diff options
author | Angel Leon <gubatron@gmail.com> | 2014-08-22 15:31:43 -0400 |
---|---|---|
committer | bitcoindev <bitcoindev@gnusha.org> | 2014-08-22 19:32:10 +0000 |
commit | 45186e177f47ea6e9a5f50e4bdf21f2b74c4c9b2 (patch) | |
tree | 1aab2aa939c34256eb5a377782636687484776f4 | |
parent | 62f606be9edb4ae80b657958dc18c49a669c2267 (diff) | |
download | pi-bitcoindev-45186e177f47ea6e9a5f50e4bdf21f2b74c4c9b2.tar.gz pi-bitcoindev-45186e177f47ea6e9a5f50e4bdf21f2b74c4c9b2.zip |
Re: [Bitcoin-development] Reconsidering github
-rw-r--r-- | 18/eca0822dc0c14e39e99b6454d6c98183e00131 | 309 |
1 files changed, 309 insertions, 0 deletions
diff --git a/18/eca0822dc0c14e39e99b6454d6c98183e00131 b/18/eca0822dc0c14e39e99b6454d6c98183e00131 new file mode 100644 index 000000000..9cf48b69d --- /dev/null +++ b/18/eca0822dc0c14e39e99b6454d6c98183e00131 @@ -0,0 +1,309 @@ +Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] + helo=mx.sourceforge.net) + by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) + (envelope-from <gubatron@gmail.com>) id 1XKuZG-0006Sx-RS + for bitcoin-development@lists.sourceforge.net; + Fri, 22 Aug 2014 19:32:10 +0000 +Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com + designates 209.85.216.180 as permitted sender) + client-ip=209.85.216.180; envelope-from=gubatron@gmail.com; + helo=mail-qc0-f180.google.com; +Received: from mail-qc0-f180.google.com ([209.85.216.180]) + by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) + (Exim 4.76) id 1XKuZF-0005uN-Gg + for bitcoin-development@lists.sourceforge.net; + Fri, 22 Aug 2014 19:32:10 +0000 +Received: by mail-qc0-f180.google.com with SMTP id l6so11200771qcy.25 + for <bitcoin-development@lists.sourceforge.net>; + Fri, 22 Aug 2014 12:32:04 -0700 (PDT) +X-Received: by 10.229.65.135 with SMTP id j7mr11090543qci.22.1408735924080; + Fri, 22 Aug 2014 12:32:04 -0700 (PDT) +MIME-Version: 1.0 +Received: by 10.140.86.37 with HTTP; Fri, 22 Aug 2014 12:31:43 -0700 (PDT) +In-Reply-To: <2302927.fMx0I5lQth@1337h4x0r> +References: <CAJHLa0NXAYh9HzazN6gArUV8y7J8_G0oqkZqPBgibpW0wRNxKQ@mail.gmail.com> + <2302927.fMx0I5lQth@1337h4x0r> +From: Angel Leon <gubatron@gmail.com> +Date: Fri, 22 Aug 2014 15:31:43 -0400 +Message-ID: <CADZB0_ahqNZE93Eb44ba18EteAnF5O5i3dEaAqKeDfbOKZLRDw@mail.gmail.com> +To: xor@freenetproject.org +Content-Type: multipart/alternative; boundary=001a11339d225655ab05013ce4ec +X-Spam-Score: -0.6 (/) +X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. + See http://spamassassin.org/tag/ for more details. + -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for + sender-domain + 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider + (gubatron[at]gmail.com) + -0.0 SPF_PASS SPF: sender matches SPF record + 1.0 HTML_MESSAGE BODY: HTML included in message + -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from + author's domain + 0.1 DKIM_SIGNED Message has a DKIM or DK signature, + not necessarily valid + -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature +X-Headers-End: 1XKuZF-0005uN-Gg +Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net> +Subject: Re: [Bitcoin-development] Reconsidering github +X-BeenThere: bitcoin-development@lists.sourceforge.net +X-Mailman-Version: 2.1.9 +Precedence: list +List-Id: <bitcoin-development.lists.sourceforge.net> +List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, + <mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe> +List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development> +List-Post: <mailto:bitcoin-development@lists.sourceforge.net> +List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help> +List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, + <mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe> +X-List-Received-Date: Fri, 22 Aug 2014 19:32:11 -0000 + +--001a11339d225655ab05013ce4ec +Content-Type: text/plain; charset=UTF-8 + ++1000. Don't fix it if it ain't broken. Don't kill community support. I for +instance wouldn't have contributed or forked if the project hadn't been on +github. + +"Bitcoin has currently 4132 forks on Github. This means that you can get +contributions by pull requests from 4132 developers. That is a HUGE amount, +and you shouldn't ditch that due to not using all features of git :) +To get a grasp of how much that is: When you search projects with more than +4100 forks, there are only 32 of them! +You are one of the top open source projects, and you should be grateful for +that and keep Github up so the other people can send you pull requests with +their improvements :) Volunteer contributions need to be honored and made as +easy as possible, for people are investing their personal time. + +Greetings and thanks for your work, + xor, one developer of https://freenetproject.org" + +http://twitter.com/gubatron + + +On Fri, Aug 22, 2014 at 3:20 PM, xor <xor@freenetproject.org> wrote: + +> On Tuesday, August 19, 2014 08:02:37 AM Jeff Garzik wrote: +> > It would be nice if the issues and git repo for Bitcoin Core were not +> > on such a centralized service as github, nice and convenient as it is. +> +> Assuming there is a problem with that usually is caused by using Git the +> wrong +> way or not knowing its capabilities. Nobody can modify / insert a commit +> before a GnuPG signed commit / tag without breaking the signature. +> More detail at the bottom at [1], I am sparing you this here because I +> suspect +> you already know it and there is something more important I want to stress: +> +> Bitcoin has currently 4132 forks on Github. This means that you can get +> contributions by pull requests from 4132 developers. That is a HUGE amount, +> and you shouldn't ditch that due to not using all features of git :) +> To get a grasp of how much that is: When you search projects with more than +> 4100 forks, there are only 32 of them! +> You are one of the top open source projects, and you should be grateful for +> that and keep Github up so the other people can send you pull requests with +> their improvements :) Volunteer contributions need to be honored and made +> as +> easy as possible, for people are investing their personal time. +> +> Greetings and thanks for your work, +> xor, one developer of https://freenetproject.org +> +> +> [1] If you GPG-sign a commit / tag, you sign its hash, including the hash +> of +> the previous commit. So is a chain of hashes and thus of trust from all +> commits up to what is signed. It's pretty similar to the blockchain +> actually +> :) +> So Github cannot modify anything. If they did, the head of the hash-chain +> would change, and thus the signature would break. Git would notify people +> about that when they pull. +> Of course people can still ignore that warning and let Github rewrite their +> Git history. But people who aren't educated about this shouldn't be release +> managers. They should not even have push access to your main repository, +> they +> should only be sending pull requests. Thats is where the decentralization +> of +> Git is: In the pull-requests. The people who deal with them should verify +> tag +> and possibly even commit signatures carefully, and not accept anything +> which +> is not signed. Also, before deploying a binary, the very same commit which +> is +> going to become a binary has to be given a signed tag by the release +> manager, +> and by everyone who reviews the code. The person who deploys the actual +> binary +> needs to verify that signature. +> There is an article which elaborates on some of the ways you have to ensure +> Github doesn't insert malicious code - but please read it with care, some +> of +> its recommendations are bad, especially the part where its about rebasing +> because that DOES rewrite history which is what you want to prevent: +> http://mikegerwitz.com/papers/git-horror-story +> +> +> +> +> ------------------------------------------------------------------------------ +> Slashdot TV. +> Video for Nerds. Stuff that matters. +> http://tv.slashdot.org/ +> _______________________________________________ +> Bitcoin-development mailing list +> Bitcoin-development@lists.sourceforge.net +> https://lists.sourceforge.net/lists/listinfo/bitcoin-development +> +> + +--001a11339d225655ab05013ce4ec +Content-Type: text/html; charset=UTF-8 +Content-Transfer-Encoding: quoted-printable + +<div dir=3D"ltr">+1000. Don't fix it if it ain't broken. Don't = +kill community support. I for instance wouldn't have contributed or for= +ked if the project hadn't been on github.<br><br>"<span style=3D"f= +ont-family:arial,sans-serif;font-size:13px">Bitcoin has currently 4132 fork= +s on Github. This means that you can get</span><br style=3D"font-family:ari= +al,sans-serif;font-size:13px"> + +<span style=3D"font-family:arial,sans-serif;font-size:13px">contributions b= +y pull requests from 4132 developers. That is a HUGE amount,</span><br styl= +e=3D"font-family:arial,sans-serif;font-size:13px"><span style=3D"font-famil= +y:arial,sans-serif;font-size:13px">and you shouldn't ditch that due to = +not using all features of git :)</span><br style=3D"font-family:arial,sans-= +serif;font-size:13px"> + +<span style=3D"font-family:arial,sans-serif;font-size:13px">To get a grasp = +of how much that is: When you search projects with more than</span><br styl= +e=3D"font-family:arial,sans-serif;font-size:13px"><span style=3D"font-famil= +y:arial,sans-serif;font-size:13px">4100 forks, there are only 32 of them!</= +span><br style=3D"font-family:arial,sans-serif;font-size:13px"> + +<span style=3D"font-family:arial,sans-serif;font-size:13px">You are one of = +the top open source projects, and you should be grateful for</span><br styl= +e=3D"font-family:arial,sans-serif;font-size:13px"><span style=3D"font-famil= +y:arial,sans-serif;font-size:13px">that and keep Github up so the other peo= +ple can send you pull requests with</span><br style=3D"font-family:arial,sa= +ns-serif;font-size:13px"> + +<span style=3D"font-family:arial,sans-serif;font-size:13px">their improveme= +nts :) Volunteer contributions need to be honored and made as</span><br sty= +le=3D"font-family:arial,sans-serif;font-size:13px"><span style=3D"font-fami= +ly:arial,sans-serif;font-size:13px">easy as possible, for people are invest= +ing their personal time.</span><br style=3D"font-family:arial,sans-serif;fo= +nt-size:13px"> + +<br style=3D"font-family:arial,sans-serif;font-size:13px"><span style=3D"fo= +nt-family:arial,sans-serif;font-size:13px">Greetings and thanks for your wo= +rk,</span><br style=3D"font-family:arial,sans-serif;font-size:13px"><span s= +tyle=3D"font-family:arial,sans-serif;font-size:13px">=C2=A0 =C2=A0 =C2=A0 = +=C2=A0 xor, one developer of=C2=A0</span><a href=3D"https://freenetproject.= +org/" target=3D"_blank" style=3D"font-family:arial,sans-serif;font-size:13p= +x">https://freenetproject.org</a>"</div> + +<div class=3D"gmail_extra"><br clear=3D"all"><div><a href=3D"http://twitter= +.com/gubatron" target=3D"_blank">http://twitter.com/gubatron</a><br></div> +<br><br><div class=3D"gmail_quote">On Fri, Aug 22, 2014 at 3:20 PM, xor <sp= +an dir=3D"ltr"><<a href=3D"mailto:xor@freenetproject.org" target=3D"_bla= +nk">xor@freenetproject.org</a>></span> wrote:<br><blockquote class=3D"gm= +ail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-le= +ft:1ex"> + +<div class=3D"">On Tuesday, August 19, 2014 08:02:37 AM Jeff Garzik wrote:<= +br> +> It would be nice if the issues and git repo for Bitcoin Core were not<= +br> +> on such a centralized service as github, nice and convenient as it is.= +<br> +<br> +</div>Assuming there is a problem with that usually is caused by using Git = +the wrong<br> +way or not knowing its capabilities. Nobody can modify / insert a commit<br= +> +before a GnuPG signed commit / tag without breaking the signature.<br> +More detail at the bottom at [1], I am sparing you this here because I susp= +ect<br> +you already know it and there is something more important I want to stress:= +<br> +<br> +Bitcoin has currently 4132 forks on Github. This means that you can get<br> +contributions by pull requests from 4132 developers. That is a HUGE amount,= +<br> +and you shouldn't ditch that due to not using all features of git :)<br= +> +To get a grasp of how much that is: When you search projects with more than= +<br> +4100 forks, there are only 32 of them!<br> +You are one of the top open source projects, and you should be grateful for= +<br> +that and keep Github up so the other people can send you pull requests with= +<br> +their improvements :) Volunteer contributions need to be honored and made a= +s<br> +easy as possible, for people are investing their personal time.<br> +<br> +Greetings and thanks for your work,<br> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 xor, one developer of <a href=3D"https://freene= +tproject.org" target=3D"_blank">https://freenetproject.org</a><br> +<br> +<br> +[1] If you GPG-sign a commit / tag, you sign its hash, including the hash o= +f<br> +the previous commit. So is a chain of hashes and thus of trust from all<br> +commits up to what is signed. It's pretty similar to the blockchain act= +ually<br> +:)<br> +So Github cannot modify anything. If they did,=C2=A0 the head of the hash-c= +hain<br> +would change, and thus the signature would break. Git would notify people<b= +r> +about that when they pull.<br> +Of course people can still ignore that warning and let Github rewrite their= +<br> +Git history. But people who aren't educated about this shouldn't be= + release<br> +managers. They should not even have push access to your main repository, th= +ey<br> +should only be sending pull requests. Thats is where the decentralization o= +f<br> +Git is: In the pull-requests. The people who deal with them should verify t= +ag<br> +and possibly even commit signatures carefully, and not accept anything whic= +h<br> +is not signed. Also, before deploying a binary, the very same commit which = +is<br> +going to become a binary has to be given a signed tag by the release manage= +r,<br> +and by everyone who reviews the code. The person who deploys the actual bin= +ary<br> +needs to verify that signature.<br> +There is an article which elaborates on some of the ways you have to ensure= +<br> +Github doesn't insert malicious code - but please read it with care, so= +me of<br> +its recommendations are bad, especially the part where its about rebasing<b= +r> +because that DOES rewrite history which is what you want to prevent:<br> +<a href=3D"http://mikegerwitz.com/papers/git-horror-story" target=3D"_blank= +">http://mikegerwitz.com/papers/git-horror-story</a><br> +<br> +<br> +<br>-----------------------------------------------------------------------= +-------<br> +Slashdot TV.<br> +Video for Nerds.=C2=A0 Stuff that matters.<br> +<a href=3D"http://tv.slashdot.org/" target=3D"_blank">http://tv.slashdot.or= +g/</a><br>_______________________________________________<br> +Bitcoin-development mailing list<br> +<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo= +pment@lists.sourceforge.net</a><br> +<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development= +" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de= +velopment</a><br> +<br></blockquote></div><br></div> + +--001a11339d225655ab05013ce4ec-- + + |