[Zope-dev] We need to change how code ownership works.

Matthew Wilkes matthew at matthewwilkes.co.uk
Mon Aug 20 10:01:19 UTC 2012



Jens Vagelpohl wrote:
>
> Maintaining the chain of custody doesn't just consist of selecting pull requests or patches coming from somewhere. It also means verifying the contributor - be it the one who is creating the patch or pull request or the one who is merging new code into the repository - is who he claims to be. In the current setup the verification of the merging contributor is done using unique SSH logins with keys for every contributor, which works very well.

This is how github works, too. The only difference is that the admin UI 
for changing your SSH key is on the github site, not the ZF site.

>
> By the way, there's no problem converting project repositories on an as-needed basis to Git repositories in the current infrastructure. But I feel the discussion is more about "GitHub or nothing". Apologies to anyone who feels offended, I'm just speaking privately here under the impression that no one has mentioned any alternative solution.

There are alternative git solutions, all of which would be preferable to 
the current SVN setup. GitHub is just a hosted service that many of us 
are already using and have admin helper tools for. By the same token, 
the "let's not use github" side of this discussion feels to me like 
"self-hosted or nothing". We absolutely should have backups/mirrors of 
what's on github, but we shouldn't abandon the idea of using github 
because we're only going to be using 40% of the great things it adds on 
top of git, rather than 100%.

Matt


More information about the Zope-Dev mailing list