct 13, 2016 at 11:30:39AM -0700, Andrew David Wong wrote:
>> On 2016-10-13 10:19, Marek Marczykowski-Górecki wrote:
>>> On Thu, Oct 13, 2016 at 02:21:24PM +, Manuel Amador (Rudd-O)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, Oct 13, 2016 at 11:30:39AM -0700, Andrew David Wong wrote:
> On 2016-10-13 10:19, Marek Marczykowski-Górecki wrote:
> > On Thu, Oct 13, 2016 at 02:21:24PM +, Manuel Amador (Rudd-O) wrote:
> >> On 10/12/2016 10:16 PM, Marek Marczykowski-Gó
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2016-10-13 10:19, Marek Marczykowski-Górecki wrote:
> On Thu, Oct 13, 2016 at 02:21:24PM +, Manuel Amador (Rudd-O) wrote:
>> On 10/12/2016 10:16 PM, Marek Marczykowski-Górecki wrote:
>>> Hi,
>>>
>>> [...packagin 3rd party software...]
>>> Any
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, Oct 13, 2016 at 02:21:24PM +, Manuel Amador (Rudd-O) wrote:
> On 10/12/2016 10:16 PM, Marek Marczykowski-Górecki wrote:
> > Hi,
> >
> > [...packagin 3rd party software...]
> > Any thoughts?
>
> I think it depends on whether the 3rd party
On 10/12/2016 10:16 PM, Marek Marczykowski-Górecki wrote:
> Hi,
>
> [...packagin 3rd party software...]
> Any thoughts?
I think it depends on whether the 3rd party software is meant to be
upstreamed into Qubes OS.
For example, in the case of my tools, I would like them to be
upstreamed, therefore
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Wed, Oct 12, 2016 at 10:23:55PM -0700, Andrew David Wong wrote:
> On 2016-10-12 15:16, Marek Marczykowski-Górecki wrote:
> > Hi,
> >
> > Currently most of Qubes OS repositories are about Qubes-specific code as
> > almost all other components we p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2016-10-12 15:16, Marek Marczykowski-Górecki wrote:
> Hi,
>
> Currently most of Qubes OS repositories are about Qubes-specific code as
> almost all other components we pull from upstream distribution(s). This
> works well with our current reposit
25 matches
Mail list logo