https://pantsbuild.org/ logo
Join Slack
Powered by
I was surprised that I can't merge my `scie-pants`...
# development
b
I was surprised that I can't merge my 
scie-pants
PR unless every commit is signed. https://github.com/pantsbuild/scie-pants/pull/226 We don't have this turned on for other pantsbuild/ repos, so why this one?
I'm also not sure I can sign commits without re-writing history and I HATE force-pushing/rewriting history because it destroys context. šŸ˜¢
h
I don't think John is in this channel anymore, so he won't see this message. Could you recreate the PR?
b
I think that has the same result of not bring genuine with the changes history. But I don't think we need John's approval. I think we should be consistent across all Pantsbuild repos. Additionally John has left that repo to us. https://github.com/pantsbuild/scie-pants/pull/226#issuecomment-1642818117
I propose we turn this off and maybe we can discuss it more openly and come to a public agreement. Otherwise I'm kinda stuck for now.
šŸ‘ 2
h
If we turn it back on later hopefully it doesn't apply retroactively?
b
I don't understand the question šŸ™‚ Like you're worried about it not allowing us to turn it on later because there's unsigned commits?
šŸ‘† 1
(I also don't understand the error, because presumably I wouldn't have signed the squash-merge commit thats merged to 
main
)
I just enabled the setting on a personal repo with unsigned commits. I haven't caught fire, and neither has my repo.
(I'm still perplexed how GitHub could require the squash commit be signed by my key šŸ„“ Maybe it uses its own key after seeing my commits were me?) E.g. "trust me, I trust them"
b
That PR is quite small, so I'd suggest rewriting history is perfectly fine, and not worth blocking merging the PR on resolving a policy question. We're squash-and-merge-ing, so, if someone wants more info, it's not just surfaced in a plain 
git blame ...
, and they'll have to go dig through the PR anyway.
b
OK I'm going to turn it off for this repo. If we decide we want it on, we: ā€¢ should discuss this more thoroughly with more maintainers in the room with a list of the pros/cons ā€¢ be consistent across all pantsbuild repos (where it makes sense)
h
Are there cons to signing commits?
Other than the extra hassle of setting it up?
b
I think that hassle is a barrier to entry. And if someone hadn't signed commits, they have to destroy the history in their PR to do so šŸ˜• For every PR we had from new folks in the last 3 months how many were verified? What about other popular open source repos?
Open in Slack
PreviousNext
Powered by