esme-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bertrand Delacretaz <>
Subject Re: ESME at GitHub (was: Turtles all the way down (or how I learned to love math in computing)
Date Fri, 21 Aug 2009 11:47:44 GMT
On Fri, Aug 21, 2009 at 12:11 PM, Richard Hirsch<> wrote:
> ...What I don't quite understand is the problem -  "git vs apache svn" or
> "github vs apache svn"?...

Where the problem lies from the ASF point of view (omitting community
issues such as "stuff happening outside of the ASF world" for a
while), is in having a defined link from each line of committed code
to its author.

The idea is that code should only be committed to svn by its original
author, or from a JIRA contribution where the author has explicitely
granted permission.

Depending on how git or github are used (or any source code control
system outside of the ASF for that matter), code might be pulled in
from unknown people, and later committed to our svn without the
committer being the author of said code, and without the explicit
permission granted when attaching a patch to JIRA.

That's the core problem, and AFAIK (though I'd love to be proven
wrong, as distributed SCM and branching-like-mad is very cool),
there's no cryptographically safe way with git to verify the identity
of the original committer.

Restricting git pulls to ESME committers, as David suggests, would be
better by making sure no code from non-ASF committers is included.
Still, the final svn commits might contain code written by other
committers than whoever's committing to SVN, which is also a bit

> I also don't know why we can't use the git instructions described at

That would be perfectly fine from the ASF's point of view, but AFAIK
that doesn't provide the full flexibility of git such as fast and easy
branching and merging.


View raw message