| 1 |
On Tue, Oct 25, 2016 at 9:39 PM, Kent Fredric <kentnl@g.o> wrote: |
| 2 |
> |
| 3 |
> Under this interpretation, developers using this header to add other |
| 4 |
> peoples work to tree is making our use of DCO pointless. |
| 5 |
> |
| 6 |
> Because DCO has to be the person who *authored* the commit, not the |
| 7 |
> person who merely added it to tree. |
| 8 |
|
| 9 |
That actually isn't true. Read the DCO. Clauses b/c are designed |
| 10 |
specifically for cases where the committer isn't the author. |
| 11 |
|
| 12 |
It is apparently good enough for the Linux Foundation. They don't |
| 13 |
require any direct interaction with the author of code to accept it |
| 14 |
into the kernel. They merely require that whoever submits the code |
| 15 |
makes the certification that they've done their due diligence. |
| 16 |
|
| 17 |
> |
| 18 |
> And Pram should stop adding it everywhere post-haste, because its |
| 19 |
> inferring things that aren't true. |
| 20 |
> |
| 21 |
|
| 22 |
I did suggest that we probably should ban this header until we |
| 23 |
actually have a DCO because it blurs the lines. However, it isn't |
| 24 |
really inferring something that isn't true right now because we don't |
| 25 |
assign any legal meaning to the header right now. The bigger concern |
| 26 |
is that it blurs the lines after we have a DCO because people can |
| 27 |
argue the use of the header was accidental or meant something else. |
| 28 |
|
| 29 |
Whether or not we proactively ban the header, it would probably make |
| 30 |
sense that if we do institute a new copyright policy including a DCO |
| 31 |
that we ask all devs to explicitly ack the policy and the meaning of |
| 32 |
the signed-off-by header somehow (maybe issue a gpg signed statement |
| 33 |
from a template). It could also be made a part of the ebuild quiz or |
| 34 |
such so that all new devs ack it. |
| 35 |
|
| 36 |
I don't think we need to go nuts with it. Simply getting everybody to |
| 37 |
ack the policy makes it unambiguous that people understand what the |
| 38 |
header means. |
| 39 |
|
| 40 |
But, new policy or not the DCO really represents a practice that we |
| 41 |
should all be doing already. Nobody should be sticking code in a |
| 42 |
Gentoo repository without ensuring the licenses are compatible and so |
| 43 |
on. The DCO just represents a best practice that didn't exist when |
| 44 |
Gentoo started and which most projects now embrace in some form. It |
| 45 |
isn't that we didn't care about copyright in the past, we just care |
| 46 |
enough to be a little more formal about it in the future. |
| 47 |
|
| 48 |
> But this doesn't change the fact there is a desire to communicate other |
| 49 |
> properties of commits, like the audit trail for QA purposes. |
| 50 |
|
| 51 |
Sure. The repository should always make it clear who made each |
| 52 |
commit, when, and why (with appropriate bug x-refs and so on). |
| 53 |
Ideally it should somehow capture both who authored the code and who |
| 54 |
put it into the repository. I think for the most part we're already |
| 55 |
doing all of this, but I'm sure there is room for improvement (having |
| 56 |
a bug header in the default repoman commit template probably wouldn't |
| 57 |
hurt - then they all look the same and you can always delete it or |
| 58 |
leave it blank if it doesn't apply). |
| 59 |
|
| 60 |
-- |
| 61 |
Rich |
Archives