[Kde-scm-interest] Distributed model VS accountability
Thiago Macieira
thiago at kde.org
Thu Nov 22 21:28:09 CET 2007
I've had this nagging question to my mind for the past three days: how can
we have accountability with Git? Especially with the model where our
repositories are free for pushing from everyone?
When you commit in CVS or Subversion, your identity is part of the commit.
But since the commit is generated at the server, if we trust the server
we can be reasonably sure that the commit was made by whoever the commit
says it was.
In a distributed model, there is no central server imposed by the
protocol. Which means I can pull commits from one server and push to
another. In turn, that means the identity of the committer isn't set at
the server.
Which means the identity of the person who pushed is lost (at least with
Git). So how can we have accountability?
I was thinking of a possible solution: a hook on the server requires that,
in the commits you're pushing, there is an unbroken direct line between
the current HEAD and the one you're pushing.
It's easy to get that when you only push your own commits. But, as soon as
you start merging branches and working with other people, that model may
break down. With Git, it would require that it never do fast-forward when
it merges -- it should create a merge commit (commit with two parents).
Does anyone have solutions to this problem?
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://mail.kde.org/pipermail/kde-scm-interest/attachments/20071122/ef5c4053/attachment.pgp
More information about the Kde-scm-interest
mailing list