Git Scratch-Pads for every identity.kde.org account (not only developers)
Chani
chanika at gmail.com
Sun Jan 2 04:02:27 GMT 2011
> > I'm asking you to come up with a plan that:
> >
> > - Makes sure that the data that will be uploaded will be rele-
> >
> > vant to KDE, so our infrastructure is not unnecessarily taxed.
> >
> > - Finds a way to be reasonably confident that the data that
> >
> > will be uploaded will not make us liable in some way.
>
> What about a license agreement? Something like "I won't upload stuff that
> will get KDE sueued nor anything unrelated to KDE. If in doubt, I'll ask
> the holy sysadmins whether what I intend to upload is OK."
>
> Or alternatively something like a two-stage development account, where the
> initial padawan status only allows for comitting in the personal scratch
> pad but also needs the OK by an existing person.
>
> The whole "I as an existing Dev vouche for new contributor XYZ" is fraud
> anyways. If he's about to do new work, how am I supposed to know what he
> does or not.
uhh, references? :) vouching for someone means you ought to check up on them
for a bit too, imho.
> And "only clones allowed" is also not safe, he could simply
> upload fraud stuff in those clones if he wants to.
>
> Really, onle a license agreement would make sense (and imo would be a good
> thing anyways, just to make sure).
>
I highly doubt that spammers care to follow license agreements. :)
your proposal would allow anyone to create an account and upload evil spammy
repos (or pron repos, or anything else) - and when you caught him and shut his
account down, he'd just create another one. heck, he could do it from an
internet cafe or an aol connection so that you can't even block his IP...
requiring someone to vouch for new svn/git accounts means that a potential
spammer has to first convince a kde developer that he's actually a developer
with something useful to contribute - and that's been enough of a barrier to
keep them out. :)
--
Chani
http://chani.ca
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20110102/df2d658f/attachment.sig>
More information about the kde-core-devel
mailing list