1 |
On Tue, Oct 25, 2016 at 9:39 PM, Kent Fredric <kentnl@g.o> wrote: |
2 |
> |
3 |
> Under this interpretation, developers using this header to add other |
4 |
> peoples work to tree is making our use of DCO pointless. |
5 |
> |
6 |
> Because DCO has to be the person who *authored* the commit, not the |
7 |
> person who merely added it to tree. |
8 |
|
9 |
That actually isn't true. Read the DCO. Clauses b/c are designed |
10 |
specifically for cases where the committer isn't the author. |
11 |
|
12 |
It is apparently good enough for the Linux Foundation. They don't |
13 |
require any direct interaction with the author of code to accept it |
14 |
into the kernel. They merely require that whoever submits the code |
15 |
makes the certification that they've done their due diligence. |
16 |
|
17 |
> |
18 |
> And Pram should stop adding it everywhere post-haste, because its |
19 |
> inferring things that aren't true. |
20 |
> |
21 |
|
22 |
I did suggest that we probably should ban this header until we |
23 |
actually have a DCO because it blurs the lines. However, it isn't |
24 |
really inferring something that isn't true right now because we don't |
25 |
assign any legal meaning to the header right now. The bigger concern |
26 |
is that it blurs the lines after we have a DCO because people can |
27 |
argue the use of the header was accidental or meant something else. |
28 |
|
29 |
Whether or not we proactively ban the header, it would probably make |
30 |
sense that if we do institute a new copyright policy including a DCO |
31 |
that we ask all devs to explicitly ack the policy and the meaning of |
32 |
the signed-off-by header somehow (maybe issue a gpg signed statement |
33 |
from a template). It could also be made a part of the ebuild quiz or |
34 |
such so that all new devs ack it. |
35 |
|
36 |
I don't think we need to go nuts with it. Simply getting everybody to |
37 |
ack the policy makes it unambiguous that people understand what the |
38 |
header means. |
39 |
|
40 |
But, new policy or not the DCO really represents a practice that we |
41 |
should all be doing already. Nobody should be sticking code in a |
42 |
Gentoo repository without ensuring the licenses are compatible and so |
43 |
on. The DCO just represents a best practice that didn't exist when |
44 |
Gentoo started and which most projects now embrace in some form. It |
45 |
isn't that we didn't care about copyright in the past, we just care |
46 |
enough to be a little more formal about it in the future. |
47 |
|
48 |
> But this doesn't change the fact there is a desire to communicate other |
49 |
> properties of commits, like the audit trail for QA purposes. |
50 |
|
51 |
Sure. The repository should always make it clear who made each |
52 |
commit, when, and why (with appropriate bug x-refs and so on). |
53 |
Ideally it should somehow capture both who authored the code and who |
54 |
put it into the repository. I think for the most part we're already |
55 |
doing all of this, but I'm sure there is room for improvement (having |
56 |
a bug header in the default repoman commit template probably wouldn't |
57 |
hurt - then they all look the same and you can always delete it or |
58 |
leave it blank if it doesn't apply). |
59 |
|
60 |
-- |
61 |
Rich |