Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds link to community repo #10380

Merged
merged 1 commit into from
Jan 10, 2025
Merged

Adds link to community repo #10380

merged 1 commit into from
Jan 10, 2025

Conversation

danehans
Copy link
Contributor

Adds a readme link to the community repo.

Fixes #10356

@timflannagan
Copy link
Member

@danehans Is this PR still relevant after the force push to main last month? I took a quick glance at the README and didn't see any references to the community GH repo anywhere.

@danehans
Copy link
Contributor Author

danehans commented Jan 6, 2025

@timflannagan this PR is still applicable. I rebased so PTAL.

ilrudie
ilrudie approved these changes Jan 7, 2025
View reviewed changes
Copy link
Contributor

@ilrudie ilrudie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@jenshu
Copy link
Contributor

jenshu commented Jan 7, 2025

@danehans merging is blocked due to your commits not being signed https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification

@danehans
Copy link
Contributor Author

danehans commented Jan 8, 2025

The PR contains 1 commit that is signed. Let me try rebasing.

@danehans danehans force-pushed the issue_10356 branch 2 times, most recently from 1a0cc6b to ed269e8 Compare January 8, 2025 16:27
@danehans
Copy link
Contributor Author

danehans commented Jan 8, 2025

My commit is signed. The issue appears to be the base branch has unsigned commits.

@timflannagan
Copy link
Member

You might need the commits to be GPG signed unfortunately.

@ilrudie
Copy link
Contributor

ilrudie commented Jan 8, 2025
edited
Loading

yeah, the issue is cryptographic signature not sign-off. We did not enable DCO (sign-off requirement) for this repo.

you could use gpg or ssh to sign commits technically speaking so gpg isn't strictly required

@danehans
Copy link
Contributor Author

danehans commented Jan 8, 2025

@timflannagan @ilrudie thanks for the clarification. I have only used DCO sign-off before. I have setup PGP commit/tag signing and the PR is now passing signing verification. Why is the project using PGP signing instead of DCO?

@timflannagan
Copy link
Member

I'm +1 on DCO only. I'd have to defer to others on why we need GPG commit signing as well. Maybe it's a requirement for CNCF 🤷

@ilrudie
Copy link
Contributor

ilrudie commented Jan 8, 2025

The requirement for commit cryptographic signing is not being used as a replacement for sign-off/DCO. The two are entirely orthogonal but the names are too similar. FWIW, I think DCO without a cryptographic signature is basically meaningless but AFAIK the lawyers are cool with it so the topics may safely remain completely separate.

AFAIK cryptographic signing is a recommendation from the CNCF, but not a strict requirement yet. I turned on the check for a verified signature at the org level because I figured it would not be controversial since everyone I'd ever talked to about it directly considered it basic hygiene for any open source project. If folks feel strongly that we really don't want to require cryptographic signing we should seek community consensus that the project doesn't care about this and then we can turn it off.

@danehans
Copy link
Contributor Author

danehans commented Jan 8, 2025

If folks feel strongly that we really don't want to require cryptographic signing we should seek community consensus that the project doesn't care about this and then we can turn it off.

+1 to remove this requirement.

@ilrudie
Copy link
Contributor

ilrudie commented Jan 8, 2025

If folks feel strongly that we really don't want to require cryptographic signing we should seek community consensus that the project doesn't care about this and then we can turn it off.

+1 to remove this requirement.

I added a topic to the community meeting for commit verification and one for DCO vs CLA. At any rate, this is not the venue to discuss either so I say merge away and we'll take up the signing and sign-off stuff in the meeting. Thanks for GPG signinging your commit in the mean time though.

@ilrudie ilrudie added this pull request to the merge queue Jan 9, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to no response for status checks Jan 9, 2025
@jenshu jenshu added this pull request to the merge queue Jan 10, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to no response for status checks Jan 10, 2025
@timflannagan
Copy link
Member

The MQ should be back online now. @ilrudie @jenshu can one of you requeue when you get a second?

@ilrudie ilrudie added this pull request to the merge queue Jan 10, 2025
Merged via the queue into kgateway-dev:main with commit 608aa78 Jan 10, 2025
8 of 17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ilrudie ilrudie ilrudie approved these changes

@timflannagan timflannagan timflannagan approved these changes

@jenshu jenshu jenshu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Link to Community Repo
4 participants
@danehans @timflannagan @jenshu @ilrudie