On Sun, Aug 19, 2012 at 8:49 AM, Jens Vagelpohl <j...@dataflake.org> wrote:
> On Aug 18, 2012, at 21:46 , Lennart Regebro <rege...@gmail.com> wrote:
>> Yes, but my question is why this changes with github.
> GitHub is a third party infrastructure run by other people. I cannot 
> ascertain how well it enforces our requirement that all checkins must be from 
> signed contributors only.

I have to say that I find it to be without any reasonable doubt
without question that you can only wrote to a repository if you have
write access. Questioning this is to me somewhat surprising, and we
might as well claim that we can't ascertain how well the current SVN
server enforces our requirements, as we don't know what undiscovered
security holes it might have.

> Furthermore, I cannot ascertain that private contributor data remains private 
> (email addresses etc).

Is this really a requirement? Why is this a requirement? All you need
to enter at github is an email (which in practice is all we can verify
in ZF as well, as all communication is by email). Why does this email
address have to remain private?

> And since it becomes ever easier to accept code from unknown sources (e.g. 
> pull requests) legal code ownership becomes an issue again.

And that returns me to my first question: Is it really legally
different for a contributor to accept a pull request from a
non-contributor compared with a contributor merging a patch from a

Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists -
 https://mail.zope.org/mailman/listinfo/zope )

Reply via email to