[bug#38846] [PATCH 4/4] DRAFT doc: Add a cooption policy for commit access.

[Ludovic Courtès]

Hello!

Ricardo Wurmus <address@hidden> skribis:

> Ludovic Courtès <address@hidden> writes:
>
>> DRAFT: Subject to discussion!
>>
>> * doc/contributing.texi (Commit Access): Draft a cooptation policy.
>
> I like this!
>
>> +Find three committers who would vouch for you, emailing a signed
>> +statement to @email{guix-maintainers@@gnu.org} (a private alias for the
>> +collective of maintainers).  You can view the list of committers at
>> +@url{https://savannah.gnu.org/project/memberlist.php?group=guix}.
>
> I misinterpreted this to mean that the three committers would need to
> sign their endorsement…

That’s actually what I meant, but perhaps this is ambiguous?

>> +
>> +@item
>> +Send @email{guix-maintainers@@gnu.org} a signed message stating your
>> +intent, listing the three committers who support your application, and
>> +giving the fingerprint of the OpenPGP key you will use to sign commits
>> +(see below).
>
> I think it may be necessary to state that “signed” means the use of a
> cryptographic signature here and not just “~~ Rekado” (as it would be
> done on the Wikipedia for example).  Perhaps we could link to the email
> self defense guide of the FSF?
>
>     https://emailselfdefense.fsf.org/en/

Good points.

Taking these comments into accounts, I get:

--8<---------------cut here---------------start------------->8---
@enumerate
@item
Find three committers who would vouch for you.  You can view the list of
committers at
@url{https://savannah.gnu.org/project/memberlist.php?group=guix}.  Each
of them should email a statement to @email{guix-maintainers@@gnu.org} (a
private alias for the collective of maintainers), signed with their
OpenPGP key.

Committers are expected to have had some interactions with you as a
contributor and to be able to judge whether you are sufficiently
familiar with the project's practices.  It is @emph{not} a judgment on
the quality of your work, so a refusal should rather be interpreted as
``let's try again later''.

@item
Send @email{guix-maintainers@@gnu.org} a message stating your intent,
listing the three committers who support your application, signed with
the OpenPGP key you will use to sign commits, and giving its fingerprint
(see below).  See @uref{https://emailselfdefense.fsf.org/en/}, for an
introduction to public-key cryptography with GnuPG.

@item
Once you've been given access, please send a message to
@email{guix-devel@@gnu.org} to say so, again signed with the OpenPGP key
you will use to sign commits.  That way, everyone can notice and ensure
you control that OpenPGP key.

@c TODO: Add note about adding the fingerprint to the list of authorized
@c keys once that has stabilized.

@item
Make sure to read the rest of this section and... profit!
@end enumerate
--8<---------------cut here---------------end--------------->8---

Thanks for your feedback!

Ludo’.