From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 1F87A138A1A for ; Sat, 14 Feb 2015 21:09:44 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 07C9DE08D5; Sat, 14 Feb 2015 21:09:43 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 105C9E08AB for ; Sat, 14 Feb 2015 21:09:41 +0000 (UTC) Received: from [10.144.0.5] (host-37-191-220-247.lynet.no [37.191.220.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: k_f) by smtp.gentoo.org (Postfix) with ESMTPSA id A39703407CC for ; Sat, 14 Feb 2015 21:09:40 +0000 (UTC) Message-ID: <54DFB990.8070201@gentoo.org> Date: Sat, 14 Feb 2015 22:09:36 +0100 From: Kristian Fiskerstrand User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org MIME-Version: 1.0 To: gentoo-project@lists.gentoo.org Subject: Re: [gentoo-project] Gentoo, GitHub, and the Social Contract References: <201502142148.30540.dilfridge@gentoo.org> <54DFB654.9050904@gentoo.org> In-Reply-To: <54DFB654.9050904@gentoo.org> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Archives-Salt: a8504cd6-90cf-4eea-8f9f-f2c2bc89a879 X-Archives-Hash: 7a74f254ba97ef9353d9073c13c5fc4a -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 02/14/2015 09:55 PM, Anthony G. Basile wrote: > On 02/14/15 15:48, Andreas K. Huettel wrote: >> Hi all, >> .. >> >> Many arguments have already been made. Feel free to summarize >> your points again in a reply to this e-mail. >> >> Cheers, Andreas >> First of all, thank you Andreas for brining this up in an appropriate thread of its own. > > I didn't know that was in our social contract, but I totally stand > behind it. I feel very uneasy about our increasing use/dependency > on github. I'd like to see the stuff we have on github migrate > back to our infra. > The most important part here is "depend upon". As long as the primary repository and developer workflow internally happens on infra hosted systems, having a copy of the repository on github to allow external contributions is no issue the way I interpret it, and it can only be a positive thing if we get such contributions. However, this should not be used as a primary component of the workflow, and people should certainly keep the social contract in mind when structuring projects. It would of course be even better if we had our own infrastructure, or procedures, in place to enable this within our own infrastructure. But from what I can see in the various discussion, the review tools that have been mentioned really are not up to par in terms of release management and possibility to keep up to date and secure in any sane way. How this can be the situation in the first place is a longer (and perhaps scarier) discussion. - -- Kristian Fiskerstrand Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJU37mMAAoJEP7VAChXwav6ffUH/0E4lez3noTIVu2FqdLn0nfK sUwJdRk7KG8AV+E6o39JNasC6Ku4O6/2kl+sNIRp3FpStvXfs1GM1ImhtxHrw8K/ +KzikyfLv8TfwHj10qsQHY1/RPUtmQfJ+RgRyHDTGUKpUqx4+UJlUovPFkR3egC7 qbEBdpu2hb3ZC1WxAxS1w/RzxuyDT67UixvozzC8UErliVp5gj10BxTZJ/C7Dr4K opLMgmu3rbMnh36W3bgXWItSwiTDFuaj2R1D27qmcOcQgv7oGecEPmt6Oxyc7AJ1 uken67qfJLjO2PG1UC+tBfUA1Hl53hdz8RqUjCED4lQMF/VRD7ZDQS5G9LFPvRo= =55Qz -----END PGP SIGNATURE-----