sebbASF commented on issue #125: URL: https://github.com/apache/whimsy/issues/125#issuecomment-897568868
The advantage of the file hash is that it automatically detects exact duplicates, and collisions are vanishingly rare with the appropriate choice of hash function. It also does not expose any PII, though it would be best not to publish the hash wider than necessary. I think it would be worth exploring how to proceed on that basis, so here goes: The ICLA should be filed as hash.pdf, with hash.asc alongside if necessary. No need for subdirectories. There needs to be an index to relate the hash to the person. This index could be maintained in the same directory as the files. [If maintained elsewhere, it needs to have the same protections.] This index needs to contain at least Full Name, Public Name, email, asfId and project. It would be useful to add signing date to show which ICLA is the most recent for an individual. There may need to be a separate extract containing the Public fields plus the hash for use by appropriately authorized groups. The index also needs to have a means of linking related ICLAs together. (This is currently done by using folders with multiple files) One way to do this would be to have forward and backward links between the entries. i.e. when a replacement ICLA is filed, the existing ICLA entry is updated to point to the new one (e.g. Replaced by:) and the replacement entry is updated to point to the previous one (e.g. Replaces:). There would be no need to update the hash associated with an availid, as the chain could be followed easily if necessary (it won't be long). On the face of it, this appears to be more complicated than the current filename-based solution, but that quickly becomes complicated (and not easily automated) when name duplicates occur. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@whimsical.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
