Update MAINTAINERS.md #289
Conversation
|
Please drop my name I file, I'll add it later when you're the maintainer :) Please update commit message to align the template Also are you into any web of trust ? Do you use GPG ? |
|
Done, and "no" to your questions |
|
ok where are you based ? do you know about pgp signing parties ? |
|
I'm located in germany and yes somewhen back in time I had a gpg key for an older email with the reality that noone cared and so I never updated it - and I also never really missed it after that. So yes I know but for now I still have no real need for it |
|
well I am trying to establish a flow for @abandonware/maintainers so I was inspired by debian policy which looks to work well over time... may I suggest to get refresh or create new key and get it signed by established trustworthy orgs, I am mentioning debian but there should be others I let you investigate :) |
|
is it a suggestion or a requirement for being a maintainer? |
|
Well I committed to provide trustworthy maintainership for community |
|
I basically understand your idea but also must say that this is complete overkill from all my experience in the GitHub open source world and community (when you exclude kernel and OS development maybe). But all the Node.js world is not using any of that and I would not know a single project where you need a PGP key - even not Node.js itself. Trust is controlled by reviews and yes commitment and security against hacking attacks is 2FA in the today's world. Trust is shown by contributions and stars and such stuff. I'm very honest: Some of my projects in the smart home world rely on noble and so I try to support because in the end we have the same goal. The alternative is to fork myself again and continue with an own scoped package, but I do not want to do this because it makes more sense to only have one project and I want to contribute to the community. If this, together with the fact that I'm one of the core developers of a smart home system (iobroker) with more then 70k installations and access to all the core projects of that and also maintainer of several highly used libraries where also node-red-plugins and homebrigde-plugins base on, is not enough for you, then I will step back and will close this maintainer PR. Then I just support by doing PRs, all fine. I have too many other projects where I can use my rare time to really bring a difference and I do not have the time for formalisms like this ... |
|
Your points are valid, any opinion from other @abandonware members ? |
|
ping @abandonware/reviewers |
|
Soooo ... 5 months later ;-) I now also start on bleno to look into things ... sooooo.... any update how to continue here? |
|
Well It looks like nobody objected, so we're in good progress. Maybe we can have a short talk with @abandonware/reviewers @abandonware/owners @abandonware/maintainers @abandonware if you want ? Reach me at: |
|
Done. |
Codecov Report
❗ Your organization is not using the GitHub App Integration. As a result you may experience degraded service beginning May 15th. Please install the Github App Integration for your organization. Read more. @@ Coverage Diff @@
## master #289 +/- ##
==========================================
- Coverage 91.87% 91.79% -0.08%
==========================================
Files 25 24 -1
Lines 2929 2902 -27
==========================================
- Hits 2691 2664 -27
Misses 238 238 |
|
@rzr any update on this? |
|
Well I still wish the applicant to be part of an existing community... meanwhile I can do the maintenance , I'll revise my mind when missing in action Relate-to: abandonware/abandonware.github.io#17 |
I certify that I will work on this project to satisfy community interest and not intend to do any malicious changes.
Some references of my OSS contributions and profiles: