Hi,
On Mon, 15 Jan 2007, Shawn O. Pearce wrote:
> Andy Parkins <andyparkins@xxxxxxxxx> wrote:
>
> > I don't think the argument that Matthias offered ("You just explained
> > why no one should pull from people he does not trust.") is a good one.
> > One might not want trust to be transitive. Just because I trust you,
> > doesn't not mean that I trust those who you trust. The path of
> > getting commits in via a trusted person, perhaps even via multiple
> > levels of transitive trust might not be something that is wanted in
> > every project. Having signed commits would at least give the option.
>
> Yes, that's very valid. But if you trust me and I've gone and built 100
> commits on top of something I got from someone else I trust but that you
> don't trust, you are going to reject all of my changes and ask that I
> rewrite them? That's quite paranoid.
It is not only paranoid. It is bad practice.
We might be tempted to forget in these horrible times that distrust itself
is a perpetuum mobile. Distrust results in distrust. And nobody being
distrusted likes that fact. It makes for a bad working environment, for
less code quality, and quite often, people get ideas from being
distrusted: "If they think I could include a backdoor, well, that might
actually be a good idea!".
Please have a look at the Linux kernel development, or for that matter,
git development itself. Here, people care, people trust, people respect
each other (sometimes YELLING, to keep discussions exciting). And the
result is: nice code.
Ciao,
Dscho
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html