[Bf-committers] Blender Projects: Blender Extensions Add-Ons (scripts/plugins).
mindrones
mindrones at yahoo.it
Sun Mar 7 17:00:40 CET 2010
Hi,
--- On Sun, 3/7/10, jonathan d p ferguson wrote:
> > I will remove scripts from this svn at will if they
> don't meet
> > standards.
>
> Is this a general "I"? Or really the role of a "package
> maintainer"?
At the moment Brandon is taking care of scripts, but generally all of those with
bf-extensions svn access can do that if the script is in trunk/ and really malicious.
> > Any malicious code & the Dev will be immediately
> banned until an
> > explanation
> > is provided and accepted (unlikely!)
> > You will be tried & hung by your peers. Be
> Warned.
>
> EEK! Wouldn't mentorship [13] be better? Does the Blender
> community
> actively punish contributors? My experience with the
> Blender community
> contradicts this statement. It is one of the most friendly,
> and
> encouraging, FOSS communities I know.
I think it was meant to be ironic :)
But yes, I doubt that you can trust again a code that has consciously written some
malicious code no?
> Debian [2,13], Ubuntu [3], and other notable projects use
> the Web of
> Trust [4,5,6,12] created by GnuPG keyrings [7] to keep all
> packages
> (think Operating System Extensions) secure, and tamper free
> [11,12].
> (There are other technical benefits too). The key
> difference, is that
> of guaranteed contributor accountability [12].
>
> Perhaps the Blender project would be wise to adopt
> something similar
> for developers and script-writers?
It's been a lot of work discussing about it and then establishing this, I really
hope we don't change it now that it's all setup... :)
Also, everyone is on 2.5 now, jesterking will be away for a while so I think that
there arent many human resources to do something more elaborate for a bit.
Meanwhile we can trust opinions from the incolved extensions developers, which is
a good start I think.
> Thanks for all the hard work!
Thx :)
By the way, Brandon told me he will be offline for a week for connectivity problems,
I guess he will take care to answer this thread when he'll be back eventually.
Regards,
Luca
>
> have a day.yad
> jdpf
>
> [1] Git is very good at this kind of integration, down to
> the level of
> the source-code, btw. This is because git identifies
> changesets as
> SHA1 hashes.
> [2] New Maintainer website (and process from Debian): https://nm.debian.org/newnm.php
> [3] Contributing to Ubuntu: https://wiki.ubuntu.com/
> ContributeToUbuntu#Contributing%20to%20the%20Universe%20Repository
>
> %20(MOTU)
> [4] GPG Web of Trust: http://www.gnupg.org/gph/en/manual.html
> particularly: http://www.gnupg.org/gph/en/manual.html#WOT-EXAMPLES
> [5] Advogato's Trust Metric http://www.advogato.org/trust-metric.html
> [6] Wikipedia: Web of Trust: http://en.wikipedia.org/wiki/Web_of_trust
> [7] Wikipedia: GPG: http://en.wikipedia.org/wiki/GNU_Privacy_Guard
> [8] A short history of GPG: http://lists.gnupg.org/pipermail/gnupg-announce/2007q4/000268.html
>
> You will find libraries like GPGME much kinder to
> integration
> efforts than some others: http://lists.gnupg.org/pipermail/gnupg-announce/2010q1/000298.html
> [9] US Export restriction law (as recently touched a
> blender
> developer): http://www.bis.doc.gov/encryption/ and http://www.bis.doc.gov/encryption/pubavailencsourcecodenofify.html
>
> for US mirrors and hosting services.
> [10] Electronic Privacy Information Center: http://epic.org/
> [11] GnuPG archive keys of the Debian archive: http://packages.debian.org/lenny/debian-archive-keyring
> [12] Debian's Web of Trust: https://nm.debian.org/nmgraph.php#manager
> [13] The debian-mentors FAQ: http://people.debian.org/~mpalmer/debian-mentors_FAQ.html
_____________
http://www.mindrones.com
More information about the Bf-committers
mailing list