Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XLDgI-0000Fc-A3 for bitcoin-development@lists.sourceforge.net; Sat, 23 Aug 2014 15:56:43 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.223.172 as permitted sender) client-ip=209.85.223.172; envelope-from=laanwj@gmail.com; helo=mail-ie0-f172.google.com; Received: from mail-ie0-f172.google.com ([209.85.223.172]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1XLDg8-0002cY-Aq for bitcoin-development@lists.sourceforge.net; Sat, 23 Aug 2014 15:56:42 +0000 Received: by mail-ie0-f172.google.com with SMTP id lx4so7914580iec.3 for ; Sat, 23 Aug 2014 08:56:27 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.50.61.195 with SMTP id s3mr5078503igr.29.1408809386989; Sat, 23 Aug 2014 08:56:26 -0700 (PDT) Received: by 10.64.1.209 with HTTP; Sat, 23 Aug 2014 08:56:26 -0700 (PDT) In-Reply-To: References: <2302927.fMx0I5lQth@1337h4x0r> <20140823061701.GQ22640@nl.grid.coop> Date: Sat, 23 Aug 2014 17:56:26 +0200 Message-ID: From: Wladimir To: Pieter Wuille Content-Type: text/plain; charset=UTF-8 X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (laanwj[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1XLDg8-0002cY-Aq Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Reconsidering github X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Aug 2014 15:56:44 -0000 >On Sat, Aug 23, 2014 at 1:38 PM, Pieter Wuille >wrote: > > Note that we're generally aiming (though not yet enforcing) to have > merges done through the github-merge tool, which performs the merge > locally, shows the resulting diff, compares it with the merge done by > github, and GnuPG signs it. Indeed. I always use that look at and test and the merges locally before pushing them. I never use the github merge button. I'd recommend other people to do so as well - and as can be seen with `git log --show-signature` it's common practice. For browsing git history locally I find "gitk" to be a useful tool. I'd absolutely encourage for more people to review code changes. Even better if a few people do this through local tooling instead of the web page. But my gut feeling is that hosting the code on github results in many more eyes on the code overall than would be when requiring *everyone* to use local tools. It's easy to let paranoia get in the way of actual effectiveness. Wladimir