Actually, I'm not sure what the problem is with the original text. For my projects, I use the commit from the pull request, but I amend it with:
* "Fixes #999" - so that the Apache to github automation closes the pull request * Sign the commit with: * Signed-off-by in the commit message (via -s) * GnuPG sign the commit (via -S) * Ensure the Apache jira id is in the commit message * Squash it to a single commit That does mean the commit gets a new hash, but it preserves both the contributor's id and ensure the provenance of each commit. I would argue that this approach is far stronger than CD50 requires. .. Owen On Mon, Sep 4, 2017 at 5:17 AM, Bertrand Delacretaz <bdelacre...@apache.org> wrote: > Hi John, > > On Mon, Aug 28, 2017 at 3:24 AM, John D. Ament <johndam...@apache.org> > wrote: > > ...I'm wondering is there a way to restate this, to make it work when > using > > pull requests?... > > The current text is "when third-party contributions are committed, > commit messages provide reliable information about the code > provenance". > > Would "commit messages or similar mechanisms" work for you, or do you > have a better suggestion? > > -Bertrand > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > For additional commands, e-mail: dev-h...@community.apache.org > >
