Hi Folks,

Can someone clarify in simple terms what the issue is here?

I’m sorry I’m just catching up on this thread, but I want to make
sure the podling community for AsterixDB is being supported.

Cheers,
Chris

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Chris Mattmann, Ph.D.
Chief Architect
Instrument Software and Science Data Systems Section (398)
NASA Jet Propulsion Laboratory Pasadena, CA 91109 USA
Office: 168-519, Mailstop: 168-527
Email: chris.a.mattm...@nasa.gov
WWW:  http://sunset.usc.edu/~mattmann/
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Adjunct Associate Professor, Computer Science Department
University of Southern California, Los Angeles, CA 90089 USA
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++





-----Original Message-----
From: Ian Maxon <ima...@uci.edu>
Reply-To: "general@incubator.apache.org" <general@incubator.apache.org>
Date: Wednesday, July 15, 2015 at 1:22 PM
To: "general@incubator.apache.org" <general@incubator.apache.org>
Subject: Re: Podling request: Gerrit

>> In Git (and I'd presume any Git-like DVCS) anything but the push logs
>> can be spoofed. Having a record of who actually pushed to the repo
>> is one of the requirement from ASF's standpoint to track chain of
>>custody
>> for the code that lands in out projects.
>
>Understood. That's the very reason why we modified our process to its
>present state when we began incubation. As stated before in this
>thread, the push logs aren't played with- it is always a committer
>that actually pushes a contribution to the ASF, with their account,
>and not a robot or proxy, in our current workflow. The push logs still
>record a valid chain of custody.
>
>The analogous situation in the case David was describing, if I am
>understanding it correctly, is that ASF doesn't know of an
>uncommitted/unverified contribution that may lie in Gerrit's review
>queue, possibly pending commit. Unless there's something I am missing,
>I don't understand how that's any more or less recorded or visible
>than a contribution that lies in a personal fork in Github, before it
>has a pull request submitted and merged.
>
>-Ian
>
>On Wed, Jul 15, 2015 at 1:02 PM, Roman Shaposhnik <ro...@shaposhnik.org>
>wrote:
>> On Wed, Jul 15, 2015 at 3:13 AM, Ian Maxon <ima...@uci.edu> wrote:
>>>> 2. The ASF has no record of any contributions that are happening on
>>>> the Gerrit instance at UCI, until a committer decides to push code to
>>>> the ASF repo.
>>>
>>> I'm afraid I don't understand this point. How is this different than
>>> any other distributed version control system? In github, nobody is
>>> aware of a contribution in a fork until a pull request is made. How's
>>> that any different than what's going on here?
>>
>> In Git (and I'd presume any Git-like DVCS) anything but the push logs
>> can be spoofed. Having a record of who actually pushed to the repo
>> is one of the requirement from ASF's standpoint to track chain of
>>custody
>> for the code that lands in out projects.
>>
>> Do realize that this unique requirement comes from the fact that
>> we're a foundation, not just a code hosting site.
>>
>> Thanks,
>> Roman.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
>> For additional commands, e-mail: general-h...@incubator.apache.org
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
>For additional commands, e-mail: general-h...@incubator.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org

Reply via email to