Re: Mercurial 0.4b vs git patchbomb benchmark

From: Sean
Date: Fri Apr 29 2005 - 14:24:54 EST

On Fri, April 29, 2005 2:54 pm, Tom Lord said:

> The process should not rely on the security of every developer's
> machine. The process should not rely on simply trusting quality
> contributors by reputation (e.g., most cons begin by establishing
> trust and continue by relying inappropriately on
> trust-without-verification). This relates to why Linus'
> self-advertised process should be raising yellow and red cards all
> over the place: either he is wasting a huge amount of his own time and
> should be largely replaced by an automated patch queue manager, or he
> is being trusted to do more than is humanly possible.

Ahh, you don't believe in the development model that has produced Linux!
Personally I do believe in it, so much so that I question the value of
signatures at the changeset level. To me it doesn't matter where the code
came from just so long as it works. Signatures are just a way to
increase the comfort level that the code has passed through a number of
people who have shown themselves to be relatively good auditors. That's
why I trust the code from my distribution of choice. Everything is out in
the open anyway so it's much harder for a con man to do his thing.


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at