1 |
On Mon, 24 Oct 2016 07:45:56 -0400 |
2 |
Rich Freeman <rich0@g.o> wrote: |
3 |
|
4 |
> I don't think we need a git header for the purpose of saying that |
5 |
> something looks good to somebody else. If you commit something and it |
6 |
> doesn't work, we'll ask you to stop doing it. If you keep doing it |
7 |
> we'll take away your commit access. This is purely an internal |
8 |
> problem. |
9 |
|
10 |
The problem is that the COMMITTER and AUTHOR headers don't actually |
11 |
reflect the "I tested it and made sure its OK" metadata. |
12 |
|
13 |
If for example, a commit made to Gentoo was replicated to another |
14 |
repository by cherry-pick, the default mechanic would result in |
15 |
COMMITTER changing to the person who performed the cherry-pick. |
16 |
|
17 |
Thus, it makes the assumption that everyone who performed a COMMIT |
18 |
action or an AUTHOR action verified the nature of the commit in some |
19 |
manner. |
20 |
|
21 |
However, the AUTHOR is the least qualified to verify the commit as |
22 |
"Good". |
23 |
|
24 |
and the COMMITTER value changes arbitrarily if you try to cherry-pick or |
25 |
rebase the commit sequence. |
26 |
|
27 |
And people who rebase commit sequences are typically not firing up |
28 |
review engines for every commit they rebased. |
29 |
|
30 |
Granted, this is not a very common problem in Gentoo. |
31 |
|
32 |
But IME, this is the sort of use-case that the header is useful for. |
33 |
|
34 |
If we deem this header useless, then we should probably consider |
35 |
dropping the Portage Version and Repoman Flags headers that repoman |
36 |
adds. |
37 |
|
38 |
Because they're also made entirely irrelevant in very short times, |
39 |
because it only indicates "Authored with", it doesn't indicate anything |
40 |
that happened since then. |
41 |
|
42 |
> The purpose of a DCO is to withstand external scrutiny. It helps |
43 |
> protect Gentoo in the event that somebody else's copyrighted code |
44 |
> makes it into the distro. The audience for a signed-off-by header |
45 |
> isn't Comrel or QA, but rather a court of law. It makes it harder to |
46 |
> contribute something to Gentoo and then argue that you didn't intend |
47 |
> for Gentoo to redistribute it under the GPL, or that now that you've |
48 |
> had a falling out you'd prefer that Gentoo remove all your past |
49 |
> contributions. |
50 |
> |
51 |
> However, it has absolutely no meaning at all if it isn't 100% clear |
52 |
> what is being signed. And if we have a long history of people adding |
53 |
> the header when it doesn't mean anything legally then it will probably |
54 |
> make it harder to argue that it suddenly means something when the |
55 |
> policy changes. |
56 |
> |
57 |
> For example, suppose we institute a DCO tomorrow. Then zlg ragequits |
58 |
> in 2 years and claims he never gave us permission to redistribute his |
59 |
> code under the GPL. We point to his signed-off-by headers but he says |
60 |
> he never heard of the DCO policy and that it was just some default |
61 |
> setting in his config, and that he was adding the headers long before |
62 |
> the policy went into effect. I don't think it would stick but it |
63 |
> really isn't an out we want to give people. IMO infra should reject |
64 |
> commits with this header until we have a DCO, and then it should |
65 |
> reject commits without this header. Alternatively, we could skip the |
66 |
> first part but require all existing devs to ack the new copyright |
67 |
> policy whenever it happens. |
68 |
|
69 |
Under this interpretation, developers using this header to add other |
70 |
peoples work to tree is making our use of DCO pointless. |
71 |
|
72 |
Because DCO has to be the person who *authored* the commit, not the |
73 |
person who merely added it to tree. |
74 |
|
75 |
And Pram should stop adding it everywhere post-haste, because its |
76 |
inferring things that aren't true. |
77 |
|
78 |
But this doesn't change the fact there is a desire to communicate other |
79 |
properties of commits, like the audit trail for QA purposes. |
80 |
|
81 |
It just means we have to find some other way of doing this which is |
82 |
standard, but the stock git commands lack any such mechanism. |