Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [] Real names in git commit messages

On Thu, Mar 12, 2020 at 2:03 PM Gunnar Wagenknecht <gunnar@xxxxxxxxxxxxxxx> wrote:
So ... do you qualify those commits as anonymous because of names you don't know OR because of synonyms they used in combination with anonymous (random) email addresses?
I'm asking because I think there is a difference. I think we can clearly identify the later but investigating the former is harder. Also, would be good to know the specific case to put them in relation. Thanks!

Here are some examples of commits authors I merged their patch for which I wouldn't be able to easily resolve to the actual identity:

(and there are some others similar with incomplete name and not obvious emails)

Those are insufficient to resolve to actual identity, and I think even for some other cases where we have the identity, there isn't much guarantee about authenticity anyway (commit aren't signed, emails are not authenticated to a name on CLA...), is there?
I don't think such emails are a special case, IMO if you want real names, it cannot be hold only in the commit Signed-Off-By as it's unsafe. It should instead be a matter of signing commit with a key registered on the user portal and mapped to a CLA. This is something out of the scope of committers duties IMO.

The "I don't care" part is a trust base between projects and committers and also guided by the boundaries given by EMO and EDP. If it's a larger project I do expect that this has been vetted within the larger project community anyway. Otherwise you wouldn't be a committer, would you?

Relying on chain of trust and letting committers merge commits that they find OK is good. It's IMO the status quo.
Now, what I'm concerned about is adding a new rule ("real names mandatory") and adding this responsibility to committers. This is IMO not desired, and would lead to not-so-good results anyway for reasons mentioned above about not really trustworthy identity.
I'm find we add a rule requiring a way to resolve to real name, if it's implemented in the processes and tools in an automated way. As long as it's not more work or more checks for committers and ideally not too much difficulty for contributors, that's fine with me.

Back to the top