From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 1577A138A1A for ; Sun, 15 Feb 2015 17:43:30 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9FF75E08FB; Sun, 15 Feb 2015 17:43:29 +0000 (UTC) Received: from mail-ig0-f175.google.com (mail-ig0-f175.google.com [209.85.213.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 15A3FE08F9 for ; Sun, 15 Feb 2015 17:43:29 +0000 (UTC) Received: by mail-ig0-f175.google.com with SMTP id hn18so19618701igb.2 for ; Sun, 15 Feb 2015 09:43:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=6/xmzHVPcOXkK5W1dszgYe2w+ATc2vDFjC3NGn2bQJI=; b=fP2LFrO0u98g8p+b8dkBVEtjPFOT9b6ffthC2gscjAiG/F6FZhGtNn5PuQIFEOJtr2 5vgzknOcbwwopyaK8T+5JkEWNoqbGK1EKGtBTrDVKUKZpOybcfql/nfbu2FE8gk9bES+ REGaGt3MGaLCJfGc0JN2lywVh5ubLWfTOkEHceP3ZNWbGNtb18H4kUFcqE4hnzkjhMgl K84V1BkBnRHcjB0RAB3Bz0zxbK+zEX3oJNQjcAaCykLwN6ktgJ1XiPMWEb49AuDUbxYq 69wNjyVw4/aOrvcD1P2LC1SoBt3HsHedjknagzj4doQHfF25iG+U38UVe/NOO9oZfprl QE5A== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org MIME-Version: 1.0 X-Received: by 10.107.156.85 with SMTP id f82mr25359040ioe.45.1424022208534; Sun, 15 Feb 2015 09:43:28 -0800 (PST) Sender: lexpublic@gmail.com Received: by 10.64.107.6 with HTTP; Sun, 15 Feb 2015 09:43:28 -0800 (PST) In-Reply-To: References: <201502142148.30540.dilfridge@gentoo.org> <54DFC134.5070300@gentoo.org> <54DFC771.8060802@gentoo.org> <20150214221352.3c52aa6f@googlemail.com> <54DFCAF4.8090306@gentoo.org> <20150214223148.0aa094da@googlemail.com> <20150215013540.e861fb20ebcbea7b49b2ec19@gentoo.org> <20150214224054.16de1017@googlemail.com> <54DFD5FD.4010401@sporkbox.us> <20150214231553.7a8b1d2e@googlemail.com> <20150215160358.351879785830bfd5fdaff3bd@gentoo.org> Date: Sun, 15 Feb 2015 18:43:28 +0100 X-Google-Sender-Auth: 4K9usqX_GssNyR4YsoQzSDN2jdM Message-ID: Subject: Re: [gentoo-project] Gentoo, GitHub, and the Social Contract From: Alexey Lapitsky To: gentoo-project@lists.gentoo.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 458a4440-7b80-47ce-86ad-91b1e383859c X-Archives-Hash: 83198f561c6d31318e9f5360f9ed8fb5 Hi Micha=C5=82, Just want to say that I agree with every point you made. Since the discussion derailed away from the social contract, I'll try to address some other issues. 1. Volunteer work. Anthony, I'm glad that you brought up volunteer work. I'm pretty sure Gentoo Infra team is extremely busy with all kinds of problems. The volunteers' time is arguably the most valuable resource Gentoo has. In my opinion we should do everything possible in order to save volunteers' time, especially when it comes to baseline work (such as maintaining and upgrading the infra services). >From this perspective, It would be unreasonable to ask Gentoo Infra team to support an open-source solution because GitHub might change policy. GitHub policy change would only affect Gentoo short term. GitHub usage will bring a lot of value and will save volunteers' time long-term. 2. Security Andrew, I am concerned about security as you do. I can see that from your point of view that Gentoo can not trust GitHub because it had some serious security issues in the past. I see that it might be misleading and give an impression that it's less secure than Gentoo infra, but here are some things which GitHub has and Gentoo does not: * a team dedicated to security issues, paid for their work, doing on-call rotation * 2 factor authentication which could be enforced * bug bounty program I'm not sure if we can have all of it if we decide to use a FOSS system for code-review and pull requests. On Sun, Feb 15, 2015 at 6:30 PM, NP Hardass wrote: > > On Feb 15, 2015 8:04 AM, "Andrew Savchenko" wrote: >> >> On Sat, 14 Feb 2015 23:15:53 +0000 Ciaran McCreesh wrote: >> > On Sat, 14 Feb 2015 15:10:53 -0800 >> > Daniel Campbell wrote: >> > > The proprietary network stack can be gotten around. If the git >> > > provider is closed and goes down, the data is gone. >> > >> > Git does not work that way. Git is not like CVS or SVN. >> >> Once more: github is not just a git repository, it is a platform, >> with trackers, review tools and so on. These can't be move >> somewhere else arbitrarily. >> >> Best regards, >> Andrew Savchenko > > This point is one a critical one to make, in my opinion. Github, if used, > should not, be used for anything but as a means for git mirroring and pul= l > requests, to facilitate code contribution. Every other aspect of Github: > wikis, issue tracker, etc, should not replace Gentoo infrastructure. > Github functionality should supplement, but not replace Gentoo > infrastructure so that we can remain autonomous and independent.