[Kde-scm-interest] accountability
argonel
argonel at gmail.com
Sat Nov 14 23:55:30 CET 2009
2009/11/14 Chani <chanika at gmail.com>
> On November 13, 2009 08:06:49 Jeff Mitchell wrote:
> > Ian Monroe wrote:
> > > Which is why I like my simple flat-file log idea (a log of commit
> > > hash, user id, maybe time). It doesn't open up any privacy issues
> > > (since the info is already public) and would solve the problem by
> > > using the commit hash, which is a nice security feature of git.
> >
> > You still have an issue in that the user id is internal to Gitorious and
> > is meaningless without also providing further information, like email
> > address, name, public ssh key, or some such thing.
> >
> > All of those could be seen as potential privacy issues; for instance,
> > you might think the email address would be obvious, but what if a person
> > is committing under a different email address than what they've given to
> > Gitorious?
> >
> > --Jeff
> >
>
> I still don't understand why we need access to email addresses from some
> gitorious database anyways. if you want to push to a kde repo, you have to
> be
> in the kde-developers group. we can require people to agree to whatever's
> needed at the time they join that group. all we need is a log of which kde
> developer pushed what, right?
> everything else you can get from a git clone...
>
>
The problem is that your email address according to Git and your
kde-developers group membership are not necessarily related, so there is no
guaranteed way to map the commit back to the person that commited.
My suggestion is to have a pre-commit hook that compares the email address
on the commit message to the list of subscribers to kde-cvs-announce (or
bugzilla) and if it isn't found, reject the commit. We'll need a mechanism
for syncing this list, but it should not be an unsurmountable hurdle.
> --
> This message brought to you by eevil bananas and the number 3.
> www.chani3.com
>
> _______________________________________________
> Kde-scm-interest mailing list
> Kde-scm-interest at kde.org
> https://mail.kde.org/mailman/listinfo/kde-scm-interest
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.kde.org/pipermail/kde-scm-interest/attachments/20091114/4517b40e/attachment.htm
More information about the Kde-scm-interest
mailing list