On Thu, Jan 10, 2019 at 12:45 AM Alex Harui <aha...@adobe.com.invalid> wrote: > > > > On 1/9/19, 7:35 PM, "Roman Shaposhnik" <ro...@shaposhnik.org> wrote: > > On Wed, Jan 9, 2019 at 11:38 AM Alex Harui <aha...@adobe.com.invalid> > wrote: > > > > Hi Greg, > > > > You may have missed some other infra-technical questions upthread that > might help us fashion a solution. I'll repeat them here: > > > > 1) What is the state of Git->SVN and SVN->Git integration? Could our > job clone git to SVN, have the bot make changes in SVN with the additional > restrictions as you said SVN could do, then sync back up to Git (including > tags as well)? > > 2) What would be the impact of infra creating a "RoyalePMC" committer > account? > > That is definitely not allowed. PMC members are expected to be human > beings with ICLAs on file with ASF. > > The only allowed users of the RoyalePMC account would be human PMC > members (technically, anyone with access to private@royale). > Commits from RoyalePMC would therefore have somebody's ICLA behind it.
Then just do that from under individual accounts. > > In fact, I would go as far as to say that any PMC member willingly > disseminating his or her credentials for *others* to use is likely to > be considered for a an action from the board. > > I would agree that PMC members should not share their credentials with others, > hence the idea of having a RoyalePMC account, so no human has to share or > transfer credentials to the build machine. Is it important to know exactly > which > individual committed something or just that somebody with an ICLA committed > something, and why? It is very important to establish IP provenance down to an individual. Thanks, Roman.
