Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [] Real names in git commit messages

Hi folks,

In March 2020 we decided that real names were not required in commit messages. See (March 12, 2020 - quoted here):

A GitHub account as a contributor is ok, it can be traced back to an individual.
An ECA must be signed in any case. This requires a real email address and this is sufficient.
EMO expectation to committers is to monitor and catch/report shenanigans.
The handbook wording needs an updated and will be investigated separately.

AFAICT the handbook never got updated and we have had a committer reject a commit based on the current wording of the handbook.

I have submitted a PR - but feel free to polish it. - not sure if I did it correctly as it is the 1st(?) merge request on the handbook.


Jonah Graham
Kichwa Coders

On Thu, 12 Mar 2020 at 09:55, Mickael Istria <mistria@xxxxxxxxxx> wrote:

On Thu, Mar 12, 2020 at 2:03 PM Gunnar Wagenknecht <gunnar@xxxxxxxxxxxxxxx> wrote:
So ... do you qualify those commits as anonymous because of names you don't know OR because of synonyms they used in combination with anonymous (random) email addresses?
I'm asking because I think there is a difference. I think we can clearly identify the later but investigating the former is harder. Also, would be good to know the specific case to put them in relation. Thanks!

Here are some examples of commits authors I merged their patch for which I wouldn't be able to easily resolve to the actual identity:

(and there are some others similar with incomplete name and not obvious emails)

Those are insufficient to resolve to actual identity, and I think even for some other cases where we have the identity, there isn't much guarantee about authenticity anyway (commit aren't signed, emails are not authenticated to a name on CLA...), is there?
I don't think such emails are a special case, IMO if you want real names, it cannot be hold only in the commit Signed-Off-By as it's unsafe. It should instead be a matter of signing commit with a key registered on the user portal and mapped to a CLA. This is something out of the scope of committers duties IMO.

The "I don't care" part is a trust base between projects and committers and also guided by the boundaries given by EMO and EDP. If it's a larger project I do expect that this has been vetted within the larger project community anyway. Otherwise you wouldn't be a committer, would you?

Relying on chain of trust and letting committers merge commits that they find OK is good. It's IMO the status quo.
Now, what I'm concerned about is adding a new rule ("real names mandatory") and adding this responsibility to committers. This is IMO not desired, and would lead to not-so-good results anyway for reasons mentioned above about not really trustworthy identity.
I'm find we add a rule requiring a way to resolve to real name, if it's implemented in the processes and tools in an automated way. As long as it's not more work or more checks for committers and ideally not too much difficulty for contributors, that's fine with me.
_______________________________________________ mailing list
To unsubscribe from this list, visit

Back to the top