Hi - Sent from my iPhone
> On Jan 10, 2019, at 4:18 PM, Roman Shaposhnik <ro...@shaposhnik.org> wrote: > >> On Thu, Jan 10, 2019 at 12:45 AM Alex Harui <aha...@adobe.com.invalid> wrote: >> >> >> >> On 1/9/19, 7:35 PM, "Roman Shaposhnik" <ro...@shaposhnik.org> wrote: >> >>> On Wed, Jan 9, 2019 at 11:38 AM Alex Harui <aha...@adobe.com.invalid> >>> wrote: >>> >>> Hi Greg, >>> >>> You may have missed some other infra-technical questions upthread that >>> might help us fashion a solution. I'll repeat them here: >>> >>> 1) What is the state of Git->SVN and SVN->Git integration? Could our job >>> clone git to SVN, have the bot make changes in SVN with the additional >>> restrictions as you said SVN could do, then sync back up to Git (including >>> tags as well)? >>> 2) What would be the impact of infra creating a "RoyalePMC" committer >>> account? >> >> That is definitely not allowed. PMC members are expected to be human >> beings with ICLAs on file with ASF. >> >> The only allowed users of the RoyalePMC account would be human PMC >> members (technically, anyone with access to private@royale). >> Commits from RoyalePMC would therefore have somebody's ICLA behind it. As a Royale PMC member I’m not comfortable with being on this hook. > > Then just do that from under individual accounts. +1 I would be comfortable with Approved PMC member credentials like are used for the handful of VM sysadmins from the OpenOffice PMC. > >> >> In fact, I would go as far as to say that any PMC member willingly >> disseminating his or her credentials for *others* to use is likely to >> be considered for a an action from the board. >> >> I would agree that PMC members should not share their credentials with >> others, >> hence the idea of having a RoyalePMC account, so no human has to share or >> transfer credentials to the build machine. Is it important to know exactly >> which >> individual committed something or just that somebody with an ICLA committed >> something, and why? > > It is very important to establish IP provenance down to an individual. And accountability. Regards, Dave > Thanks, > Roman.
