--===============0803700207==
Content-Type: multipart/signed;
  boundary="nextPart12313130.RYd8JDp5jr";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit

--nextPart12313130.RYd8JDp5jr
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Thursday 31. July 2008 20:54:59 Patrick Aljord wrote:
> There is another solution than creating a special "logging branch" and
> doing risky auto merge [] or
Note that I never suggested to do server-side merging ;)

> using gpg (not user friendly).

Note how gpg is not required to be used at all for the majority of the=20
usecases.

> This other solution is IMO more in the spirit of Git. This is also
> what we suggested with GitoriousKDE:
>
> Everybody is free to create an account on gitorious but by default
> people can't commit to the KDE repositories, they can only clone them.
> This is how it would work:

[snip]

You seem to solve the problem by sidestepping it ;)  There are several case=
s=20
in your scenario where a malicious user can introduce commits that look lik=
e=20
they come from any contributor and make it impossible to trace who actually=
=20
made that commit.

I too believe that KDE is a group that is well adjusted and should be able =
to=20
live without a police-state like system.  But experience shows that the mai=
n=20
reason desperate people don't slip over the edge is because it would be=20
noticed immediately. Making all your steps public keeps people honest. Ther=
e=20
is nothing wrong with that :)

In the gitorious setup Dean can easily pull the changes from Carla and modi=
fy=20
some of them before pushing them to the kde-server. Making a modification=20
Dean made look like they came from Carla. And nobody would ever be able to=
=20
detect it was Dean who made that change.

Gitorious works fine for small groups of people collaborating. Really the o=
nly=20
problem I have with the software is that the website doesn't show on the ho=
me=20
or about page that gitorious is open source ;)

But for larger comminities the idea that we can have an absolute reference=
=20
about who pushed which commits (and thus who takes responsibility for them)=
=20
is something I think would make an excellent addition to gitorious.

Thanks for your ideas!
=2D-=20
Thomas Zander

--nextPart12313130.RYd8JDp5jr
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkiSxJIACgkQCojCW6H2z/SQ8QCfWzAqB5pf5vkieoycx8auc52D
QLEAoLVBtSSEiQWuoKACwbaZhoD27JmV
=zrW2
-----END PGP SIGNATURE-----

--nextPart12313130.RYd8JDp5jr--

--===============0803700207==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Kde-scm-interest mailing list
Kde-scm-interest@kde.org
https://mail.kde.org/mailman/listinfo/kde-scm-interest

--===============0803700207==--