rmuir commented on PR #12096: URL: https://github.com/apache/lucene/pull/12096#issuecomment-1399467756
> It's about trust. We don't have `@author` tags etc. in code, but the project does have usernames all over it -- in the form author/committer fields of commits. The process of preparing a release is mechanical, but it definitely requires trust in the RM (`>=` trust required for a commit). And I realize that the gpg signing of release artifacts fills this role (and in a more substantial way), so username in MANIFEST.MF is arguably redundant. But I think broadcasting the identity of the user who produced the artifact makes sense. When the same user _signs_ the artifacts, there's an implicit endorsement of the build user/agent as recorded in the MANIFEST.MF. horseshit. Trust means release was cryptographically signed by GPG. That is it and only it. Please remove this nonsense field, again, the issue is that some apps such as solr display it, and it causes harassment of the user whose username is in there. And I'll state again, if it isn't removed, I'm going to make sure there's a release with something extremely offensive in there. Because there needs to be an end to this. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
