[gentoo-dev] [RFC] Requiring gentoo.git committers to use their @gentoo.org address

[gentoo-dev] [RFC] Requiring gentoo.git committers to use their @gentoo.org address

[Michał Górny]

[-- Attachment #1: Type: text/plain, Size: 1172 bytes --]

Hi,

We currently don't enforce any particular standard for e-mail addresses
for developers committing to gentoo.git.  FWICS, the majority of
developers is using their @gentoo.org e-mail addresses.  However, a few
developers are using some other addresses.

Using non-@gentoo.org e-mail addresses generally causes problems
in accounting for commits.  For example, our retirement scripts can't
detect commits made using non-Gentoo e-mail address.  My dev-timeline
scripts [1] account for all emails in LDAP (which doesn't cover all
addresses developers use).  FWIK gkeys accounts for all addresses
in the OpenPGP key UIDs.  In my opinion, that's a lot of hoops to jump
through to workaround bad practice.

Therefore, I'd like to start enforcing (at the level of the hook
verifying signatures) that all commits made to gentoo.git (and other
repositories requiring dev signatures) are made using @gentoo.org e-mail 
address (for committer field).

Is anyone opposed to that?  Does anyone know of a valid reason to use
non-@gentoo.org address when committing?

[1]:https://dev.gentoo.org/~mgorny/dev-timeline.html

-- 
Best regards,
Michał Górny

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 963 bytes --]

Re: [gentoo-dev] [RFC] Requiring gentoo.git committers to use their @gentoo.org address

[Kristian Fiskerstrand]

[-- Attachment #1.1: Type: text/plain, Size: 486 bytes --]

On 07/09/2018 10:40 AM, Michał Górny wrote:
> Therefore, I'd like to start enforcing (at the level of the hook
> verifying signatures) that all commits made to gentoo.git (and other
> repositories requiring dev signatures) are made using @gentoo.org e-mail 
> address (for committer field).

Sounds like a good thing, go for it!

-- 
Kristian Fiskerstrand
OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: [gentoo-dev] [RFC] Requiring gentoo.git committers to use their @gentoo.org address

[Mart Raudsepp]

[-- Attachment #1: Type: text/plain, Size: 2099 bytes --]

Ühel kenal päeval, E, 09.07.2018 kell 10:40, kirjutas Michał Górny:
> Hi,
> 
> We currently don't enforce any particular standard for e-mail
> addresses
> for developers committing to gentoo.git.  FWICS, the majority of
> developers is using their @gentoo.org e-mail addresses.  However, a
> few
> developers are using some other addresses.
> 
> Using non-@gentoo.org e-mail addresses generally causes problems
> in accounting for commits.  For example, our retirement scripts can't
> detect commits made using non-Gentoo e-mail address.  My dev-timeline
> scripts [1] account for all emails in LDAP (which doesn't cover all
> addresses developers use).  FWIK gkeys accounts for all addresses
> in the OpenPGP key UIDs.  In my opinion, that's a lot of hoops to
> jump
> through to workaround bad practice.
> 
> Therefore, I'd like to start enforcing (at the level of the hook
> verifying signatures) that all commits made to gentoo.git (and other
> repositories requiring dev signatures) are made using @gentoo.org e-
> mail 
> address (for committer field).
> 
> Is anyone opposed to that?  Does anyone know of a valid reason to use
> non-@gentoo.org address when committing?

As long as that doesn't imply authorship, which seems to be as planned
(for committer field only, as you said). Hopefully it's easy for people
to set it up so that it uses gentoo address for committer and something
else for author, albeit I don't see any config for it, but should be
able to at least go via a script that uses the appropriate env vars.

That's then for work computers where the Gentoo developer is doing work
necessary for his/her employer, on employers paid time. Appropriate
then to have their work e-mail as author, especially if employer
rightfully requests that to be used for authorship. But yeah, committer
field should be fine, they can do author with one address, committer
with Gentoo address.

The only issue I see is that of slight complications on handling the
different addresses for author and commit, that's all that comes to
mind.


Mart

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 981 bytes --]

Re: [gentoo-dev] [RFC] Requiring gentoo.git committers to use their @gentoo.org address

[Aaron Bauman]

On July 9, 2018 4:40:22 AM EDT, "Michał Górny" <mgorny@gentoo.org> wrote:
>Hi,
>
>We currently don't enforce any particular standard for e-mail addresses
>for developers committing to gentoo.git.  FWICS, the majority of
>developers is using their @gentoo.org e-mail addresses.  However, a few
>developers are using some other addresses.
>
>Using non-@gentoo.org e-mail addresses generally causes problems
>in accounting for commits.  For example, our retirement scripts can't
>detect commits made using non-Gentoo e-mail address.  My dev-timeline
>scripts [1] account for all emails in LDAP (which doesn't cover all
>addresses developers use).  FWIK gkeys accounts for all addresses
>in the OpenPGP key UIDs.  In my opinion, that's a lot of hoops to jump
>through to workaround bad practice.
>
>Therefore, I'd like to start enforcing (at the level of the hook
>verifying signatures) that all commits made to gentoo.git (and other
>repositories requiring dev signatures) are made using @gentoo.org
>e-mail 
>address (for committer field).
>
>Is anyone opposed to that?  Does anyone know of a valid reason to use
>non-@gentoo.org address when committing?
>
>[1]:https://dev.gentoo.org/~mgorny/dev-timeline.html

No reason I can see to not enforce this.  Please do!

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: [gentoo-dev] [RFC] Requiring gentoo.git committers to use their @gentoo.org address

[David Seifert]

On Mon, 2018-07-09 at 10:40 +0200, Michał Górny wrote:
> Hi,
> 
> We currently don't enforce any particular standard for e-mail
> addresses
> for developers committing to gentoo.git.  FWICS, the majority of
> developers is using their @gentoo.org e-mail addresses.  However, a
> few
> developers are using some other addresses.
> 
> Using non-@gentoo.org e-mail addresses generally causes problems
> in accounting for commits.  For example, our retirement scripts can't
> detect commits made using non-Gentoo e-mail address.  My dev-timeline
> scripts [1] account for all emails in LDAP (which doesn't cover all
> addresses developers use).  FWIK gkeys accounts for all addresses
> in the OpenPGP key UIDs.  In my opinion, that's a lot of hoops to
> jump
> through to workaround bad practice.
> 
> Therefore, I'd like to start enforcing (at the level of the hook
> verifying signatures) that all commits made to gentoo.git (and other
> repositories requiring dev signatures) are made using @gentoo.org e-
> mail 
> address (for committer field).
> 
> Is anyone opposed to that?  Does anyone know of a valid reason to use
> non-@gentoo.org address when committing?
> 
> [1]:https://dev.gentoo.org/~mgorny/dev-timeline.html
> 

+1

Re: [gentoo-dev] [RFC] Requiring gentoo.git committers to use their @gentoo.org address

[Manuel Rüger]

On 09.07.2018 10:40, Michał Górny wrote:
> Hi,
> 
> We currently don't enforce any particular standard for e-mail addresses
> for developers committing to gentoo.git.  FWICS, the majority of
> developers is using their @gentoo.org e-mail addresses.  However, a few
> developers are using some other addresses.
> 
> Using non-@gentoo.org e-mail addresses generally causes problems
> in accounting for commits.  For example, our retirement scripts can't
> detect commits made using non-Gentoo e-mail address.  My dev-timeline
> scripts [1] account for all emails in LDAP (which doesn't cover all
> addresses developers use).  FWIK gkeys accounts for all addresses
> in the OpenPGP key UIDs.  In my opinion, that's a lot of hoops to jump
> through to workaround bad practice.
> 
> Therefore, I'd like to start enforcing (at the level of the hook
> verifying signatures) that all commits made to gentoo.git (and other
> repositories requiring dev signatures) are made using @gentoo.org e-mail 
> address (for committer field).
> 
> Is anyone opposed to that?  Does anyone know of a valid reason to use
> non-@gentoo.org address when committing?
> 
> [1]:https://dev.gentoo.org/~mgorny/dev-timeline.html
> 

Hi Michał,

just to be clear on the wording, are you talking about the author email
of a git commit (authorship) or the comitter email to the upstream git
repository (committer)?

Thanks,
Manuel

Re: [gentoo-dev] [RFC] Requiring gentoo.git committers to use their @gentoo.org address

[Michał Górny]

[-- Attachment #1: Type: text/plain, Size: 1697 bytes --]

W dniu pon, 09.07.2018 o godzinie 22∶12 +0200, użytkownik Manuel Rüger
napisał:
> On 09.07.2018 10:40, Michał Górny wrote:
> > Hi,
> > 
> > We currently don't enforce any particular standard for e-mail addresses
> > for developers committing to gentoo.git.  FWICS, the majority of
> > developers is using their @gentoo.org e-mail addresses.  However, a few
> > developers are using some other addresses.
> > 
> > Using non-@gentoo.org e-mail addresses generally causes problems
> > in accounting for commits.  For example, our retirement scripts can't
> > detect commits made using non-Gentoo e-mail address.  My dev-timeline
> > scripts [1] account for all emails in LDAP (which doesn't cover all
> > addresses developers use).  FWIK gkeys accounts for all addresses
> > in the OpenPGP key UIDs.  In my opinion, that's a lot of hoops to jump
> > through to workaround bad practice.
> > 
> > Therefore, I'd like to start enforcing (at the level of the hook
> > verifying signatures) that all commits made to gentoo.git (and other
> > repositories requiring dev signatures) are made using @gentoo.org e-mail 
> > address (for committer field).
> > 
> > Is anyone opposed to that?  Does anyone know of a valid reason to use
> > non-@gentoo.org address when committing?
> > 
> > [1]:https://dev.gentoo.org/~mgorny/dev-timeline.html
> > 
> 
> Hi Michał,
> 
> just to be clear on the wording, are you talking about the author email
> of a git commit (authorship) or the comitter email to the upstream git
> repository (committer)?
> 

«[...] are made using @gentoo.org e-mail address **(for committer
field)**.»


-- 
Best regards,
Michał Górny

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 963 bytes --]

Re: [gentoo-dev] [RFC] Requiring gentoo.git committers to use their @gentoo.org address

[kuzetsa]

On 07/09/2018 06:29 AM, Mart Raudsepp wrote:
> Ühel kenal päeval, E, 09.07.2018 kell 10:40, kirjutas Michał Górny:
>> Hi,
>>
>> We currently don't enforce any particular standard for e-mail
>> addresses
>> for developers committing to gentoo.git.  FWICS, the majority of
>> developers is using their @gentoo.org e-mail addresses.  However, a


~{prune}~


>> Is anyone opposed to that?  Does anyone know of a valid reason to use
>> non-@gentoo.org address when committing?


> As long as that doesn't imply authorship, which seems to be as planned
> (for committer field only, as you said). Hopefully it's easy for people
> to set it up so that it uses gentoo address for committer and something
> else for author, albeit I don't see any config for it, but should be
> able to at least go via a script that uses the appropriate env vars.


~{prune}~


> The only issue I see is that of slight complications on handling the
> different addresses for author and commit, that's all that comes to
> mind.
> 
> 
> Mart
> 

I think authorship is a good point / distinction, Mart.

Authorship was never shown in dev-timeline for addresses
which aren't @gentoo.org anyway. That's a separate issue,
so this policy change shouldn't affect proxy-maint?

(There are a few authors who are proxy-maintaining)

--kuza

Re: [gentoo-dev] [RFC] Requiring gentoo.git committers to use their @gentoo.org address

[Rich Freeman]

On Tue, Jul 10, 2018 at 9:38 AM kuzetsa <kuzetsa@gmail.com> wrote:
>
> I think authorship is a good point / distinction, Mart.
>
> Authorship was never shown in dev-timeline for addresses
> which aren't @gentoo.org anyway. That's a separate issue,
> so this policy change shouldn't affect proxy-maint?
>

Might I suggest bringing authorship issues into a separate thread?  It
really seems like a completely separate issue.  IMO devs who are
authors but not committers should probably also use their @g.o
addresses, though it is a little less critical there.  We're talking
about the committer here, and the committer will always be a Gentoo
dev for these repos, and I don't see any reason that we shouldn't have
a matching email address between that and LDAP.  The alternative would
be to have some other key, and that just seems overly complex.

-- 
Rich

Re: [gentoo-dev] [RFC] Requiring gentoo.git committers to use their @gentoo.org address

[kuzetsa]

On 07/10/2018 09:44 AM, Rich Freeman wrote:
> On Tue, Jul 10, 2018 at 9:38 AM kuzetsa <kuzetsa@gmail.com> wrote:
>>
>> I think authorship is a good point / distinction, Mart.
>>
>> Authorship was never shown in dev-timeline for addresses
>> which aren't @gentoo.org anyway. That's a separate issue,
>> so this policy change shouldn't affect proxy-maint?
>>
> 
> Might I suggest bringing authorship issues into a separate thread?  It
> really seems like a completely separate issue.  IMO devs who are
> authors but not committers should probably also use their @g.o
> addresses, though it is a little less critical there.  We're talking
> about the committer here, and the committer will always be a Gentoo
> dev for these repos, and I don't see any reason that we shouldn't have
> a matching email address between that and LDAP.  The alternative would
> be to have some other key, and that just seems overly complex.
> 

Authorship was brought up by: [ Mart Raudsepp <leio@gentoo.org> ]

It's germane, and wanting clarity doesn't hurt:

... as quoted here:

On 07/09/2018 06:29 AM, Mart Raudsepp wrote:
> As long as that doesn't imply authorship, which seems to be as planned
> (for committer field only, as you said). Hopefully it's easy for people
> to set it up so that it uses gentoo address for committer and something
> else for author, albeit I don't see any config for it, but should be
> able to at least go via a script that uses the appropriate env vars.
~{prune}~

> Mart
>

^ As I think Mart may have been asking:
(or maybe just a related concern)

To avoid mistakes and confusion, it should be stated
unambiguously if //only// the commit field should be
modified (if not already a @gentoo.org address), and
the author field (in particular, commits authored by
persons not in LDAP / without @gentoo.org addresses)
ought to be left as-is, or if the intent is to imply
that both fields need to be @gentoo.org address.

Stating clearly that the author field should be left
as-is (if it's set to a non-@gentoo.org address) is
probably enough here.

I think the confusion may have partly been the
subject line for this thread, vaguely worded:

["... use their @gentoo.org address ..."],

which may accidentally imply that committers need to
apply @gentoo.org in all fields, not just committer.

the word "only" was in a few places, but if skimming
the thread it may not have been obvious. ::shrug::

Also, I agree:

dev-timeline tool not recognizing authorship ought to
be an issue for a separate thread, as this one seems
to be about the metadata in the commits themselves.

--kuza

Re: [gentoo-dev] [RFC] Requiring gentoo.git committers to use their @gentoo.org address

[Rich Freeman]

On Tue, Jul 10, 2018 at 10:14 AM kuzetsa <kuzetsa@gmail.com> wrote:
>
> Authorship was brought up by: [ Mart Raudsepp <leio@gentoo.org> ]
>
> It's germane, and wanting clarity doesn't hurt:

Sure, and it was answered by mgorny 17 hours before your post,
pointing to the original email which did in fact specifically
reference the committer field.  Improving the use of the author field
in general is a great topic, just not the topic of this thread.

-- 
Rich

Re: [gentoo-dev] [RFC] Requiring gentoo.git committers to use their @gentoo.org address

[Kent Fredric]

[-- Attachment #1: Type: text/plain, Size: 1343 bytes --]

On Tue, 10 Jul 2018 09:38:27 -0400
kuzetsa <kuzetsa@gmail.com> wrote:

> Authorship was never shown in dev-timeline for addresses
> which aren't @gentoo.org anyway. That's a separate issue,
> so this policy change shouldn't affect proxy-maint?

Then why does the dev timeline show me starting at Oct 2015, but git
shows my first commit in July 2016?

 git log  --reverse --committer=kentnl@gentoo.org| head -n 10
commit 320e968c60cbdb948aeff915f2405bcc4d1d0967
Author: Kent Fredric <kentnl@gentoo.org>
Date:   2016-07-09 19:26:39 +1200


 git log  --reverse --author=kentfredric@gmail.com| head -n 10
commit bc24cf6b805bdfea3df29823f935c95ef450beec
Author: Kent Fredric <kentfredric@gmail.com>
Date:   2015-09-27 18:44:22 +1300


Take a look at this magic:

commit bc24cf6b805bdfea3df29823f935c95ef450beec
Author:     Kent Fredric <kentfredric@gmail.com>
AuthorDate: 2015-09-27 18:44:22 +1300
Commit:     Kent Fredric <kentfredric@gmail.com>
CommitDate: 2015-09-27 18:44:22 +1300

commit a16a2dfe8c1c5b08005e53a3cbc5baa83ba4f1e8
Author:     Kent Fredric <kentfredric@gmail.com>
AuthorDate: 2015-09-27 20:18:50 +1300
Commit:     Kent Fredric <kentfredric@gmail.com>
CommitDate: 2015-09-27 20:18:50 +1300

I didn't have push access then :p

This is the consequence when you have fast-forwardable merges ;)

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [gentoo-dev] [RFC] Requiring gentoo.git committers to use their @gentoo.org address

[Kent Fredric]

[-- Attachment #1: Type: text/plain, Size: 2872 bytes --]

On Mon, 09 Jul 2018 10:40:22 +0200
Michał Górny <mgorny@gentoo.org> wrote:

> Hi,
> 
> We currently don't enforce any particular standard for e-mail addresses
> for developers committing to gentoo.git.  FWICS, the majority of
> developers is using their @gentoo.org e-mail addresses.  However, a few
> developers are using some other addresses.
> 
> Using non-@gentoo.org e-mail addresses generally causes problems
> in accounting for commits.  For example, our retirement scripts can't
> detect commits made using non-Gentoo e-mail address.  My dev-timeline
> scripts [1] account for all emails in LDAP (which doesn't cover all
> addresses developers use).  FWIK gkeys accounts for all addresses
> in the OpenPGP key UIDs.  In my opinion, that's a lot of hoops to jump
> through to workaround bad practice.
> 
> Therefore, I'd like to start enforcing (at the level of the hook
> verifying signatures) that all commits made to gentoo.git (and other
> repositories requiring dev signatures) are made using @gentoo.org e-mail 
> address (for committer field).
> 
> Is anyone opposed to that?  Does anyone know of a valid reason to use
> non-@gentoo.org address when committing?
> 
> [1]:https://dev.gentoo.org/~mgorny/dev-timeline.html
> 

There's one fun problem here technologically for proxy-maint, but
getting the conditions right for it to occur happen very rarely.

1. Assume the proxied maintainer has a git repo, where they commit
themselves.

2. Assume their proxy has said git repo as an alternative remote, for
which they relay work. ( That is, they work closely together directly
instead of via github pull requests and textual patches )

3. ::gentoo is quiet, and the proxied maintainer has rebased their own
work on top of ::gentoo, setting Committer: metadata and signing
commits.

Then, in that situation, it is trivial for the proxy to relay those
commits verbatim to ::gentoo, without changing either Committer: or
signature data.

Standard git tools will not attempt to even *change* these commits even
with an explicit rebase, because Git will detect that nothing needs to
change, and will no-op the rebase, leaving Committer and Signatures
intact, degrading to a fast-forward merge.

It seems like it would happen not-very-often, but ... 

git log --show-signature --format=fuller --committer=".*@\([^g]\|g[^e]\)"

Well, the last example happened in 2017, so maybe something happened
*since* then that prevented this situation occurring via other means?
*shrug*


commit 76eb43412b532a045d92d524dfa5ed1b1bcca671
Author:     Michael Mair-Keimberger <m.mairkeimberger@gmail.com>
AuthorDate: 2017-10-02 02:47:28 +1300
Commit:     Michael Mair-Keimberger <m.mairkeimberger@gmail.com>
CommitDate: 2017-10-10 07:45:09 +1300

To the best of my knowledge, Michael isn't a Gentoo Dev. 




[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [gentoo-dev] [RFC] Requiring gentoo.git committers to use their @gentoo.org address

[Mike Gilbert]

On Wed, Jul 11, 2018 at 11:52 PM, Kent Fredric <kentnl@gentoo.org> wrote:
> On Mon, 09 Jul 2018 10:40:22 +0200
> Michał Górny <mgorny@gentoo.org> wrote:
>
>> Hi,
>>
>> We currently don't enforce any particular standard for e-mail addresses
>> for developers committing to gentoo.git.  FWICS, the majority of
>> developers is using their @gentoo.org e-mail addresses.  However, a few
>> developers are using some other addresses.
>>
>> Using non-@gentoo.org e-mail addresses generally causes problems
>> in accounting for commits.  For example, our retirement scripts can't
>> detect commits made using non-Gentoo e-mail address.  My dev-timeline
>> scripts [1] account for all emails in LDAP (which doesn't cover all
>> addresses developers use).  FWIK gkeys accounts for all addresses
>> in the OpenPGP key UIDs.  In my opinion, that's a lot of hoops to jump
>> through to workaround bad practice.
>>
>> Therefore, I'd like to start enforcing (at the level of the hook
>> verifying signatures) that all commits made to gentoo.git (and other
>> repositories requiring dev signatures) are made using @gentoo.org e-mail
>> address (for committer field).
>>
>> Is anyone opposed to that?  Does anyone know of a valid reason to use
>> non-@gentoo.org address when committing?
>>
>> [1]:https://dev.gentoo.org/~mgorny/dev-timeline.html
>>
>
> There's one fun problem here technologically for proxy-maint, but
> getting the conditions right for it to occur happen very rarely.
>
> 1. Assume the proxied maintainer has a git repo, where they commit
> themselves.
>
> 2. Assume their proxy has said git repo as an alternative remote, for
> which they relay work. ( That is, they work closely together directly
> instead of via github pull requests and textual patches )
>
> 3. ::gentoo is quiet, and the proxied maintainer has rebased their own
> work on top of ::gentoo, setting Committer: metadata and signing
> commits.
>
> Then, in that situation, it is trivial for the proxy to relay those
> commits verbatim to ::gentoo, without changing either Committer: or
> signature data.
>
> Standard git tools will not attempt to even *change* these commits even
> with an explicit rebase, because Git will detect that nothing needs to
> change, and will no-op the rebase, leaving Committer and Signatures
> intact, degrading to a fast-forward merge.
>
> It seems like it would happen not-very-often, but ...
>
> git log --show-signature --format=fuller --committer=".*@\([^g]\|g[^e]\)"
>
> Well, the last example happened in 2017, so maybe something happened
> *since* then that prevented this situation occurring via other means?
> *shrug*
>
>
> commit 76eb43412b532a045d92d524dfa5ed1b1bcca671
> Author:     Michael Mair-Keimberger <m.mairkeimberger@gmail.com>
> AuthorDate: 2017-10-02 02:47:28 +1300
> Commit:     Michael Mair-Keimberger <m.mairkeimberger@gmail.com>
> CommitDate: 2017-10-10 07:45:09 +1300
>
> To the best of my knowledge, Michael isn't a Gentoo Dev.

This was incorporated into the master branch via a merge commit, not a
fast-forward or a rebase. See
6711d4f96985b0797c1803cd6f05e5a1410c1018.

We have generally discouraged merge commits, but they do occasionally happen.

Re: [gentoo-dev] [RFC] Requiring gentoo.git committers to use their @gentoo.org address

[Christopher Head]

[-- Attachment #1: Type: text/plain, Size: 516 bytes --]

On July 11, 2018 8:52:56 PM PDT, Kent Fredric <kentnl@gentoo.org> wrote:
>Standard git tools will not attempt to even *change* these commits even
>with an explicit rebase, because Git will detect that nothing needs to
>change, and will no-op the rebase, leaving Committer and Signatures
>intact, degrading to a fast-forward merge.

Well, unless you consider “git rebase --no-ff” to be standard git tools, I guess… it’s not like you need to do anything *that* obscure to fix it.

-- 
Christopher Head

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 244 bytes --]

Re: [gentoo-dev] [RFC] Requiring gentoo.git committers to use their @gentoo.org address

[Michał Górny]

[-- Attachment #1: Type: text/plain, Size: 761 bytes --]

W dniu wto, 10.07.2018 o godzinie 09∶38 -0400, użytkownik kuzetsa
napisał:
> > The only issue I see is that of slight complications on handling the
> > different addresses for author and commit, that's all that comes to
> > mind.
> > 
> > 
> > Mart
> > 
> 
> I think authorship is a good point / distinction, Mart.
> 
> Authorship was never shown in dev-timeline for addresses
> which aren't @gentoo.org anyway. That's a separate issue,
> so this policy change shouldn't affect proxy-maint?
> 

For the record, dev-timeline accounts for both authors and committers. 
However, it only displays those who have been Gentoo developers at some
point (and whose alternate e-mail addresses are in LDAP).

-- 
Best regards,
Michał Górny

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 963 bytes --]

Re: [gentoo-dev] [RFC] Requiring gentoo.git committers to use their @gentoo.org address

[Michał Górny]

[-- Attachment #1: Type: text/plain, Size: 2310 bytes --]

W dniu czw, 12.07.2018 o godzinie 15∶52 +1200, użytkownik Kent Fredric
napisał:
> On Mon, 09 Jul 2018 10:40:22 +0200
> Michał Górny <mgorny@gentoo.org> wrote:
> 
> > Hi,
> > 
> > We currently don't enforce any particular standard for e-mail addresses
> > for developers committing to gentoo.git.  FWICS, the majority of
> > developers is using their @gentoo.org e-mail addresses.  However, a few
> > developers are using some other addresses.
> > 
> > Using non-@gentoo.org e-mail addresses generally causes problems
> > in accounting for commits.  For example, our retirement scripts can't
> > detect commits made using non-Gentoo e-mail address.  My dev-timeline
> > scripts [1] account for all emails in LDAP (which doesn't cover all
> > addresses developers use).  FWIK gkeys accounts for all addresses
> > in the OpenPGP key UIDs.  In my opinion, that's a lot of hoops to jump
> > through to workaround bad practice.
> > 
> > Therefore, I'd like to start enforcing (at the level of the hook
> > verifying signatures) that all commits made to gentoo.git (and other
> > repositories requiring dev signatures) are made using @gentoo.org e-mail 
> > address (for committer field).
> > 
> > Is anyone opposed to that?  Does anyone know of a valid reason to use
> > non-@gentoo.org address when committing?
> > 
> > [1]:https://dev.gentoo.org/~mgorny/dev-timeline.html
> > 
> 
> There's one fun problem here technologically for proxy-maint, but
> getting the conditions right for it to occur happen very rarely.
> 
> 1. Assume the proxied maintainer has a git repo, where they commit
> themselves.
> 
> 2. Assume their proxy has said git repo as an alternative remote, for
> which they relay work. ( That is, they work closely together directly
> instead of via github pull requests and textual patches )
> 
> 3. ::gentoo is quiet, and the proxied maintainer has rebased their own
> work on top of ::gentoo, setting Committer: metadata and signing
> commits.
> 
> Then, in that situation, it is trivial for the proxy to relay those
> commits verbatim to ::gentoo, without changing either Committer: or
> signature data.

...and the git hook would've rejected them because they aren't signed
by a Gentoo developer.

-- 
Best regards,
Michał Górny

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 963 bytes --]

Re: [gentoo-dev] [RFC] Requiring gentoo.git committers to use their @gentoo.org address

[Kent Fredric]

[-- Attachment #1: Type: text/plain, Size: 546 bytes --]

On Thu, 12 Jul 2018 08:35:57 +0200
Michał Górny <mgorny@gentoo.org> wrote:

> ...and the git hook would've rejected them because they aren't signed
> by a Gentoo developer.

Fair enough. I suspect in line with the other comments, it would be
optimal if said commit hook mentioned something along the lines of:

 "Perhaps try reforging signature/committer data with git rebase --no-ff origin/master"

In its failure message? Making the way forward obvious in this edge
case would remove any residual cause for partial objections :)

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]