www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hoss Man (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (LEGAL-156) Can we accept pull requests from github ?
Date Tue, 11 Jun 2013 23:20:20 GMT

    [ https://issues.apache.org/jira/browse/LEGAL-156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13680802#comment-13680802
] 

Hoss Man commented on LEGAL-156:
--------------------------------

>> relying on the pull request mail means relying on a third party (github)
...
>> my point was getting consent from the patch author directly, rather than mediated
by github

how far down the stack of turtles do you want to look to verify things?

If you consider the emails github sends when a user hit's the "Pull Request" button as being
mediated, and not trustworthy enough w/o additional verification from the patch author, then
how/when/why can you trust any patch emailed to the dev list?  Why trust github less then
we trust gmail or outlook?  

As Mark mentioned above, we already have to use good judgment in assessing that any person
emailing a patch (or a URL of a patch, or attaching a patch to Jira, etc..) is in fact the
patch author and is authorized to contribute it -- that seems to go part and parcel with trusting
whatever tool that person chose to send us that mail or upload that file: Unless you have
reason to suspect otherwise, assume it's on the level.

                
> Can we accept pull requests from github ?
> -----------------------------------------
>
>                 Key: LEGAL-156
>                 URL: https://issues.apache.org/jira/browse/LEGAL-156
>             Project: Legal Discuss
>          Issue Type: Question
>            Reporter: Kristian Rosenvold
>
> In maven, we generally require that all external submissions have JIRA issues. With svn
we would normally have patches attached to the jira issue, which would link a submission to
the submitter.
> With pull requests coming in from github, we receive a "submission" that is tagged with
author name and email and an external reference to the diff (a link to the commit on github).
This pull request is sent to ASF mailing lists and would IMO serve as a record of submission.
Given that the author information in the commit seems valid, can we accept such a pull request
directly ? (to this moment we still require that authors add patches to jira as well)
> (It would look to me like the only thing missing is that we have the process picking
up the pull requests actually attach the diff to the mail too, but heck IANAL).

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message