On 2025-07-05 at 19:21:13, Jeff King wrote: > On Sat, Jul 05, 2025 at 01:08:28AM +0200, redoste wrote: > > > Detaching the filename string from the tempfile structure used to cause > > delete_tempfile() to fail and the temporary file was not cleaned up. > > Good catch. I can reproduce this easily with: > > git -c gpg.format=ssh \ > -c user.signingkey=key::does-not-exist \ > commit --allow-empty -S -m foo > > which creates /tmp/.git_signing_key_tmp* and never cleans it up. > > I wonder if it is worth adding a test, or if it would be too weirdly > focused on this obscure case to be very useful against future > regressions. I don't have a strong view either way, but I do wonder if it's a good idea to have the testsuite poking around in `/tmp`, although maybe if we honour `TMPDIR` then it would be possible to do in a tidy way. > > Signed-off-by: redoste <redoste@xxxxxxxxxxx> > > We look for a real name in the sign-off trailer, since it indicates an > acceptance of the DCO and the ability to legally contribute the patch to > the project. See the section of Documentation/SubmittingPatches starting > with the '[[dco]]'. Or here: > > https://git-scm.com/docs/SubmittingPatches#sign-off > > Looking at your web page, it looks like you may prefer not to associate > your online identity with a legal name. I can't remember if we've dealt > with this before. I'm adding brian to the cc, who has given a lot of > thought to naming and privacy issues. I don't know if we have a strict policy. I do know that there are developers who always go by a pseudonym, such as chromatic[0], the contributor to Perl, and obviously we'd want to allow them to contribute. We also let people use shortened forms of their names or initials (for instance, Jeff King). I also have some friends who are trans and have transitioned or are in the process of transitioning but have simply not gotten around to getting legal paperwork done[1]. Obviously they have a distinct and identifiable name that they go by and we'd allow them to use a preferred name. There might also be good reasons that a contributor might not want to use a legal name: harassment, threats, employer hostility, fame[2], or a hostile government, to name a few. I think those are legitimate reasons to contribute pseudonymously. So I would say that if someone has a distinct and identifiable identity that is pseudonymous and that is generally used and visible in the public sphere online, that's probably good enough. While I'm not a lawyer, it's my understanding that in many locales, making a legal promise of sorts (such as a sign-off) is equally binding whether made with one's real name or a pseudonym, so I don't see a problem with the legal aspect of it. [0] https://en.wikipedia.org/wiki/Chromatic_(programmer) [1] In some locales this involves hiring an attorney, getting paperwork from a doctor, and getting a court order, so it can be expensive and kind of a hassle to do. It may also not be legally possible to do that in some places. [2] Notably the frontman of the band Weezer, Rivers Cuomo, is involved in coding under his real name (https://github.com/riverscuomo), but perhaps a CEO, musician, actor, or other famous person might not want their open-source contributions to be associated with their real name. -- brian m. carlson (they/them) Toronto, Ontario, CA
Attachment:
signature.asc
Description: PGP signature
