Jens Vagelpohl wrote:

Maintaining the chain of custody doesn't just consist of selecting pull 
requests or patches coming from somewhere. It also means verifying the 
contributor - be it the one who is creating the patch or pull request or the 
one who is merging new code into the repository - is who he claims to be. In 
the current setup the verification of the merging contributor is done using 
unique SSH logins with keys for every contributor, which works very well.

This is how github works, too. The only difference is that the admin UI for changing your SSH key is on the github site, not the ZF site.


By the way, there's no problem converting project repositories on an as-needed basis to 
Git repositories in the current infrastructure. But I feel the discussion is more about 
"GitHub or nothing". Apologies to anyone who feels offended, I'm just speaking 
privately here under the impression that no one has mentioned any alternative solution.

There are alternative git solutions, all of which would be preferable to the current SVN setup. GitHub is just a hosted service that many of us are already using and have admin helper tools for. By the same token, the "let's not use github" side of this discussion feels to me like "self-hosted or nothing". We absolutely should have backups/mirrors of what's on github, but we shouldn't abandon the idea of using github because we're only going to be using 40% of the great things it adds on top of git, rather than 100%.

Matt
_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
https://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope )

Reply via email to