Jens Vagelpohl wrote:
Maintaining the chain of custody doesn't just consist of selecting pull
requests or patches coming from somewhere. It also means verifying the
contributor - be it the one who is creating the patch or pull request or the
one who is merging new code into the repository - is who he claims to be. In
the current setup the verification of the merging contributor is done using
unique SSH logins with keys for every contributor, which works very well.
This is how github works, too. The only difference is that the admin UI
for changing your SSH key is on the github site, not the ZF site.
By the way, there's no problem converting project repositories on an as-needed basis to
Git repositories in the current infrastructure. But I feel the discussion is more about
"GitHub or nothing". Apologies to anyone who feels offended, I'm just speaking
privately here under the impression that no one has mentioned any alternative solution.
There are alternative git solutions, all of which would be preferable to
the current SVN setup. GitHub is just a hosted service that many of us
are already using and have admin helper tools for. By the same token,
the "let's not use github" side of this discussion feels to me like
"self-hosted or nothing". We absolutely should have backups/mirrors of
what's on github, but we shouldn't abandon the idea of using github
because we're only going to be using 40% of the great things it adds on
top of git, rather than 100%.
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -