Re: [aur-dev] AUR 4 and licensing
Showing it during a push would be flawed because then it's too late for them not to agree to it.
A Git pre-commit hook on the server side should be fine. On the web side of the AUR, a list of accepted ToS users should be kept, and then on every push check to see if they've been added. Reminding users about the GPL on a push probably isn't a bad idea either. I can't remember how to get the current commiter's email address, but the hook would probably look something like this. ``` if [ ! -f /tmp/userlist_accepted/$git_email ]; then printf "Please visit https://aur.archlinux.org/ and accept the terms of service first.\n" exit 1 done printf "All content posted to the AUR must be licensed under GPLv3.\n" ``` If maintaining another list of private email addresses is too much of a pain, just hash them and the list could be public without any privacy concerns (assuming it isn't md5sum or something equally weak).
On Mon, 13 Apr 2015 at 14:26:08, David Manouchehri wrote:
Showing it during a push would be flawed because then it's too late for them not to agree to it.
A Git pre-commit hook on the server side should be fine. On the web side of the AUR, a list of accepted ToS users should be kept, and then on every push check to see if they've been added. Reminding users about the GPL on a push probably isn't a bad idea either.
I can't remember how to get the current commiter's email address, but the hook would probably look something like this.
``` if [ ! -f /tmp/userlist_accepted/$git_email ]; then printf "Please visit https://aur.archlinux.org/ and accept the terms of service first.\n" exit 1 done
printf "All content posted to the AUR must be licensed under GPLv3.\n" ```
If maintaining another list of private email addresses is too much of a pain, just hash them and the list could be public without any privacy concerns (assuming it isn't md5sum or something equally weak).
In order to `git push` a package repository, you need to add your SSH public key to the AUR profile which means you need to log into the web interface and accept the ToS. No need for something complicated involving Git hooks and email address filters.
On 13/04, David Manouchehri wrote:
A Git pre-commit hook on the server side should be fine.
This is Git, not SVN. -- Sincerely, Johannes Löthberg PGP Key ID: 0x50FB9B273A9D0BB5 https://theos.kyriasis.com/~kyrias/
Git has a pre-commit hook which is triggered prior to a commit and many more. Read https://www.kernel.org/pub/software/scm/git/docs/githooks.html for more detail. On Mon, Apr 13, 2015 at 2:57 PM, Johannes Löthberg <johannes@kyriasis.com> wrote:
On 13/04, David Manouchehri wrote:
A Git pre-commit hook on the server side should be fine.
This is Git, not SVN.
-- Sincerely, Johannes Löthberg PGP Key ID: 0x50FB9B273A9D0BB5 https://theos.kyriasis.com/~kyrias/
On 13/04, Gordian Edenhofer wrote:
Git has a pre-commit hook which is triggered prior to a commit and many more. Read https://www.kernel.org/pub/software/scm/git/docs/githooks.html for more detail.
I'm aware of how git’s hooks work. You do not seem to though. Git is a DVCS, unlike SVN. You cannot have a pre-commit hook on the server. -- Sincerely, Johannes Löthberg PGP Key ID: 0x50FB9B273A9D0BB5 https://theos.kyriasis.com/~kyrias/
On Mon, Apr 13, 2015 at 8:28 AM, Johannes Löthberg <johannes@kyriasis.com> wrote:
On 13/04, Gordian Edenhofer wrote:
Git has a pre-commit hook which is triggered prior to a commit and many more. Read https://www.kernel.org/pub/software/scm/git/docs/githooks.html for more detail.
I'm aware of how git’s hooks work. You do not seem to though. Git is a DVCS, unlike SVN. You cannot have a pre-commit hook on the server.
You don't sound like you are aware, because you are wrong. http://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks https://www.atlassian.com/git/tutorials/git-hooks/server-side-hooks http://git-scm.com/book/en/v2/Customizing-Git-An-Example-Git-Enforced-Policy -Dan
On 13/04, Dan McGee wrote:
On Mon, Apr 13, 2015 at 8:28 AM, Johannes Löthberg <johannes@kyriasis.com> wrote:
On 13/04, Gordian Edenhofer wrote:
Git has a pre-commit hook which is triggered prior to a commit and many more. Read https://www.kernel.org/pub/software/scm/git/docs/githooks.html for more detail.
I'm aware of how git’s hooks work. You do not seem to though. Git is a DVCS, unlike SVN. You cannot have a pre-commit hook on the server.
You don't sound like you are aware, because you are wrong.
http://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks https://www.atlassian.com/git/tutorials/git-hooks/server-side-hooks http://git-scm.com/book/en/v2/Customizing-Git-An-Example-Git-Enforced-Policy
Alas I am not. For one, actually look at your second link where it says that there are 3 server-side hooks and note how none of them are pre-commit. -- Sincerely, Johannes Löthberg PGP Key ID: 0x50FB9B273A9D0BB5 https://theos.kyriasis.com/~kyrias/
On Mon, Apr 13, 2015 at 8:42 AM, Johannes Löthberg <johannes@kyriasis.com> wrote:
On 13/04, Dan McGee wrote:
On Mon, Apr 13, 2015 at 8:28 AM, Johannes Löthberg <johannes@kyriasis.com> wrote:
On 13/04, Gordian Edenhofer wrote:
Git has a pre-commit hook which is triggered prior to a commit and many more. Read https://www.kernel.org/pub/software/scm/git/docs/githooks.html for more detail.
I'm aware of how git’s hooks work. You do not seem to though. Git is a DVCS, unlike SVN. You cannot have a pre-commit hook on the server.
You don't sound like you are aware, because you are wrong.
http://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks https://www.atlassian.com/git/tutorials/git-hooks/server-side-hooks
http://git-scm.com/book/en/v2/Customizing-Git-An-Example-Git-Enforced-Policy
Alas I am not. For one, actually look at your second link where it says that there are 3 server-side hooks and note how none of them are pre-commit.
He mentioned "and many more"; you're gravitating toward pre-commit. I'm guessing no one here thinks you will be able to stop someone from committing locally. If you want to be pedantic, fine- you win, go buy yourself a cookie or something. If you want to be practical, there are several ways server-side hooks can solve the original problem here. Showing a message on push would be fine; Github does this exact type of thing if you don't have permissions to push to a repository there. In the case of the AUR, you would check for that, any necessary agreements on licensing, etc. and reject the push while providing a helpful "Please go visit http://example.com/tos to accept the conditions of the AUR before pushing your changes." -Dan
On 13/04, Dan McGee wrote:
Alas I am not. For one, actually look at your second link where it says that there are 3 server-side hooks and note how none of them are pre-commit.
He mentioned "and many more"; you're gravitating toward pre-commit. I'm guessing no one here thinks you will be able to stop someone from committing locally.
And we were discussing a specific git hook the whole time.
If you want to be pedantic, fine- you win, go buy yourself a cookie or something.
I'm not being pedantic, I'm actually following the discussion, not bringing up irrelevant things.
If you want to be practical, there are several ways server-side hooks can solve the original problem here. Showing a message on push would be fine; Github does this exact type of thing if you don't have permissions to push to a repository there. In the case of the AUR, you would check for that, any necessary agreements on licensing, etc. and reject the push while providing a helpful "Please go visit http://example.com/tos to accept the conditions of the AUR before pushing your changes."
Check how? Have to remember to include a long message saying you agree to it in every commit and then have the server check for that message? -- Sincerely, Johannes Löthberg PGP Key ID: 0x50FB9B273A9D0BB5 https://theos.kyriasis.com/~kyrias/
I would approach similiar how Lukas has already explained: In order to `git push` a package repository, you need to add your SSH
public key to the AUR profile which means you need to log into the web interface and accept the ToS. No need for something complicated
involving Git hooks and email address filters. All in all I think that it would clear all licensing issues when the user must accept the ToS prior to pushing to git-repo. Everytime he does so, after the key has been properly configured and the license was accepted, I would suggest printing a small note. If the user wishes to upload the files via the main website there should simply be an checkbox for that. On Mon, Apr 13, 2015 at 3:52 PM, Johannes Löthberg <johannes@kyriasis.com> wrote:
On 13/04, Dan McGee wrote:
Alas I am not. For one, actually look at your second link where it says
that there are 3 server-side hooks and note how none of them are pre-commit.
He mentioned "and many more"; you're gravitating toward pre-commit. I'm guessing no one here thinks you will be able to stop someone from committing locally.
And we were discussing a specific git hook the whole time.
If you want to be pedantic, fine- you win, go buy yourself a cookie or
something.
I'm not being pedantic, I'm actually following the discussion, not bringing up irrelevant things.
If you want to be practical, there are several ways server-side hooks
can solve the original problem here. Showing a message on push would be fine; Github does this exact type of thing if you don't have permissions to push to a repository there. In the case of the AUR, you would check for that, any necessary agreements on licensing, etc. and reject the push while providing a helpful "Please go visit http://example.com/tos to accept the conditions of the AUR before pushing your changes."
Check how? Have to remember to include a long message saying you agree to it in every commit and then have the server check for that message?
-- Sincerely, Johannes Löthberg PGP Key ID: 0x50FB9B273A9D0BB5 https://theos.kyriasis.com/~kyrias/
Sorry, the hook is probably called pre-receive not pre-commit. However the procdeure stays more or less the same. Github for examples reminds users if they push to a deprecated url, which still works but was moved. On Mon, Apr 13, 2015 at 3:42 PM, Johannes Löthberg <johannes@kyriasis.com> wrote:
On 13/04, Dan McGee wrote:
On Mon, Apr 13, 2015 at 8:28 AM, Johannes Löthberg <johannes@kyriasis.com> wrote:
On 13/04, Gordian Edenhofer wrote:
Git has a pre-commit hook which is triggered prior to a commit and many more. Read https://www.kernel.org/pub/software/scm/git/docs/githooks.html for more detail.
I'm aware of how git’s hooks work. You do not seem to though. Git is a DVCS, unlike SVN. You cannot have a pre-commit hook on the server.
You don't sound like you are aware, because you are wrong.
http://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks https://www.atlassian.com/git/tutorials/git-hooks/server-side-hooks
http://git-scm.com/book/en/v2/Customizing-Git-An-Example-Git-Enforced-Policy
Alas I am not. For one, actually look at your second link where it says that there are 3 server-side hooks and note how none of them are pre-commit.
-- Sincerely, Johannes Löthberg PGP Key ID: 0x50FB9B273A9D0BB5 https://theos.kyriasis.com/~kyrias/
participants (5)
-
Dan McGee
-
David Manouchehri
-
Gordian Edenhofer
-
Johannes Löthberg
-
Lukas Fleischer