[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNUnet-developers] Discussion, and Help Wanted: Moving to Gitlab fo

From: Christian Grothoff
Subject: Re: [GNUnet-developers] Discussion, and Help Wanted: Moving to Gitlab for Git, CI, and Issues
Date: Mon, 8 Apr 2019 22:39:29 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1

On 4/8/19 4:42 PM, address@hidden wrote:
>> On 4/8/19 3:37 PM, Schanzenbach, Martin wrote:
>>>> It sounds like you're suggesting that we should have a core team of
>>>> developers in official capacity for GNUnet e.V. to look at pull requests
>>>> and then say "we think that this doesn't infringe on copyright" and
>>>> merge them in.  Is that what you're saying?
>>> I did not start the copyright argument and am not even sure if we need to 
>>> address it (see other mails).
>>> What I am saying is that GNUnet e.V. is currently (or better: should be) 
>>> vetting every contributor wrt the CAA _before_ any contribution is done.
>> True.
>>> This vetting process is not transparent and power is quite concentrated 
>>> (note I am not saying abused).
>> I'm not sure how this is not transparent, as the list of people who
>> signed it is maintained in the gnunet-ev.git, and the CAA is public as
>> well.
> I had to ask where this list is. So I have this 1/4 finished document
> which is not a good on-boarding document, but a better one than now,
> which is nix, nada. So we should mention little details like this on
> the website or in this guide.


>> Also, various people are in principle able to onboard new
>> committers. The fact that I collect the printouts is something I'm not
>> sure how to fix. I considered putting the signed statements into a Git,
>> but figured having scans of people's signatures online was a bad idea (TM).
> I remember having to sign a similar document for Erlang contributions,
> but they abstracted it into their github-centric organization, so
> to have it only digital should be doable if Erlang gets away with it
> (also a european business, located in Sweden). 

Well, for the legality of the CAA, I suspect that's true. As for
preventing someone from abusing such a Git as a "free public file
hoster" I'm not so sure.  Especially stuff in some random developer
branch is unlikely to be properly monitored by us. But that could maybe
be addressed by a CI check for the upload of 'large' files that triggers
an alert.

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]