Re: Mercurial 0.4b vs git patchbomb benchmark
From: Sean <hidden>
Date: 2005-04-29 19:21:35
Also in:
lkml
On Fri, April 29, 2005 2:54 pm, Tom Lord said:
The process should not rely on the security of every developer's machine. The process should not rely on simply trusting quality contributors by reputation (e.g., most cons begin by establishing trust and continue by relying inappropriately on trust-without-verification). This relates to why Linus' self-advertised process should be raising yellow and red cards all over the place: either he is wasting a huge amount of his own time and should be largely replaced by an automated patch queue manager, or he is being trusted to do more than is humanly possible.
Ahh, you don't believe in the development model that has produced Linux! Personally I do believe in it, so much so that I question the value of signatures at the changeset level. To me it doesn't matter where the code came from just so long as it works. Signatures are just a way to increase the comfort level that the code has passed through a number of people who have shown themselves to be relatively good auditors. That's why I trust the code from my distribution of choice. Everything is out in the open anyway so it's much harder for a con man to do his thing. Sean