| 1 |
On Mon, Oct 24, 2016 at 3:21 AM, Daniel Campbell (zlg) <zlg@g.o> wrote: |
| 2 |
> |
| 3 |
> On October 23, 2016 11:29:49 PM PDT, "Michał Górny" <mgorny@g.o> wrote: |
| 4 |
>>Dnia 24 października 2016 07:32:26 CEST, Daniel Campbell |
| 5 |
>><zlg@g.o> napisał(a): |
| 6 |
>>>On 10/19/2016 02:10 AM, Ulrich Mueller wrote: |
| 7 |
>>>> Maybe I have missed something, but why would one use --signoff for |
| 8 |
>>>> a Gentoo commit? |
| 9 |
>>>> |
| 10 |
>>>> For Linux (the kernel), the meaning of the line is that the |
| 11 |
>>>> contributor certifies the DCO (Developer's Certificate of Origin) |
| 12 |
>>>[1]. |
| 13 |
>>>> As we don't have a Gentoo DCO, it is not at all clear to me what the |
| 14 |
>>>> meaning of a Signed-off-by: line would be in the context of the |
| 15 |
>>>gentoo |
| 16 |
>>>> tree. |
| 17 |
>>>> |
| 18 |
>>>> Even worse, I see commits having Signed-off-by: lines with obvious |
| 19 |
>>>> pseudonyms instead of a real name, which would be meaningless even |
| 20 |
>>if |
| 21 |
>>>> one would say that the Linux rules apply. (Also, we have the rule |
| 22 |
>>>that |
| 23 |
>>>> real names must be provided for all developers, with no exceptions |
| 24 |
>>to |
| 25 |
>>>> be made for people doing copyrightable work [2].) |
| 26 |
>>>> |
| 27 |
>>>> [1] |
| 28 |
>>>http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/SubmittingPatches?id=dca22a63fd036c3ebb50212060eba0080f178126#n428 |
| 29 |
>>>> [2] |
| 30 |
>>>https://wiki.gentoo.org/wiki/Project:Recruiters#What_does_the_recruitment_process_involve.3F |
| 31 |
>>>> |
| 32 |
>>>The way I understood "signed off by" for Gentoo is "I am a developer |
| 33 |
>>>who |
| 34 |
>>>looked at the code and tested it, confirming it works on my system". |
| 35 |
>>If |
| 36 |
>>>an AT signs off, they are certifying that it passes their test muster. |
| 37 |
>>> |
| 38 |
>>>It's a more formal "looks good to me", and provides a point of |
| 39 |
>>>accountability if the commit _isn't_ up to par. |
| 40 |
>> |
| 41 |
>>How about Gentoo developers stopping to reuse things that have |
| 42 |
>>well-defined meaning for something completely different? |
| 43 |
> |
| 44 |
> I did say "to my understanding". I wasn't aware of DCOs. Regardless, practices and workflows differ between projects, and it doesn't surprise me to see projects that use the same words differently. Not that we should, of course. What would you call what I decribed, though; Acked? |
| 45 |
|
| 46 |
I don't think we need a git header for the purpose of saying that |
| 47 |
something looks good to somebody else. If you commit something and it |
| 48 |
doesn't work, we'll ask you to stop doing it. If you keep doing it |
| 49 |
we'll take away your commit access. This is purely an internal |
| 50 |
problem. |
| 51 |
|
| 52 |
The purpose of a DCO is to withstand external scrutiny. It helps |
| 53 |
protect Gentoo in the event that somebody else's copyrighted code |
| 54 |
makes it into the distro. The audience for a signed-off-by header |
| 55 |
isn't Comrel or QA, but rather a court of law. It makes it harder to |
| 56 |
contribute something to Gentoo and then argue that you didn't intend |
| 57 |
for Gentoo to redistribute it under the GPL, or that now that you've |
| 58 |
had a falling out you'd prefer that Gentoo remove all your past |
| 59 |
contributions. |
| 60 |
|
| 61 |
However, it has absolutely no meaning at all if it isn't 100% clear |
| 62 |
what is being signed. And if we have a long history of people adding |
| 63 |
the header when it doesn't mean anything legally then it will probably |
| 64 |
make it harder to argue that it suddenly means something when the |
| 65 |
policy changes. |
| 66 |
|
| 67 |
For example, suppose we institute a DCO tomorrow. Then zlg ragequits |
| 68 |
in 2 years and claims he never gave us permission to redistribute his |
| 69 |
code under the GPL. We point to his signed-off-by headers but he says |
| 70 |
he never heard of the DCO policy and that it was just some default |
| 71 |
setting in his config, and that he was adding the headers long before |
| 72 |
the policy went into effect. I don't think it would stick but it |
| 73 |
really isn't an out we want to give people. IMO infra should reject |
| 74 |
commits with this header until we have a DCO, and then it should |
| 75 |
reject commits without this header. Alternatively, we could skip the |
| 76 |
first part but require all existing devs to ack the new copyright |
| 77 |
policy whenever it happens. |
| 78 |
|
| 79 |
-- |
| 80 |
Rich |
Archives