On 25/06/10 16:43 -0500, Juan Fernando Jaramillo wrote: > 2010/6/20 Cédric Krier <[email protected]> > > > Here is the proposal for vote on improving contribution requirements that > > will > > take place from 27-06-2010 to 03-07-2010. > > > > Definitions: > > > > - contribution: any code or xml data submit for commit into a repository of > > Tryton. > > - contributor name: the name of the contributor in the patch > > - contributor email: the email address set by the contributor in the patch > > - key words: http://tools.ietf.org/html/rfc2119 > > > > > > Proposals for vote: > > > > - The contributor name must be the real name of the natural person who > > submit > > the code > > > > - The contributor email must be a valid email address > > > > - The contributor email must be unique > > > > - The domain of contributor email must not contain tryton > > > > - The username of the mercurial patch must be in the form: > > > > Name <email> > > > > > Who certify that the names, are real names? We must use pgp to confirm that! > in Debian use it, I use to sing my emails with this keys, and I have the > sign of a DD, and there are a net of certifications in Debian, but from few > month I don't sign with such key. The idea is similar? If so, I thing that > is a good Idea, but if not, you must to explain which method use.
Here, it is a matter of trust. I don't think we need to sign the changeset as there are reviewed by the community. So there will be no risk about malicious code insertion. For now, we are very few people to have push access to the main repository so we can trust those people (Bertrand and me :-). But you can propose to have pgp signed submition of changeset inside roundup or inside the changeset (if possible). -- Cédric Krier B2CK SPRL Rue de Rotterdam, 4 4000 Liège Belgium Tel: +32 472 54 46 59 Email/Jabber: [email protected] Website: http://www.b2ck.com/
signature.asc
Description: Digital signature
