Hi,

On Sun, 09 Feb 2025 at 12:43, Tomas Volf <~@wolfsden.cz> wrote:

>> Maybe this is semantic nitpicking, but people who are able to merge are
>> effectively committers, if only potentially limited to some parts of
>> the code.
>
> Given that Guix is (effectively) just a large Scheme program, does the
> "limited to some parts of the code" bring any security compared to full
> access?

Hum, no one is speaking to allow random person able to merge random
piece of code. :-)

I think we could have a kind of “web of trust“.  Somehow, team members
with write access to some dedicated branches and core* members with
write access to master.

Let consider this example: 
https://codeberg.org/guix-science/guix-science/pulls/69

Assume, Ingar is a contributor, zimoun is a regular user, rgarbage is a
team member and civodul is a commiter.

Ingar submits a PR.  zimoun makes a comment.  rgarbage reviews, and
potentially merge to some branch.  civodul sees the green light and
merge to master.

Somehow, a variant of Debian Developer, Maintainer, Contributor, etc.

Therefore, I am not sure the frame of your question is adequate.  But
maybe, I’ve missed something.

Cheers,
simon


*core members: committers in Ludo frame, IIUC.

Reply via email to