[c-lightning] Welcoming a New C-lightning Core Team Member!
ZmnSCPxj at protonmail.com
Wed Feb 28 19:12:33 AEDT 2018
> ZmnSCPxj ZmnSCPxj at protonmail.com writes:
> > Good morning,
> > https://lists.linuxfoundation.org/pipermail/lightning-dev/2018-February/001054.html
> > Is this considered desirable? I am having some difficulty setting up GPG satisfactorily, but I can try to make an effort if this is deemed necessary.
> It goes give us protection against GitHub (or our GH accounts) being
> compromised. Basically it provides some assurance that your code came
> via your machine.
Yes, I understand the concern myself. However, another concern I have is that I cannot be sure of the reliability of my hardware, and hence require backups; however while emulating a recovery scenario I ran into problems that require more time for me to understand and study (which takes away time from actual c-lightning hacking...). So I think this is more a consideration of the relative priorities. Probably at some point I want to set up GPG, but I want to prioritize 0.6 release first... (my directive is to get at least one implementation "mainnet-ready" in the sense that the developers would be somewhat comfortable telling people "okay, go ahead and run it on mainnet"; I do not expect 0.6 to be mainnet-ready in that sense, but it is at least a step towards that)
> But it's only sane if it's completely automated, which means git hooks.
> I haven't ever set it up before either.
I believe recent git (2.0+) can do `git config commit.gpgsign true` to automatically sign all commits you make (including rebasing of commits). Unless you are referring to some other automation?
(maybe you refer to, getting commit signatures verified on the github side prior to being cherry-picked onto the `master` branch instead? is that possible?)
> > Alternatively, you could just revoke my commit access.
> It's nothing to do with you, AFAICT. And I'm more worried about
> mistakes than sabotage anyway.
> I'm not losing sleep over this :)
Revoking commit access to me is a simple enough solution, to my mind. It does not need to imply I am no longer a core team member if I do not have commit access, after all.
More information about the c-lightning