Éibhear/Gibiris

A case for anonymous pull requests

I've just joined an interesting, open project, and they are – at the moment – using GitHub to manage their collaboration across a geographically diverse membership.

The thing is – and I know this will be a surprise to some, and totally not a surprise to others – I don't have a login for GitHub, despite being an avid coder and promoter of FLOSS1 since a time long before any of GitHub or git or subversion2 were twinkles in their respective daddies' eyes.

Initially, I had no reason for one. Then when a reason came along, I opted to use Gitlab, as it was the plucky upstart at the time, and as I was already familiar with it because I was hosting my own instance of it. Lately it's because GitHub is now owned by Microsoft, and its molding into a shape that meets the latter's goals of community domination continues apace.

Anyway, because I don't have a GitHub account, I could never realistically contribute to the projects that really interest me if they are hosted there. I've since replaced my instance of Gitlab with gitea, which serves my requirements quite well.

Now, wouldn't it be cool if I could clone the repositories that interest me from GitHub into my gitea instance and work on them there, and then raise a pull request on the GitHub project pointing to my gitea repository?

Here's one of the things about the real coolness of git being a "distributed revision control system": it's totally useless if only the code history is distributed, and not the ancillary stuff that has built up around git such as issues and pull requests and the like3.

The forgefed project is looking at this in general, but for pull requests, I don't think even that is necessary. A critical component of a git commit is the identity of the committer/author4. When a pull request is raised, the project would review and assess it for correctness and for the validity of the change, and if they are acceptable, then it can be merged. If the project is concerned about the authenticity of the source of the pull request, then it could require remotely sourced pull requests to have all the commits contained in the them signed and verifiable.

Certainly, this would be difficult to get right, but the logic is there, and there's no real reason to say a pull request is more trustworthy when it comes from a user with an account on GitHub for no other reason than because it comes from a user with an account on GitHub.

Footnotes:

1

"Free/Libre and Open Source Software", though I prefer "Free Software".

2

It's "subversion", not "SVN" or "svn". "svn" is the name of the command-line tool; the name of the system is "subversion". This is one of those hills I will die on, and I will die using a great deal of swear words if I have to.

3

Remember, despite being distributed, the software world has a mass panic attack whenever GitHub goes down!

4

… or both, separately, if they are different and if the user knows how to set the difference in the commit!

You can comment on this post below, or on the matrix room here. If you want, you can "Log in" using your [matrix] ID.

All comments are subject to this site's comment policy.

About

I, Éibhear Ó hAnluain, live in Dublin, and my background is as a Software Engineer. I currently work as an Enterprise Architect in a global organisation. Visit this page to learn about all the ways you can contact me.

It is the policy of this site to ignore or rebuff all requests to host "content" from others. All third-party work presented on this site is done so to facilitate my commentary on the work, and is posted under terms that are under my exclusive control.

Creative Commons Licence
All pages and blog posts in this site are copyright © Éibhear Ó hAnluain, and are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License

All exceptions to the above notice will be noted where applicable.

Powered by o-blog.