1 |
>>>>> On Sun, 17 Jun 2018, Kent Fredric wrote: |
2 |
|
3 |
> On Sun, 10 Jun 2018 22:34:45 +0200 |
4 |
> Ulrich Mueller <ulm@g.o> wrote: |
5 |
|
6 |
>> - Gentoo projects must release their work under GPL-compatible free |
7 |
>> software licenses, preferably under GPL-2 or later. CC-BY-SA-3.0 |
8 |
>> (or 4.0) can be used for documentation. |
9 |
>> |
10 |
>> - All commits to Gentoo repositories must be accompanied by a |
11 |
>> certificate of origin. Typically, this would be declared by adding |
12 |
>> a "Signed-off-by:" line (or several of them) to every commit. |
13 |
>> This model is very similar to the one used for development of the |
14 |
>> Linux kernel. |
15 |
|
16 |
> Using the Linux kernel as a reference point, while amicable, is somewhat a |
17 |
> dangerous line of reasoning here. Partly, because we have several |
18 |
> significant differences in practice from that project, and "we both use |
19 |
> Git" is insufficient. |
20 |
|
21 |
> - We don't have the hierarchy of Marshals who process their lowers |
22 |
> contributions. The closest we have to this is Gentoo-Proxy-Maint, but |
23 |
> besides that, we have a wild west free-for-all where commits are |
24 |
> essentially unmonitored, there is no structural/procedural oversight |
25 |
> where higher privileges vet the contributions of lower privileges. |
26 |
|
27 |
> - We cannot rely on copy/move detection in any reasonable fashion, as: |
28 |
> 1. File names are significant data which have source-time |
29 |
> consequences. |
30 |
|
31 |
> 2. File contents are incredibly regular, having high similarity |
32 |
> to huge volumes of the tree, making a statistical percentage |
33 |
> similarity basis prone to misdetection. |
34 |
|
35 |
> 3. We routinely employ "copy the file to increment its version" |
36 |
> logic, which is practically unseen outside Gentoo, partly, |
37 |
> because the reliance on filenames as a versioning system is |
38 |
> "you're too poor to have a real VCS", typically speaking, and |
39 |
> we only really have it as a historical wart from how we |
40 |
> evolved. Such an idea is typically nonsense if you can rely on |
41 |
> a VCS to handle versioning for you. |
42 |
|
43 |
> These factors basically make our workflow, and the nature of the work |
44 |
> we do substantially different from the Kernel project, and most other |
45 |
> projects. |
46 |
|
47 |
I don't see how any of this would prevent a committer from adding a |
48 |
Signed-off-by line. |
49 |
|
50 |
>> - The copyright notice, especially for ebuilds, will contain the |
51 |
>> name of the largest contributor, plus an "and others" clause when |
52 |
>> necessary. (So the "Copyright Gentoo Foundation" lines will be |
53 |
>> phased out.) |
54 |
|
55 |
> This idea to me is just asking for trouble, given the aformentioned |
56 |
> factors. |
57 |
|
58 |
> The need to update copyright year is already a minor burden, smoothed |
59 |
> over slightly by the fact repoman can reliably fix it on its own. |
60 |
|
61 |
> Reliably handling contribution factors however seems difficult, given |
62 |
> the stock output given by "git blame" is routinely wrong due to how or |
63 |
> workflow operates. |
64 |
|
65 |
We'll get rid of the line counting in the next iteration of the GLEP |
66 |
(to be posted soon), and replace the wording by "the original author, |
67 |
or the contributor holding copyright to the largest portion of the |
68 |
file." So there will be no need to check the accuracy of the copyright |
69 |
notice with every update of an ebuild, because it is a derived work of |
70 |
its previous version. However, the copyright notice can be updated |
71 |
when the ebuild is rewritten from scratch. |
72 |
|
73 |
> ( For example, attribution for every virtual/perl-*/*.ebuild should |
74 |
> trace back to 56bd759df1d0c750a065b8c845e93d5dfa6b549d when robbat2 |
75 |
> committed the first incarnation of those files, as there are many lines |
76 |
> that haven't changed since then, but my Git Fu doesn't know of a way to |
77 |
> reliably do this without manually implementing new tools that are |
78 |
> portage-semantics aware and do log processing, and I say that while |
79 |
> actively developing tools that scrape git fast-export to attempt to do |
80 |
> something remotely like this, but its quickly approaching the limits of |
81 |
> what can be done in a week, let alone regularly ) |
82 |
|
83 |
See above, we won't do line counting which is unreliable in any case. |
84 |
For example, someone who adds or removes a "|| die" would get |
85 |
accounted for that line. |
86 |
|
87 |
> So given that, as it stands, automating this is either: |
88 |
|
89 |
> a) hard |
90 |
> b) impossible |
91 |
|
92 |
This is obvious, but it is not our aim to automate it. |
93 |
|
94 |
> [...] |
95 |
|
96 |
> IN SUMMARY: |
97 |
|
98 |
> The nature of the proposed changes seems strongly in conflict with the |
99 |
> technology we have to use, and will produce no benefit, at the expense |
100 |
> of real problems. |
101 |
|
102 |
It is quite simple, we cannot put the Gentoo Foundation into copyright |
103 |
notices, when no copyright assignment took place. |
104 |
|
105 |
Even the requirement that every contributor must sign an FLA would not |
106 |
help us there. IIUC we still wouldn't be allowed to use Foundation |
107 |
copyright notices, because the FLA only grants a license but doesn't |
108 |
assign copyright. |
109 |
|
110 |
Ulrich |