From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:470:142:3::10]:59055)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1ioxTD-0005uj-Sw
 for guix-patches@gnu.org; Tue, 07 Jan 2020 17:37:05 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1ioxTC-0008Tm-Mh
 for guix-patches@gnu.org; Tue, 07 Jan 2020 17:37:03 -0500
Received: from debbugs.gnu.org ([209.51.188.43]:43546)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1ioxTC-0008Td-K3
 for guix-patches@gnu.org; Tue, 07 Jan 2020 17:37:02 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1ioxTC-0000CC-HC
 for guix-patches@gnu.org; Tue, 07 Jan 2020 17:37:02 -0500
Subject: [bug#38846] [PATCH 4/4] DRAFT doc: Add a cooption policy for commit
 access.
Resent-Message-ID: <handler.38846.B38846.1578436590706@debbugs.gnu.org>
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
References: <20200101163446.5132-1-ludo@gnu.org>
 <20200101163446.5132-4-ludo@gnu.org> <87v9pvm4a3.fsf@elephly.net>
 <87o8vmw1dw.fsf@gnu.org>
Date: Tue, 07 Jan 2020 17:36:13 -0500
In-Reply-To: <87o8vmw1dw.fsf@gnu.org> ("Ludovic
 \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\=
 \=\?utf-8\?Q\?s\?\= message of "Thu, 02 Jan 2020 12:20:27 +0100")
Message-ID: <87r20avqqq.fsf@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: Ricardo Wurmus <rekado@elephly.net>, guix-maintainers@gnu.org, 38846@debbugs.gnu.org

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi Ludo,

Thank you for taking the time to draft this new policy.

Ludovic Court=C3=A8s <ludo@gnu.org> writes:


[...]

> Taking these comments into accounts, I get:
>
> @enumerate
> @item
> Find three committers who would vouch for you.  You can view the list of
> committers at
> @url{https://savannah.gnu.org/project/memberlist.php?group=3Dguix}.  Each
> of them should email a statement to @email{guix-maintainers@@gnu.org} (a
> private alias for the collective of maintainers), signed with their
> OpenPGP key.
>
> Committers are expected to have had some interactions with you as a
> contributor and to be able to judge whether you are sufficiently
> familiar with the project's practices.  It is @emph{not} a judgment on
> the quality of your work, so a refusal should rather be interpreted as
> ``let's try again later''.
>
> @item
> Send @email{guix-maintainers@@gnu.org} a message stating your intent,
> listing the three committers who support your application, signed with
> the OpenPGP key you will use to sign commits, and giving its fingerprint
> (see below).  See @uref{https://emailselfdefense.fsf.org/en/}, for an
> introduction to public-key cryptography with GnuPG.

Note that Email Self-Defense focuses on the use of Thunderbird + the
Enigmail plugin, both of which are missing from our collection of
packages.  I don't have a better resource to suggest, though.

> @item
> Once you've been given access, please send a message to
> @email{guix-devel@@gnu.org} to say so, again signed with the OpenPGP key
> you will use to sign commits.  That way, everyone can notice and ensure
> you control that OpenPGP key.
>
> @c TODO: Add note about adding the fingerprint to the list of authorized
> @c keys once that has stabilized.
>
> @item
> Make sure to read the rest of this section and... profit!
> @end enumerate
>
> Thanks for your feedback!
>
> Ludo=E2=80=99.

I like the proposal drafted so far.  I agree with others that it is
important to say that the maintainers reserve the final say in whether
or not a contributor is granted push rights to the Guix repository, for
transparency.

LGTM :-)

Maxim

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEJ9WGpPiQCFQyn/CfEmDkZILmNWIFAl4VB94ACgkQEmDkZILm
NWIm+w//U+RZ94THlO9ACHm0K6w5epPdtM6RG/Dc6OYqnNDT1JOaUrMdGv7kha1G
r+C2iArBPoOgl9j6ZLIzvRDIoh1FOJvWnEoI37faY5uVkZ82DQHnEMOtmzDPa6cd
WdLkxlJxYJwtUlHCDw+Vax09jakBscH55OBqhgQmQ/fS81iEqaCpF0cw9tMVSp6d
UxREYQV2JPv0p27r5fFK1G1ZKkVRYnvn85QaqYTZmStj1w2wGDM9bdwVHYvbScH+
RTnvUoEdrLM5vrx8f4WZSYwPNo4n0R4gR2PF5eJ4Oip8vTpKX7OWndefNYyJt21R
rnO1D6sOJ0tCzimdlKeU/dlWzkUYCG2tgmCwLnRjwm7KMWags9yeyKJ3dc1SWpmI
wGjqi7DlC4Fzy5U0R0UqLT7pTLA+TgHkSAtfykIH9VSkRZZ9ZDegqR1SkoGedeNq
87aSA+ujcagqiNzzhbkXUd4l8RnKFThbvc4ZXrlUOeO6KTAx6FZTZJueLfpEnUxD
uGx8siLDR9MAxi0sR/ec7V89l63MmogdKaygS7XMon2Fkd6KRSpa12m8YwZ04Idv
dmUflEUbPOBHH7oj+lOm2lRIf+fF3gyfvYJ9mFMUGvvdmU0Xkxpj6chu0JCxTvGH
VhiFS3Wyz54L3H7yMBfOSgmEE5g8wf9e/ETOySQlST6rjhFWH8U=
=/fJv
-----END PGP SIGNATURE-----
--=-=-=--