[Bf-committers] Blender Projects: Blender Extensions Add-Ons (scripts/plugins).
mindrones at yahoo.it
Sun Mar 7 17:00:40 CET 2010
--- On Sun, 3/7/10, jonathan d p ferguson wrote:
> > I will remove scripts from this svn at will if they
> don't meet
> > standards.
> Is this a general "I"? Or really the role of a "package
At the moment Brandon is taking care of scripts, but generally all of those with
bf-extensions svn access can do that if the script is in trunk/ and really malicious.
> > Any malicious code & the Dev will be immediately
> banned until an
> > explanation
> > is provided and accepted (unlikely!)
> > You will be tried & hung by your peers. Be
> EEK! Wouldn't mentorship  be better? Does the Blender
> actively punish contributors? My experience with the
> Blender community
> contradicts this statement. It is one of the most friendly,
> encouraging, FOSS communities I know.
I think it was meant to be ironic :)
But yes, I doubt that you can trust again a code that has consciously written some
malicious code no?
> Debian [2,13], Ubuntu , and other notable projects use
> the Web of
> Trust [4,5,6,12] created by GnuPG keyrings  to keep all
> (think Operating System Extensions) secure, and tamper free
> (There are other technical benefits too). The key
> difference, is that
> of guaranteed contributor accountability .
> Perhaps the Blender project would be wise to adopt
> something similar
> for developers and script-writers?
It's been a lot of work discussing about it and then establishing this, I really
hope we don't change it now that it's all setup... :)
Also, everyone is on 2.5 now, jesterking will be away for a while so I think that
there arent many human resources to do something more elaborate for a bit.
Meanwhile we can trust opinions from the incolved extensions developers, which is
a good start I think.
> Thanks for all the hard work!
By the way, Brandon told me he will be offline for a week for connectivity problems,
I guess he will take care to answer this thread when he'll be back eventually.
> have a day.yad
>  Git is very good at this kind of integration, down to
> the level of
> the source-code, btw. This is because git identifies
> changesets as
> SHA1 hashes.
>  New Maintainer website (and process from Debian): https://nm.debian.org/newnm.php
>  Contributing to Ubuntu: https://wiki.ubuntu.com/
>  GPG Web of Trust: http://www.gnupg.org/gph/en/manual.html
> particularly: http://www.gnupg.org/gph/en/manual.html#WOT-EXAMPLES
>  Advogato's Trust Metric http://www.advogato.org/trust-metric.html
>  Wikipedia: Web of Trust: http://en.wikipedia.org/wiki/Web_of_trust
>  Wikipedia: GPG: http://en.wikipedia.org/wiki/GNU_Privacy_Guard
>  A short history of GPG: http://lists.gnupg.org/pipermail/gnupg-announce/2007q4/000268.html
> You will find libraries like GPGME much kinder to
> efforts than some others: http://lists.gnupg.org/pipermail/gnupg-announce/2010q1/000298.html
>  US Export restriction law (as recently touched a
> developer): http://www.bis.doc.gov/encryption/ and http://www.bis.doc.gov/encryption/pubavailencsourcecodenofify.html
> for US mirrors and hosting services.
>  Electronic Privacy Information Center: http://epic.org/
>  GnuPG archive keys of the Debian archive: http://packages.debian.org/lenny/debian-archive-keyring
>  Debian's Web of Trust: https://nm.debian.org/nmgraph.php#manager
>  The debian-mentors FAQ: http://people.debian.org/~mpalmer/debian-mentors_FAQ.html
More information about the Bf-committers