groovy-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <>
Subject Re: New Workflow…
Date Mon, 27 Apr 2015 09:12:33 GMT
Le 27/04/15 10:18, Jochen Theodorou a écrit :
> Am 26.04.2015 18:45, schrieb Emmanuel Lécharny:
> [...]
>> This is not a question of traceability. It's just that when Github wil
>> shutdown, or close their repository, we won't be dead in the water, as
>> we have the main repository on *our* servers.
>> And if it sounds hypothetical, then think about what happened recently
>> to codehaus...
> Git is not subversion. 
Still. The ASF repo *must* be the reference.

> If codehaus suddenly had shutdown, we would have still local copies of
> the repository (even ignoring that github already was the main repo
> and codehaus only a copy). 

And it took weeks of work to find a new home and to migrate everything.
Something you want to do again ?

> In git everyone has the full repo locally as well, as long as it is
> updated. You can do shallow copies in git, but they are not standard.

Standard for The ASF means something that we can bring to a juge, if
needed. This is quite complicated to guarantee if we don't have the main
repo in our walls.
>>  From the legal POV, the ASF distribute sources, and provide protection
>> to committers by the means of being able to exhibit the full history.
>> Again, if github decides to just limit the project history to, say, one
>> year, we would be dead in the water again. And again, if it seems
>> spurious to keep all the history, know that we are sometime asked to
>> provide this source history in court.
> Same story if for example the repository gets corrupted by file errors
> in a way that allows still the usage of the repo, but some data has
> been altered. Though, such things can imho happen on Apache as well

We do have some periodic backups. I hope that we can detect alteration
fast enough to be able to restore the data in their pristine state. I
happened a couple of time a few years ago when The ASF has been hacked
(yes, we are not immune against such attacks ;-)

>> Last, not least, we protect *committers* against any legal action,
>> committers being voted people. Being able to give access to a selected
>> number of person who have signed a CCLA/ICLA is a key for The ASF,
>> something you are not likely to be able to enforce in github (and if you
>> can, again, we have no guarantee we can control such protecion for ever)
> Well, following this strictly we should never ever merge pull requests
> from github

Why ? The committer who push such pull request does it under his own

>> Hope it clarifies why we push commits to the ASF Git repository.
> You mean clarifies why we have to push commits to the ASF Git
> repository as primary repository.... and not really to be frank.

Sorry, but I don't see what is your problem them, beside some
philosophical aspects...

View raw message