Open ddimtirov opened 3 years ago
@ddimtirov I am very interested in this topic, have you made progress one year after this issue?
No, I haven't heard back.
That's very unfortunate :( I have added this tool to the https://github.com/todogroup/awesome-ospo list, maybe added traction will make this happen.
Hey All, apologies just catching up on things, I've been hiding away on an internal mirror for a while (this will soon end and be public working only!)
I think to understand this one a chat might be beneficial to help me understand - we've got the issues around re-signing/re-writing contributors - I guess here we are looking at automatically re declaring commit descriptions? (based on a tokenisation ruleset?)
Hi @grovesy I think I have the same issues as you, I need re-signing/re-writing contributors. The patch based workflow is secondary. If you want we can chat in the finos slack, I've requested access to it, and can post here my handle once I have one.
@grovesy I have joined finos slack, "Matthias Bertschy" U03FV4U909H
@matthyx @ddimtirov - new maintainer here 👋 Are we still keen for this feature?
hi @JamieSlome not for me directly since I've changed company, but could be very interesting for others
For some companies, OSS contributions that can be linked to the company raise a risk of reputational damage. For example, a wealth manager may be unwilling to allow contributions in case they suffer a reputational damage by getting sued by patent troll.
To solve this problem, I would propose patch-based workflow with automatic redaction, replacing a list of words with tokens.
Alternatively, this can be applied to
git-push
workflows by rewriting commits, though I'd be weary if we can cover all the metadata.In particular, this functionality interacts with the non-repudiation requirement (#62), which can be retained privately by the contributor in the cases of patch-based workflow.