| 1 |
>>>>> On Sun, 17 Jun 2018, Kent Fredric wrote: |
| 2 |
|
| 3 |
> On Sun, 10 Jun 2018 22:34:45 +0200 |
| 4 |
> Ulrich Mueller <ulm@g.o> wrote: |
| 5 |
|
| 6 |
>> - Gentoo projects must release their work under GPL-compatible free |
| 7 |
>> software licenses, preferably under GPL-2 or later. CC-BY-SA-3.0 |
| 8 |
>> (or 4.0) can be used for documentation. |
| 9 |
>> |
| 10 |
>> - All commits to Gentoo repositories must be accompanied by a |
| 11 |
>> certificate of origin. Typically, this would be declared by adding |
| 12 |
>> a "Signed-off-by:" line (or several of them) to every commit. |
| 13 |
>> This model is very similar to the one used for development of the |
| 14 |
>> Linux kernel. |
| 15 |
|
| 16 |
> Using the Linux kernel as a reference point, while amicable, is somewhat a |
| 17 |
> dangerous line of reasoning here. Partly, because we have several |
| 18 |
> significant differences in practice from that project, and "we both use |
| 19 |
> Git" is insufficient. |
| 20 |
|
| 21 |
> - We don't have the hierarchy of Marshals who process their lowers |
| 22 |
> contributions. The closest we have to this is Gentoo-Proxy-Maint, but |
| 23 |
> besides that, we have a wild west free-for-all where commits are |
| 24 |
> essentially unmonitored, there is no structural/procedural oversight |
| 25 |
> where higher privileges vet the contributions of lower privileges. |
| 26 |
|
| 27 |
> - We cannot rely on copy/move detection in any reasonable fashion, as: |
| 28 |
> 1. File names are significant data which have source-time |
| 29 |
> consequences. |
| 30 |
|
| 31 |
> 2. File contents are incredibly regular, having high similarity |
| 32 |
> to huge volumes of the tree, making a statistical percentage |
| 33 |
> similarity basis prone to misdetection. |
| 34 |
|
| 35 |
> 3. We routinely employ "copy the file to increment its version" |
| 36 |
> logic, which is practically unseen outside Gentoo, partly, |
| 37 |
> because the reliance on filenames as a versioning system is |
| 38 |
> "you're too poor to have a real VCS", typically speaking, and |
| 39 |
> we only really have it as a historical wart from how we |
| 40 |
> evolved. Such an idea is typically nonsense if you can rely on |
| 41 |
> a VCS to handle versioning for you. |
| 42 |
|
| 43 |
> These factors basically make our workflow, and the nature of the work |
| 44 |
> we do substantially different from the Kernel project, and most other |
| 45 |
> projects. |
| 46 |
|
| 47 |
I don't see how any of this would prevent a committer from adding a |
| 48 |
Signed-off-by line. |
| 49 |
|
| 50 |
>> - The copyright notice, especially for ebuilds, will contain the |
| 51 |
>> name of the largest contributor, plus an "and others" clause when |
| 52 |
>> necessary. (So the "Copyright Gentoo Foundation" lines will be |
| 53 |
>> phased out.) |
| 54 |
|
| 55 |
> This idea to me is just asking for trouble, given the aformentioned |
| 56 |
> factors. |
| 57 |
|
| 58 |
> The need to update copyright year is already a minor burden, smoothed |
| 59 |
> over slightly by the fact repoman can reliably fix it on its own. |
| 60 |
|
| 61 |
> Reliably handling contribution factors however seems difficult, given |
| 62 |
> the stock output given by "git blame" is routinely wrong due to how or |
| 63 |
> workflow operates. |
| 64 |
|
| 65 |
We'll get rid of the line counting in the next iteration of the GLEP |
| 66 |
(to be posted soon), and replace the wording by "the original author, |
| 67 |
or the contributor holding copyright to the largest portion of the |
| 68 |
file." So there will be no need to check the accuracy of the copyright |
| 69 |
notice with every update of an ebuild, because it is a derived work of |
| 70 |
its previous version. However, the copyright notice can be updated |
| 71 |
when the ebuild is rewritten from scratch. |
| 72 |
|
| 73 |
> ( For example, attribution for every virtual/perl-*/*.ebuild should |
| 74 |
> trace back to 56bd759df1d0c750a065b8c845e93d5dfa6b549d when robbat2 |
| 75 |
> committed the first incarnation of those files, as there are many lines |
| 76 |
> that haven't changed since then, but my Git Fu doesn't know of a way to |
| 77 |
> reliably do this without manually implementing new tools that are |
| 78 |
> portage-semantics aware and do log processing, and I say that while |
| 79 |
> actively developing tools that scrape git fast-export to attempt to do |
| 80 |
> something remotely like this, but its quickly approaching the limits of |
| 81 |
> what can be done in a week, let alone regularly ) |
| 82 |
|
| 83 |
See above, we won't do line counting which is unreliable in any case. |
| 84 |
For example, someone who adds or removes a "|| die" would get |
| 85 |
accounted for that line. |
| 86 |
|
| 87 |
> So given that, as it stands, automating this is either: |
| 88 |
|
| 89 |
> a) hard |
| 90 |
> b) impossible |
| 91 |
|
| 92 |
This is obvious, but it is not our aim to automate it. |
| 93 |
|
| 94 |
> [...] |
| 95 |
|
| 96 |
> IN SUMMARY: |
| 97 |
|
| 98 |
> The nature of the proposed changes seems strongly in conflict with the |
| 99 |
> technology we have to use, and will produce no benefit, at the expense |
| 100 |
> of real problems. |
| 101 |
|
| 102 |
It is quite simple, we cannot put the Gentoo Foundation into copyright |
| 103 |
notices, when no copyright assignment took place. |
| 104 |
|
| 105 |
Even the requirement that every contributor must sign an FLA would not |
| 106 |
help us there. IIUC we still wouldn't be allowed to use Foundation |
| 107 |
copyright notices, because the FLA only grants a license but doesn't |
| 108 |
assign copyright. |
| 109 |
|
| 110 |
Ulrich |
Archives