| 1 |
On Fri, Jun 15, 2018 at 12:03 PM kuzetsa <kuzetsa@×××××.com> wrote: |
| 2 |
> |
| 3 |
> from: "$ man git-commit" : [...] The meaning of a |
| 4 |
> signoff depends on the project, but it typically |
| 5 |
> certifies that committer has the rights to submit |
| 6 |
> this work [...] |
| 7 |
> |
| 8 |
> this is frustratingly vague (to me), but I suppose |
| 9 |
> the extra metadata included in the same paragraph |
| 10 |
> has a link to: https://developercertificate.org/ |
| 11 |
|
| 12 |
Well, we aren't using that as-is, but a modified version of this. |
| 13 |
Gentoo policies aren't contained in manpages. |
| 14 |
|
| 15 |
The Gentoo policy is in draft GLEP 76: |
| 16 |
https://gitweb.gentoo.org/data/glep.git/tree/glep-0076.rst |
| 17 |
|
| 18 |
(It was posted a few days ago on this list, and discussed here in |
| 19 |
various forms over the last few years.) |
| 20 |
|
| 21 |
> ^ took me a few minutes to figure out what you meant, |
| 22 |
> or where that particular quote came from: |
| 23 |
|
| 24 |
It came from GLEP 76 (still in draft). It is of course based on the |
| 25 |
Linux DCO (which I believe is attributed in the GLEP). |
| 26 |
|
| 27 |
> I had never considered this, because historically, |
| 28 |
> gentoo developers who use their PGP key to commit |
| 29 |
> rarely use the --signoff feature when committing the |
| 30 |
> submissions of a contributor, and even if they had, |
| 31 |
> there's not a stable definition. |
| 32 |
|
| 33 |
Today they shouldn't be using --signoff, because there IS no official |
| 34 |
policy. They will be required to do so once GLEP 76 is approved (this |
| 35 |
will be enforced with a commit hook). |
| 36 |
|
| 37 |
> "some other person who certified" - does this mean the |
| 38 |
> contributor needs to use their PGP key to sign or...? |
| 39 |
> |
| 40 |
> it would be good for gentoo to have clarity on this. |
| 41 |
|
| 42 |
IMO it is up to the certifier to decide what constitutes a |
| 43 |
certification made by somebody else. This is necessarily outside of |
| 44 |
Gentoo so to try to impose a particular mechanism would make it harder |
| 45 |
to use outside code. For example, all Linux commits have a DCO |
| 46 |
signoff, but these have no GPG signoffs to go with them. We wouldn't |
| 47 |
want to block people from using GPL2 Linux code just because they use |
| 48 |
a different mechanism to track such things. |
| 49 |
|
| 50 |
The Gentoo DCO is an agreement between the Gentoo committer (a Gentoo |
| 51 |
dev) and Gentoo. |
| 52 |
|
| 53 |
That is roughly how I see it at least. |
| 54 |
|
| 55 |
-- |
| 56 |
Rich |
Archives