On Sun, Aug 19, 2012 at 8:49 AM, Jens Vagelpohl <j...@dataflake.org> wrote: > > On Aug 18, 2012, at 21:46 , Lennart Regebro <rege...@gmail.com> wrote: > >> Yes, but my question is why this changes with github. > > GitHub is a third party infrastructure run by other people. I cannot > ascertain how well it enforces our requirement that all checkins must be from > signed contributors only.
I have to say that I find it to be without any reasonable doubt without question that you can only wrote to a repository if you have write access. Questioning this is to me somewhat surprising, and we might as well claim that we can't ascertain how well the current SVN server enforces our requirements, as we don't know what undiscovered security holes it might have. > Furthermore, I cannot ascertain that private contributor data remains private > (email addresses etc). Is this really a requirement? Why is this a requirement? All you need to enter at github is an email (which in practice is all we can verify in ZF as well, as all communication is by email). Why does this email address have to remain private? > And since it becomes ever easier to accept code from unknown sources (e.g. > pull requests) legal code ownership becomes an issue again. And that returns me to my first question: Is it really legally different for a contributor to accept a pull request from a non-contributor compared with a contributor merging a patch from a non-contributor? //Lennart _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )