From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:470:142:3::10]:43500) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1imyXH-0002Tq-W1 for guix-patches@gnu.org; Thu, 02 Jan 2020 06:21:06 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1imyXG-0005Ru-Ok for guix-patches@gnu.org; Thu, 02 Jan 2020 06:21:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:60561) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1imyXG-0005Rn-LL for guix-patches@gnu.org; Thu, 02 Jan 2020 06:21:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1imyXG-00085g-HM for guix-patches@gnu.org; Thu, 02 Jan 2020 06:21:02 -0500 Subject: [bug#38846] [PATCH 4/4] DRAFT doc: Add a cooption policy for commit access. Resent-Message-ID: From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <20200101163446.5132-1-ludo@gnu.org> <20200101163446.5132-4-ludo@gnu.org> <87v9pvm4a3.fsf@elephly.net> Date: Thu, 02 Jan 2020 12:20:27 +0100 In-Reply-To: <87v9pvm4a3.fsf@elephly.net> (Ricardo Wurmus's message of "Wed, 01 Jan 2020 19:15:48 +0100") Message-ID: <87o8vmw1dw.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Ricardo Wurmus Cc: guix-maintainers@gnu.org, 38846@debbugs.gnu.org Hello! Ricardo Wurmus skribis: > Ludovic Court=C3=A8s writes: > >> DRAFT: Subject to discussion! >> >> * doc/contributing.texi (Commit Access): Draft a cooptation policy. > > I like this! > >> +Find three committers who would vouch for you, emailing a signed >> +statement to @email{guix-maintainers@@gnu.org} (a private alias for the >> +collective of maintainers). You can view the list of committers at >> +@url{https://savannah.gnu.org/project/memberlist.php?group=3Dguix}. > > I misinterpreted this to mean that the three committers would need to > sign their endorsement=E2=80=A6 That=E2=80=99s actually what I meant, but perhaps this is ambiguous? >> + >> +@item >> +Send @email{guix-maintainers@@gnu.org} a signed message stating your >> +intent, listing the three committers who support your application, and >> +giving the fingerprint of the OpenPGP key you will use to sign commits >> +(see below). > > I think it may be necessary to state that =E2=80=9Csigned=E2=80=9D means = the use of a > cryptographic signature here and not just =E2=80=9C~~ Rekado=E2=80=9D (as= it would be > done on the Wikipedia for example). Perhaps we could link to the email > self defense guide of the FSF? > > https://emailselfdefense.fsf.org/en/ Good points. Taking these comments into accounts, I get: --8<---------------cut here---------------start------------->8--- @enumerate @item Find three committers who would vouch for you. You can view the list of committers at @url{https://savannah.gnu.org/project/memberlist.php?group=3Dguix}. Each of them should email a statement to @email{guix-maintainers@@gnu.org} (a private alias for the collective of maintainers), signed with their OpenPGP key. Committers are expected to have had some interactions with you as a contributor and to be able to judge whether you are sufficiently familiar with the project's practices. It is @emph{not} a judgment on the quality of your work, so a refusal should rather be interpreted as ``let's try again later''. @item Send @email{guix-maintainers@@gnu.org} a message stating your intent, listing the three committers who support your application, signed with the OpenPGP key you will use to sign commits, and giving its fingerprint (see below). See @uref{https://emailselfdefense.fsf.org/en/}, for an introduction to public-key cryptography with GnuPG. @item Once you've been given access, please send a message to @email{guix-devel@@gnu.org} to say so, again signed with the OpenPGP key you will use to sign commits. That way, everyone can notice and ensure you control that OpenPGP key. @c TODO: Add note about adding the fingerprint to the list of authorized @c keys once that has stabilized. @item Make sure to read the rest of this section and... profit! @end enumerate --8<---------------cut here---------------end--------------->8--- Thanks for your feedback! Ludo=E2=80=99.