[dojo-contributors] Dojo Utilities?
neonstalwart at gmail.com
Fri Mar 11 12:37:13 EST 2011
i was thinking along the same lines as Dustin. by using submodules or
forks, we can put our stamp of approval on a project up until the
specific commit we fork or checkin as a submodule. this gives us the
chance to make sure that project owners are doing the right thing before
we update our fork/submodule.
i was also thinking that packages in our package repository may have
some kind of meta data that indicated their standing wrt a dojo
foundation stamp of approval. perhaps even a separate repository/url
that only contained approved packages.
On 3/11/2011 12:25 PM, Dustin Machi wrote:
> From a practical perspective, at least with git, I would have expected that either we would do one of the following:
> a) Maintain a DojoX repository which is essentially a top level structure, perhaps with some boiler plate files/readmes/docs/whatever. Then simply add a git subproject for each of those modules we are 'officially' endorsing (have been vetted by some quality/conformance metrics and are legally clean). These are then available via the single wrapper project, but they also don't 'freewheel' follow the parent repository. They essentially stick to whatever revision you checkin the submodule at until you update and push this back.
> b) Alternatively, or in addition to, we could simply make a standard practice of making a fork at the dojofoundation for any projects we include in our current/past distributions. That doesn't mean we are actually forking their projects to apply changes, it can be a shadow of the master. It is simply a way to eliminate any risk of a repository suddenly disappearing while be included in our 'official' package set.
> In the end I would expect that some modules may live in the Dojotoolkit Organizational Account and others in individual or or other organization accounts. The one plus of forcing someone to take ownership is that it can lead to an automatic distribution of work and makes stale modules/projects drop away on their own when the owner isn't able to maintain the expected criteria.
> On Mar 11, 2011, at 11:44 AM, Tom Trenka wrote:
>>> How is this any better than keeping a list of Dojo foundation approved
>>> accounts/projects? If I want Joe's code in my codebase, I can copy it in
>>> just as easily as I can grant access to someone to add it. Ultimately it
>>> comes down to Dojo committers making proper use of their authority and
>>> delegation of it. If we maintain a list of what we can safely aggregate
>>> into a distribution, that gives us as committers final control over what
>>> can and can't be included in the distribution.
>> I think the question posed by Chris is less about keeping some sort of
>> big repository and more about making sure the hosting itself helps,
>> from a legal standpoint, to show clear IP and "sanctioned" packages.
>> From a practical standpoint, you're right. From a legal one, where
>> say an IBM product includes some sort of distribution, it is a lot
>> easier to prove IP et al if the actual source of something is clear.
>> In other words, if the main distribution was assembled from a repo
>> owned and maintained by the Dojo Foundation, it is a lot easier for
>> IBM's lawyers to approve the distribution--as opposed to having to
>> trace the code history through a bunch of individual GitHub accounts.
>> It also ensures that things like CLAs and such have actually been
>> checked against *before* getting a distribution.
>> Does that make sense? It's kind of wordy and the coffee hasn't
>> entirely kicked in yet =)
>> -- Tom
>> dojo-contributors mailing list
>> dojo-contributors at mail.dojotoolkit.org
> dojo-contributors mailing list
> dojo-contributors at mail.dojotoolkit.org
More information about the dojo-contributors