www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jukka Zitting <jukka.zitt...@gmail.com>
Subject Re: @apache.org commit address requirement (Was: Git hosting is go)
Date Wed, 14 Dec 2011 19:15:15 GMT

On Wed, Dec 14, 2011 at 6:04 PM, Paul Davis <paul.joseph.davis@gmail.com> wrote:
> The ref updates are already logged with the change, the ldap
> authorized id, time and ip of who pushed so that should be sufficient
> there.

That information is enough to determine who pushed each commit, but it
could be rather tricky. For example, consider a case where a branch
starts at commit X and then someone pushes it to X -> Y -> Z. This
would be recorded as a change from X to Z for that branch. Now if
someone else creates a new branch at Y and makes a push, from the
ref-updates.log it'll look like that's when the commit entered the

Cases like that could be resolved by looking at the full commit graph
and the timestamps in ref-updates.log, but it would be much easier if
each push simply recorded the hash of each new commit that got
uploaded by that user.

Such a log of pushed commits would also contain the information that I
believe the current intention is to have in the %ce entries.

> As to the committer email checks, I was a bit uncertain when
> implementing this part. One the one hand I wanted to be very specific
> that every commit was committed by someone acceptable for the project
> but this has the already pointed out draw back that it requires
> committers to rebase commits after reviewing them which doesn't work
> so hot with some peoples' work flow.

Right. That's why I'd like to drop that check, or at least make it
configurable per repository.

There's also the problem that overriding the %ce field in a rebase or
an explicit filter-branch operation could in some cases destroy useful
information (distinction between who wrote the change and who made the
original git commit), which wouldn't be a problem for the separate
commit log or the Signed-Off-By entries I mentioned.

> In a perfect world what I'd really like to see here is the ldap
> self-service have email fields and an ICLA/CCLA check boolean so that
> we could just check that the email address is connected to a CLA of
> some sort. I'm quite hesitant to remove all checks from this part
> because it's quite easy for those fields to be garbage when someone
> forgets to set their name or if someone accidentally pulls unreviewed
> code in a fat finger branch update.

I'd treat those as social problems that are best solved by social
means. Introducing technical barriers will just force people to use
awkward workarounds when things like pull requests don't work like
they'd expect. After all, there are plenty of cases where people have
accidentally committed extra files or other garbage with Subversion. I
don't see much difference here.

I wouldn't object to having the %ce check available as an option for
projects that want it or even enabled by default, but IMHO it
shouldn't be mandatory for all projects.


Jukka Zitting

View raw message