summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAngel Leon <gubatron@gmail.com>2014-08-22 15:31:43 -0400
committerbitcoindev <bitcoindev@gnusha.org>2014-08-22 19:32:10 +0000
commit45186e177f47ea6e9a5f50e4bdf21f2b74c4c9b2 (patch)
tree1aab2aa939c34256eb5a377782636687484776f4
parent62f606be9edb4ae80b657958dc18c49a669c2267 (diff)
downloadpi-bitcoindev-45186e177f47ea6e9a5f50e4bdf21f2b74c4c9b2.tar.gz
pi-bitcoindev-45186e177f47ea6e9a5f50e4bdf21f2b74c4c9b2.zip
Re: [Bitcoin-development] Reconsidering github
-rw-r--r--18/eca0822dc0c14e39e99b6454d6c98183e00131309
1 files changed, 309 insertions, 0 deletions
diff --git a/18/eca0822dc0c14e39e99b6454d6c98183e00131 b/18/eca0822dc0c14e39e99b6454d6c98183e00131
new file mode 100644
index 000000000..9cf48b69d
--- /dev/null
+++ b/18/eca0822dc0c14e39e99b6454d6c98183e00131
@@ -0,0 +1,309 @@
+Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
+ helo=mx.sourceforge.net)
+ by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
+ (envelope-from <gubatron@gmail.com>) id 1XKuZG-0006Sx-RS
+ for bitcoin-development@lists.sourceforge.net;
+ Fri, 22 Aug 2014 19:32:10 +0000
+Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com
+ designates 209.85.216.180 as permitted sender)
+ client-ip=209.85.216.180; envelope-from=gubatron@gmail.com;
+ helo=mail-qc0-f180.google.com;
+Received: from mail-qc0-f180.google.com ([209.85.216.180])
+ by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
+ (Exim 4.76) id 1XKuZF-0005uN-Gg
+ for bitcoin-development@lists.sourceforge.net;
+ Fri, 22 Aug 2014 19:32:10 +0000
+Received: by mail-qc0-f180.google.com with SMTP id l6so11200771qcy.25
+ for <bitcoin-development@lists.sourceforge.net>;
+ Fri, 22 Aug 2014 12:32:04 -0700 (PDT)
+X-Received: by 10.229.65.135 with SMTP id j7mr11090543qci.22.1408735924080;
+ Fri, 22 Aug 2014 12:32:04 -0700 (PDT)
+MIME-Version: 1.0
+Received: by 10.140.86.37 with HTTP; Fri, 22 Aug 2014 12:31:43 -0700 (PDT)
+In-Reply-To: <2302927.fMx0I5lQth@1337h4x0r>
+References: <CAJHLa0NXAYh9HzazN6gArUV8y7J8_G0oqkZqPBgibpW0wRNxKQ@mail.gmail.com>
+ <2302927.fMx0I5lQth@1337h4x0r>
+From: Angel Leon <gubatron@gmail.com>
+Date: Fri, 22 Aug 2014 15:31:43 -0400
+Message-ID: <CADZB0_ahqNZE93Eb44ba18EteAnF5O5i3dEaAqKeDfbOKZLRDw@mail.gmail.com>
+To: xor@freenetproject.org
+Content-Type: multipart/alternative; boundary=001a11339d225655ab05013ce4ec
+X-Spam-Score: -0.6 (/)
+X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
+ See http://spamassassin.org/tag/ for more details.
+ -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
+ sender-domain
+ 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
+ (gubatron[at]gmail.com)
+ -0.0 SPF_PASS SPF: sender matches SPF record
+ 1.0 HTML_MESSAGE BODY: HTML included in message
+ -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
+ author's domain
+ 0.1 DKIM_SIGNED Message has a DKIM or DK signature,
+ not necessarily valid
+ -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
+X-Headers-End: 1XKuZF-0005uN-Gg
+Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
+Subject: Re: [Bitcoin-development] Reconsidering github
+X-BeenThere: bitcoin-development@lists.sourceforge.net
+X-Mailman-Version: 2.1.9
+Precedence: list
+List-Id: <bitcoin-development.lists.sourceforge.net>
+List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
+ <mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
+List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
+List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
+List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
+List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
+ <mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
+X-List-Received-Date: Fri, 22 Aug 2014 19:32:11 -0000
+
+--001a11339d225655ab05013ce4ec
+Content-Type: text/plain; charset=UTF-8
+
++1000. Don't fix it if it ain't broken. Don't kill community support. I for
+instance wouldn't have contributed or forked if the project hadn't been on
+github.
+
+"Bitcoin has currently 4132 forks on Github. This means that you can get
+contributions by pull requests from 4132 developers. That is a HUGE amount,
+and you shouldn't ditch that due to not using all features of git :)
+To get a grasp of how much that is: When you search projects with more than
+4100 forks, there are only 32 of them!
+You are one of the top open source projects, and you should be grateful for
+that and keep Github up so the other people can send you pull requests with
+their improvements :) Volunteer contributions need to be honored and made as
+easy as possible, for people are investing their personal time.
+
+Greetings and thanks for your work,
+ xor, one developer of https://freenetproject.org"
+
+http://twitter.com/gubatron
+
+
+On Fri, Aug 22, 2014 at 3:20 PM, xor <xor@freenetproject.org> wrote:
+
+> On Tuesday, August 19, 2014 08:02:37 AM Jeff Garzik wrote:
+> > It would be nice if the issues and git repo for Bitcoin Core were not
+> > on such a centralized service as github, nice and convenient as it is.
+>
+> Assuming there is a problem with that usually is caused by using Git the
+> wrong
+> way or not knowing its capabilities. Nobody can modify / insert a commit
+> before a GnuPG signed commit / tag without breaking the signature.
+> More detail at the bottom at [1], I am sparing you this here because I
+> suspect
+> you already know it and there is something more important I want to stress:
+>
+> Bitcoin has currently 4132 forks on Github. This means that you can get
+> contributions by pull requests from 4132 developers. That is a HUGE amount,
+> and you shouldn't ditch that due to not using all features of git :)
+> To get a grasp of how much that is: When you search projects with more than
+> 4100 forks, there are only 32 of them!
+> You are one of the top open source projects, and you should be grateful for
+> that and keep Github up so the other people can send you pull requests with
+> their improvements :) Volunteer contributions need to be honored and made
+> as
+> easy as possible, for people are investing their personal time.
+>
+> Greetings and thanks for your work,
+> xor, one developer of https://freenetproject.org
+>
+>
+> [1] If you GPG-sign a commit / tag, you sign its hash, including the hash
+> of
+> the previous commit. So is a chain of hashes and thus of trust from all
+> commits up to what is signed. It's pretty similar to the blockchain
+> actually
+> :)
+> So Github cannot modify anything. If they did, the head of the hash-chain
+> would change, and thus the signature would break. Git would notify people
+> about that when they pull.
+> Of course people can still ignore that warning and let Github rewrite their
+> Git history. But people who aren't educated about this shouldn't be release
+> managers. They should not even have push access to your main repository,
+> they
+> should only be sending pull requests. Thats is where the decentralization
+> of
+> Git is: In the pull-requests. The people who deal with them should verify
+> tag
+> and possibly even commit signatures carefully, and not accept anything
+> which
+> is not signed. Also, before deploying a binary, the very same commit which
+> is
+> going to become a binary has to be given a signed tag by the release
+> manager,
+> and by everyone who reviews the code. The person who deploys the actual
+> binary
+> needs to verify that signature.
+> There is an article which elaborates on some of the ways you have to ensure
+> Github doesn't insert malicious code - but please read it with care, some
+> of
+> its recommendations are bad, especially the part where its about rebasing
+> because that DOES rewrite history which is what you want to prevent:
+> http://mikegerwitz.com/papers/git-horror-story
+>
+>
+>
+>
+> ------------------------------------------------------------------------------
+> Slashdot TV.
+> Video for Nerds. Stuff that matters.
+> http://tv.slashdot.org/
+> _______________________________________________
+> Bitcoin-development mailing list
+> Bitcoin-development@lists.sourceforge.net
+> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
+>
+>
+
+--001a11339d225655ab05013ce4ec
+Content-Type: text/html; charset=UTF-8
+Content-Transfer-Encoding: quoted-printable
+
+<div dir=3D"ltr">+1000. Don&#39;t fix it if it ain&#39;t broken. Don&#39;t =
+kill community support. I for instance wouldn&#39;t have contributed or for=
+ked if the project hadn&#39;t been on github.<br><br>&quot;<span style=3D"f=
+ont-family:arial,sans-serif;font-size:13px">Bitcoin has currently 4132 fork=
+s on Github. This means that you can get</span><br style=3D"font-family:ari=
+al,sans-serif;font-size:13px">
+
+<span style=3D"font-family:arial,sans-serif;font-size:13px">contributions b=
+y pull requests from 4132 developers. That is a HUGE amount,</span><br styl=
+e=3D"font-family:arial,sans-serif;font-size:13px"><span style=3D"font-famil=
+y:arial,sans-serif;font-size:13px">and you shouldn&#39;t ditch that due to =
+not using all features of git :)</span><br style=3D"font-family:arial,sans-=
+serif;font-size:13px">
+
+<span style=3D"font-family:arial,sans-serif;font-size:13px">To get a grasp =
+of how much that is: When you search projects with more than</span><br styl=
+e=3D"font-family:arial,sans-serif;font-size:13px"><span style=3D"font-famil=
+y:arial,sans-serif;font-size:13px">4100 forks, there are only 32 of them!</=
+span><br style=3D"font-family:arial,sans-serif;font-size:13px">
+
+<span style=3D"font-family:arial,sans-serif;font-size:13px">You are one of =
+the top open source projects, and you should be grateful for</span><br styl=
+e=3D"font-family:arial,sans-serif;font-size:13px"><span style=3D"font-famil=
+y:arial,sans-serif;font-size:13px">that and keep Github up so the other peo=
+ple can send you pull requests with</span><br style=3D"font-family:arial,sa=
+ns-serif;font-size:13px">
+
+<span style=3D"font-family:arial,sans-serif;font-size:13px">their improveme=
+nts :) Volunteer contributions need to be honored and made as</span><br sty=
+le=3D"font-family:arial,sans-serif;font-size:13px"><span style=3D"font-fami=
+ly:arial,sans-serif;font-size:13px">easy as possible, for people are invest=
+ing their personal time.</span><br style=3D"font-family:arial,sans-serif;fo=
+nt-size:13px">
+
+<br style=3D"font-family:arial,sans-serif;font-size:13px"><span style=3D"fo=
+nt-family:arial,sans-serif;font-size:13px">Greetings and thanks for your wo=
+rk,</span><br style=3D"font-family:arial,sans-serif;font-size:13px"><span s=
+tyle=3D"font-family:arial,sans-serif;font-size:13px">=C2=A0 =C2=A0 =C2=A0 =
+=C2=A0 xor, one developer of=C2=A0</span><a href=3D"https://freenetproject.=
+org/" target=3D"_blank" style=3D"font-family:arial,sans-serif;font-size:13p=
+x">https://freenetproject.org</a>&quot;</div>
+
+<div class=3D"gmail_extra"><br clear=3D"all"><div><a href=3D"http://twitter=
+.com/gubatron" target=3D"_blank">http://twitter.com/gubatron</a><br></div>
+<br><br><div class=3D"gmail_quote">On Fri, Aug 22, 2014 at 3:20 PM, xor <sp=
+an dir=3D"ltr">&lt;<a href=3D"mailto:xor@freenetproject.org" target=3D"_bla=
+nk">xor@freenetproject.org</a>&gt;</span> wrote:<br><blockquote class=3D"gm=
+ail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-le=
+ft:1ex">
+
+<div class=3D"">On Tuesday, August 19, 2014 08:02:37 AM Jeff Garzik wrote:<=
+br>
+&gt; It would be nice if the issues and git repo for Bitcoin Core were not<=
+br>
+&gt; on such a centralized service as github, nice and convenient as it is.=
+<br>
+<br>
+</div>Assuming there is a problem with that usually is caused by using Git =
+the wrong<br>
+way or not knowing its capabilities. Nobody can modify / insert a commit<br=
+>
+before a GnuPG signed commit / tag without breaking the signature.<br>
+More detail at the bottom at [1], I am sparing you this here because I susp=
+ect<br>
+you already know it and there is something more important I want to stress:=
+<br>
+<br>
+Bitcoin has currently 4132 forks on Github. This means that you can get<br>
+contributions by pull requests from 4132 developers. That is a HUGE amount,=
+<br>
+and you shouldn&#39;t ditch that due to not using all features of git :)<br=
+>
+To get a grasp of how much that is: When you search projects with more than=
+<br>
+4100 forks, there are only 32 of them!<br>
+You are one of the top open source projects, and you should be grateful for=
+<br>
+that and keep Github up so the other people can send you pull requests with=
+<br>
+their improvements :) Volunteer contributions need to be honored and made a=
+s<br>
+easy as possible, for people are investing their personal time.<br>
+<br>
+Greetings and thanks for your work,<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 xor, one developer of <a href=3D"https://freene=
+tproject.org" target=3D"_blank">https://freenetproject.org</a><br>
+<br>
+<br>
+[1] If you GPG-sign a commit / tag, you sign its hash, including the hash o=
+f<br>
+the previous commit. So is a chain of hashes and thus of trust from all<br>
+commits up to what is signed. It&#39;s pretty similar to the blockchain act=
+ually<br>
+:)<br>
+So Github cannot modify anything. If they did,=C2=A0 the head of the hash-c=
+hain<br>
+would change, and thus the signature would break. Git would notify people<b=
+r>
+about that when they pull.<br>
+Of course people can still ignore that warning and let Github rewrite their=
+<br>
+Git history. But people who aren&#39;t educated about this shouldn&#39;t be=
+ release<br>
+managers. They should not even have push access to your main repository, th=
+ey<br>
+should only be sending pull requests. Thats is where the decentralization o=
+f<br>
+Git is: In the pull-requests. The people who deal with them should verify t=
+ag<br>
+and possibly even commit signatures carefully, and not accept anything whic=
+h<br>
+is not signed. Also, before deploying a binary, the very same commit which =
+is<br>
+going to become a binary has to be given a signed tag by the release manage=
+r,<br>
+and by everyone who reviews the code. The person who deploys the actual bin=
+ary<br>
+needs to verify that signature.<br>
+There is an article which elaborates on some of the ways you have to ensure=
+<br>
+Github doesn&#39;t insert malicious code - but please read it with care, so=
+me of<br>
+its recommendations are bad, especially the part where its about rebasing<b=
+r>
+because that DOES rewrite history which is what you want to prevent:<br>
+<a href=3D"http://mikegerwitz.com/papers/git-horror-story" target=3D"_blank=
+">http://mikegerwitz.com/papers/git-horror-story</a><br>
+<br>
+<br>
+<br>-----------------------------------------------------------------------=
+-------<br>
+Slashdot TV.<br>
+Video for Nerds.=C2=A0 Stuff that matters.<br>
+<a href=3D"http://tv.slashdot.org/" target=3D"_blank">http://tv.slashdot.or=
+g/</a><br>_______________________________________________<br>
+Bitcoin-development mailing list<br>
+<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
+pment@lists.sourceforge.net</a><br>
+<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
+" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
+velopment</a><br>
+<br></blockquote></div><br></div>
+
+--001a11339d225655ab05013ce4ec--
+
+