Hi Ludo, Thank you for taking the time to draft this new policy. Ludovic Courtès writes: [...] > Taking these comments into accounts, I get: > > @enumerate > @item > Find three committers who would vouch for you. You can view the list of > committers at > @url{https://savannah.gnu.org/project/memberlist.php?group=guix}. Each > of them should email a statement to @email{guix-maintainers@@gnu.org} (a > private alias for the collective of maintainers), signed with their > OpenPGP key. > > Committers are expected to have had some interactions with you as a > contributor and to be able to judge whether you are sufficiently > familiar with the project's practices. It is @emph{not} a judgment on > the quality of your work, so a refusal should rather be interpreted as > ``let's try again later''. > > @item > Send @email{guix-maintainers@@gnu.org} a message stating your intent, > listing the three committers who support your application, signed with > the OpenPGP key you will use to sign commits, and giving its fingerprint > (see below). See @uref{https://emailselfdefense.fsf.org/en/}, for an > introduction to public-key cryptography with GnuPG. Note that Email Self-Defense focuses on the use of Thunderbird + the Enigmail plugin, both of which are missing from our collection of packages. I don't have a better resource to suggest, though. > @item > Once you've been given access, please send a message to > @email{guix-devel@@gnu.org} to say so, again signed with the OpenPGP key > you will use to sign commits. That way, everyone can notice and ensure > you control that OpenPGP key. > > @c TODO: Add note about adding the fingerprint to the list of authorized > @c keys once that has stabilized. > > @item > Make sure to read the rest of this section and... profit! > @end enumerate > > Thanks for your feedback! > > Ludo’. I like the proposal drafted so far. I agree with others that it is important to say that the maintainers reserve the final say in whether or not a contributor is granted push rights to the Guix repository, for transparency. LGTM :-) Maxim