[Kde-scm-interest] Accountability, concrete suggestion

[Oswald Buddenhagen]

On Thu, Jul 31, 2008 at 03:07:37PM +0200, Thomas Zander wrote:
> This will mean the content of both the master and the loggingOfMaster
> branches will be identical.  The merge action creates a commit.  A
> commit on the logging branch and one that the server automatically
> creates. 
>
that means that every branch will have a shadow branch, and every commit
(or commit group, as in push) will have a shadow commit. considering
that everyone will have the *entire* history of each module he is using
on his disk, i'm not really happy about that. also, i think it is simly
overkill: a) the server could append to the log message something like
that: "Warning: author's email address does not match any registered
address of the submitting account (thiago)." b) to further reduce
clutter, this warning could be appended only to the mail sent to
kde-commits. as an actual dispute over authenticity is an absolutely
marginal case, it can be very well referred to server logs. for
transparency and efficiency, the logs could be made available through a
web interface.

> For this usecase I want to introduce a completely separate accountability 
> concept that is similar, but different, from the git concept of signing off.
> 
i wonder why you introduce two concepts instead of suggesting this one
for both cases?
an alteration to the concept: instead of removing the received
signature, you would sign it, too. this would actually *be* the
kernel-style signed-of-by concept, only that it would be
cryptographically signed.

-- 
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
--
Confusion, chaos, panic - my work here is done.