GNU bug report logs - #38846
[PATCH 0/4] Move 'HACKING' to the manual, and a proposal for commit access

Previous Next

Full log

Message #92 received at 38846 <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: Ricardo Wurmus <rekado <at> elephly.net>, guix-maintainers <at> gnu.org,
 38846 <at> debbugs.gnu.org
Subject: Re: [PATCH 4/4] DRAFT doc: Add a cooption policy for commit access.
Date: Tue, 07 Jan 2020 17:36:13 -0500

[Message part 1 (text/plain, inline)]

Hi Ludo,

Thank you for taking the time to draft this new policy.

Ludovic Courtès <ludo <at> gnu.org> writes:


[...]

> Taking these comments into accounts, I get:
>
> @enumerate
> @item
> Find three committers who would vouch for you.  You can view the list of
> committers at
> @url{https://savannah.gnu.org/project/memberlist.php?group=guix}.  Each
> of them should email a statement to @email{guix-maintainers@@gnu.org} (a
> private alias for the collective of maintainers), signed with their
> OpenPGP key.
>
> Committers are expected to have had some interactions with you as a
> contributor and to be able to judge whether you are sufficiently
> familiar with the project's practices.  It is @emph{not} a judgment on
> the quality of your work, so a refusal should rather be interpreted as
> ``let's try again later''.
>
> @item
> Send @email{guix-maintainers@@gnu.org} a message stating your intent,
> listing the three committers who support your application, signed with
> the OpenPGP key you will use to sign commits, and giving its fingerprint
> (see below).  See @uref{https://emailselfdefense.fsf.org/en/}, for an
> introduction to public-key cryptography with GnuPG.

Note that Email Self-Defense focuses on the use of Thunderbird + the
Enigmail plugin, both of which are missing from our collection of
packages.  I don't have a better resource to suggest, though.

> @item
> Once you've been given access, please send a message to
> @email{guix-devel@@gnu.org} to say so, again signed with the OpenPGP key
> you will use to sign commits.  That way, everyone can notice and ensure
> you control that OpenPGP key.
>
> @c TODO: Add note about adding the fingerprint to the list of authorized
> @c keys once that has stabilized.
>
> @item
> Make sure to read the rest of this section and... profit!
> @end enumerate
>
> Thanks for your feedback!
>
> Ludo’.

I like the proposal drafted so far.  I agree with others that it is
important to say that the maintainers reserve the final say in whether
or not a contributor is granted push rights to the Guix repository, for
transparency.

LGTM :-)

Maxim

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.