Hi Folks, Can someone clarify in simple terms what the issue is here?
I’m sorry I’m just catching up on this thread, but I want to make sure the podling community for AsterixDB is being supported. Cheers, Chris ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Chris Mattmann, Ph.D. Chief Architect Instrument Software and Science Data Systems Section (398) NASA Jet Propulsion Laboratory Pasadena, CA 91109 USA Office: 168-519, Mailstop: 168-527 Email: chris.a.mattm...@nasa.gov WWW: http://sunset.usc.edu/~mattmann/ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Adjunct Associate Professor, Computer Science Department University of Southern California, Los Angeles, CA 90089 USA ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -----Original Message----- From: Ian Maxon <ima...@uci.edu> Reply-To: "general@incubator.apache.org" <general@incubator.apache.org> Date: Wednesday, July 15, 2015 at 1:22 PM To: "general@incubator.apache.org" <general@incubator.apache.org> Subject: Re: Podling request: Gerrit >> In Git (and I'd presume any Git-like DVCS) anything but the push logs >> can be spoofed. Having a record of who actually pushed to the repo >> is one of the requirement from ASF's standpoint to track chain of >>custody >> for the code that lands in out projects. > >Understood. That's the very reason why we modified our process to its >present state when we began incubation. As stated before in this >thread, the push logs aren't played with- it is always a committer >that actually pushes a contribution to the ASF, with their account, >and not a robot or proxy, in our current workflow. The push logs still >record a valid chain of custody. > >The analogous situation in the case David was describing, if I am >understanding it correctly, is that ASF doesn't know of an >uncommitted/unverified contribution that may lie in Gerrit's review >queue, possibly pending commit. Unless there's something I am missing, >I don't understand how that's any more or less recorded or visible >than a contribution that lies in a personal fork in Github, before it >has a pull request submitted and merged. > >-Ian > >On Wed, Jul 15, 2015 at 1:02 PM, Roman Shaposhnik <ro...@shaposhnik.org> >wrote: >> On Wed, Jul 15, 2015 at 3:13 AM, Ian Maxon <ima...@uci.edu> wrote: >>>> 2. The ASF has no record of any contributions that are happening on >>>> the Gerrit instance at UCI, until a committer decides to push code to >>>> the ASF repo. >>> >>> I'm afraid I don't understand this point. How is this different than >>> any other distributed version control system? In github, nobody is >>> aware of a contribution in a fork until a pull request is made. How's >>> that any different than what's going on here? >> >> In Git (and I'd presume any Git-like DVCS) anything but the push logs >> can be spoofed. Having a record of who actually pushed to the repo >> is one of the requirement from ASF's standpoint to track chain of >>custody >> for the code that lands in out projects. >> >> Do realize that this unique requirement comes from the fact that >> we're a foundation, not just a code hosting site. >> >> Thanks, >> Roman. >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >> For additional commands, e-mail: general-h...@incubator.apache.org >> > >--------------------------------------------------------------------- >To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >For additional commands, e-mail: general-h...@incubator.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
