[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#38846] [PATCH 4/4] DRAFT doc: Add a cooption policy for commit acce

From: Maxim Cournoyer
Subject: [bug#38846] [PATCH 4/4] DRAFT doc: Add a cooption policy for commit access.
Date: Tue, 07 Jan 2020 17:36:13 -0500
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)

Hi Ludo,

Thank you for taking the time to draft this new policy.

Ludovic Courtès <address@hidden> writes:


> Taking these comments into accounts, I get:
> @enumerate
> @item
> Find three committers who would vouch for you.  You can view the list of
> committers at
> @url{}.  Each
> of them should email a statement to @email{} (a
> private alias for the collective of maintainers), signed with their
> OpenPGP key.
> Committers are expected to have had some interactions with you as a
> contributor and to be able to judge whether you are sufficiently
> familiar with the project's practices.  It is @emph{not} a judgment on
> the quality of your work, so a refusal should rather be interpreted as
> ``let's try again later''.
> @item
> Send @email{} a message stating your intent,
> listing the three committers who support your application, signed with
> the OpenPGP key you will use to sign commits, and giving its fingerprint
> (see below).  See @uref{}, for an
> introduction to public-key cryptography with GnuPG.

Note that Email Self-Defense focuses on the use of Thunderbird + the
Enigmail plugin, both of which are missing from our collection of
packages.  I don't have a better resource to suggest, though.

> @item
> Once you've been given access, please send a message to
> @email{} to say so, again signed with the OpenPGP key
> you will use to sign commits.  That way, everyone can notice and ensure
> you control that OpenPGP key.
> @c TODO: Add note about adding the fingerprint to the list of authorized
> @c keys once that has stabilized.
> @item
> Make sure to read the rest of this section and... profit!
> @end enumerate
> Thanks for your feedback!
> Ludo’.

I like the proposal drafted so far.  I agree with others that it is
important to say that the maintainers reserve the final say in whether
or not a contributor is granted push rights to the Guix repository, for

LGTM :-)


Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]