groovy-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@gmail.com>
Subject Re: New Workflow…
Date Sun, 26 Apr 2015 16:45:21 GMT
Le 26/04/15 18:01, Russel Winder a écrit :
>
> <<ezmlm rejected this post of 6 days ago earlier today :-(>>
>
> On Sun, 2015-04-19 at 12:54 -0700, Andrew Bayer wrote:
>> I'm working on getting Gerrit going here. Until then, all commits
>> must be
>> made to the ASF repo - we have legal requirements around
>> traceability, push
>> logs, etc that, as of now, GitHub can't satisfy, so all ASF projects
>> are
>> required to push all commits directly to the ASF-hosted repositories.
>
> Good to hear that ASF will be supporting a Git/Gerrit-based workflow.
> I think this will be good for Groovy and all the other projects moving
> from Subversion to Git. Sadly I think most people using Git should be
> using Mercurial, but…
>
> I am not sure I understand why a Git commit made directly to an ASF
> repository is any less traceable, logged etc. than a commit made by
> the same person on GitHub and then mirrored to ASF. I appreciate that
> ASF has a legal requirement of traceability, but I question that
> GitHub merging mirrored to ASF is any more or less traceable than
> merging on a personal machine and pushed to ASF. The ASF Git
> repository will have the same changesets.
>
> I guess the difference could be that the ASF makes use of
> sophisticated hooks to create more detailed logs of activity at ASF
> that is obtainable via Git per se. My worry is that this is formally
> vacuous as real data for traceability, but that it satisfies some
> abstract legal need that is not actually being met but appears to be.

This is not a question of traceability. It's just that when Github wil
shutdown, or close their repository, we won't be dead in the water, as
we have the main repository on *our* servers.

And if it sounds hypothetical, then think about what happened recently
to codehaus...

From the legal POV, the ASF distribute sources, and provide protection
to committers by the means of being able to exhibit the full history.
Again, if github decides to just limit the project history to, say, one
year, we would be dead in the water again. And again, if it seems
spurious to keep all the history, know that we are sometime asked to
provide this source history in court.

Last, not least, we protect *committers* against any legal action,
committers being voted people. Being able to give access to a selected
number of person who have signed a CCLA/ICLA is a key for The ASF,
something you are not likely to be able to enforce in github (and if you
can, again, we have no guarantee we can control such protecion for ever)

Hope it clarifies why we push commits to the ASF Git repository.



Mime
View raw message