[Kde-scm-interest] Accountability, concrete suggestion

Thomas Zander zander at kde.org
Fri Aug 1 09:53:31 CEST 2008 

On Friday 1. August 2008 00:17:11 Thiago Macieira wrote:
> >b) to further reduce
> >clutter, this warning could be appended only to the mail sent to
> >kde-commits. as an actual dispute over authenticity is an absolutely
> >marginal case, it can be very well referred to server logs. for
> >transparency and efficiency, the logs could be made available through a
> >web interface.
>
> Indeed. That's what I argued with Thomas as well: for our (KDE) purposes,
> the kde-commits mailing list is the accountability we need. It's archived
> in several independent websites, so tampering with is very difficult.

Yes, thats true. The reasons why I think it still does make sense to have a 
server-side solution are that I found that its easy to have a badly setup 
EMAIL variable and then committing will give you the wrong email address. For 
example when committing on a server for that www module and then later 
merging the patch in your main line.
This makes it important to have a way to find out who actually pushed the 
commit as the author field may be rubbish. Same with date.
So, to me its simply about having known-to-be-correct data in your repository. 
And having it in your repository makes it a hell of a lot easier to datamine 
later. (try dataminding your repo by getting the valid info from an email 
list!)

And, as Thiago pointed out, its pretty darn cheap to do.

> >> For this usecase I want to introduce a completely separate
> >> accountability concept that is similar, but different, from the git
> >> concept of signing off.
> >
> >i wonder why you introduce two concepts instead of suggesting this one
> >for both cases?
>
> We just listed both possibilities.

When I talked to Aaron in Dublin about the whole distributed system we noted 
that there is one huge group of people that KDE doesn't really get any 
contributors from. For several reasons people from countries like India and 
China/Japan don't really join in on KDE.
Part of the problem is bandwidth. Git can already solved this by making 
mirroring much cheaper. Another (more social) problem may be solved by having 
the ability to email your patches or to get them reviewed by co-chinese 
contributors before they are made public on kde servers.
I'm just coming up with these two examples, I'm pretty sure there are many 
other usecases where having joe-random create a patch that ends up in 
kde-servers without there being a network of trust in between.

So, to allow those to work, and still have accountability, the second concept 
was born.  I'm sure we can live without it for the current operations. But I 
think it makes sense to list both here to make clear what the logging-branch 
*can't* do ;)  And how that limited functionality not an obstacle to future 
growth.

-- 
Thomas Zander
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://mail.kde.org/pipermail/kde-scm-interest/attachments/20080801/876e52bd/attachment.pgp

More information about the Kde-scm-interest mailing list