From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:470:142:3::10]:59055) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ioxTD-0005uj-Sw for guix-patches@gnu.org; Tue, 07 Jan 2020 17:37:05 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ioxTC-0008Tm-Mh for guix-patches@gnu.org; Tue, 07 Jan 2020 17:37:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:43546) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ioxTC-0008Td-K3 for guix-patches@gnu.org; Tue, 07 Jan 2020 17:37:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ioxTC-0000CC-HC for guix-patches@gnu.org; Tue, 07 Jan 2020 17:37:02 -0500 Subject: [bug#38846] [PATCH 4/4] DRAFT doc: Add a cooption policy for commit access. Resent-Message-ID: From: Maxim Cournoyer References: <20200101163446.5132-1-ludo@gnu.org> <20200101163446.5132-4-ludo@gnu.org> <87v9pvm4a3.fsf@elephly.net> <87o8vmw1dw.fsf@gnu.org> Date: Tue, 07 Jan 2020 17:36:13 -0500 In-Reply-To: <87o8vmw1dw.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Thu, 02 Jan 2020 12:20:27 +0100") Message-ID: <87r20avqqq.fsf@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: Ricardo Wurmus , guix-maintainers@gnu.org, 38846@debbugs.gnu.org --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Ludo, Thank you for taking the time to draft this new policy. Ludovic Court=C3=A8s writes: [...] > Taking these comments into accounts, I get: > > @enumerate > @item > Find three committers who would vouch for you. You can view the list of > committers at > @url{https://savannah.gnu.org/project/memberlist.php?group=3Dguix}. Each > of them should email a statement to @email{guix-maintainers@@gnu.org} (a > private alias for the collective of maintainers), signed with their > OpenPGP key. > > Committers are expected to have had some interactions with you as a > contributor and to be able to judge whether you are sufficiently > familiar with the project's practices. It is @emph{not} a judgment on > the quality of your work, so a refusal should rather be interpreted as > ``let's try again later''. > > @item > Send @email{guix-maintainers@@gnu.org} a message stating your intent, > listing the three committers who support your application, signed with > the OpenPGP key you will use to sign commits, and giving its fingerprint > (see below). See @uref{https://emailselfdefense.fsf.org/en/}, for an > introduction to public-key cryptography with GnuPG. Note that Email Self-Defense focuses on the use of Thunderbird + the Enigmail plugin, both of which are missing from our collection of packages. I don't have a better resource to suggest, though. > @item > Once you've been given access, please send a message to > @email{guix-devel@@gnu.org} to say so, again signed with the OpenPGP key > you will use to sign commits. That way, everyone can notice and ensure > you control that OpenPGP key. > > @c TODO: Add note about adding the fingerprint to the list of authorized > @c keys once that has stabilized. > > @item > Make sure to read the rest of this section and... profit! > @end enumerate > > Thanks for your feedback! > > Ludo=E2=80=99. I like the proposal drafted so far. I agree with others that it is important to say that the maintainers reserve the final say in whether or not a contributor is granted push rights to the Guix repository, for transparency. LGTM :-) Maxim --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEJ9WGpPiQCFQyn/CfEmDkZILmNWIFAl4VB94ACgkQEmDkZILm NWIm+w//U+RZ94THlO9ACHm0K6w5epPdtM6RG/Dc6OYqnNDT1JOaUrMdGv7kha1G r+C2iArBPoOgl9j6ZLIzvRDIoh1FOJvWnEoI37faY5uVkZ82DQHnEMOtmzDPa6cd WdLkxlJxYJwtUlHCDw+Vax09jakBscH55OBqhgQmQ/fS81iEqaCpF0cw9tMVSp6d UxREYQV2JPv0p27r5fFK1G1ZKkVRYnvn85QaqYTZmStj1w2wGDM9bdwVHYvbScH+ RTnvUoEdrLM5vrx8f4WZSYwPNo4n0R4gR2PF5eJ4Oip8vTpKX7OWndefNYyJt21R rnO1D6sOJ0tCzimdlKeU/dlWzkUYCG2tgmCwLnRjwm7KMWags9yeyKJ3dc1SWpmI wGjqi7DlC4Fzy5U0R0UqLT7pTLA+TgHkSAtfykIH9VSkRZZ9ZDegqR1SkoGedeNq 87aSA+ujcagqiNzzhbkXUd4l8RnKFThbvc4ZXrlUOeO6KTAx6FZTZJueLfpEnUxD uGx8siLDR9MAxi0sR/ec7V89l63MmogdKaygS7XMon2Fkd6KRSpa12m8YwZ04Idv dmUflEUbPOBHH7oj+lOm2lRIf+fF3gyfvYJ9mFMUGvvdmU0Xkxpj6chu0JCxTvGH VhiFS3Wyz54L3H7yMBfOSgmEE5g8wf9e/ETOySQlST6rjhFWH8U= =/fJv -----END PGP SIGNATURE----- --=-=-=--