1 |
On 06/15/2018 12:11 PM, Rich Freeman wrote: |
2 |
> On Fri, Jun 15, 2018 at 12:03 PM kuzetsa <kuzetsa@×××××.com> wrote: |
3 |
>> |
4 |
>> from: "$ man git-commit" : [...] The meaning of a |
5 |
>> signoff depends on the project, but it typically |
6 |
>> certifies that committer has the rights to submit |
7 |
>> this work [...] |
8 |
>> |
9 |
>> this is frustratingly vague (to me), but I suppose |
10 |
>> the extra metadata included in the same paragraph |
11 |
>> has a link to: https://developercertificate.org/ |
12 |
> |
13 |
> Well, we aren't using that as-is, but a modified version of this. |
14 |
> Gentoo policies aren't contained in manpages. |
15 |
> |
16 |
> The Gentoo policy is in draft GLEP 76: |
17 |
> https://gitweb.gentoo.org/data/glep.git/tree/glep-0076.rst |
18 |
> |
19 |
> (It was posted a few days ago on this list, and discussed here in |
20 |
> various forms over the last few years.) |
21 |
> |
22 |
>> ^ took me a few minutes to figure out what you meant, |
23 |
>> or where that particular quote came from: |
24 |
> |
25 |
> It came from GLEP 76 (still in draft). It is of course based on the |
26 |
> Linux DCO (which I believe is attributed in the GLEP). |
27 |
> |
28 |
>> I had never considered this, because historically, |
29 |
>> gentoo developers who use their PGP key to commit |
30 |
>> rarely use the --signoff feature when committing the |
31 |
>> submissions of a contributor, and even if they had, |
32 |
>> there's not a stable definition. |
33 |
> |
34 |
> Today they shouldn't be using --signoff, because there IS no official |
35 |
> policy. They will be required to do so once GLEP 76 is approved (this |
36 |
> will be enforced with a commit hook). |
37 |
> |
38 |
>> "some other person who certified" - does this mean the |
39 |
>> contributor needs to use their PGP key to sign or...? |
40 |
>> |
41 |
>> it would be good for gentoo to have clarity on this. |
42 |
> |
43 |
> IMO it is up to the certifier to decide what constitutes a |
44 |
> certification made by somebody else. This is necessarily outside of |
45 |
> Gentoo so to try to impose a particular mechanism would make it harder |
46 |
> to use outside code. For example, all Linux commits have a DCO |
47 |
> signoff, but these have no GPG signoffs to go with them. We wouldn't |
48 |
> want to block people from using GPL2 Linux code just because they use |
49 |
> a different mechanism to track such things. |
50 |
> |
51 |
> The Gentoo DCO is an agreement between the Gentoo committer (a Gentoo |
52 |
> dev) and Gentoo. |
53 |
> |
54 |
> That is roughly how I see it at least. |
55 |
> |
56 |
> -- |
57 |
> Rich |
58 |
> |
59 |
|
60 |
well golly. that's swell. I hadn't been keeping up with |
61 |
those details. sounds good. like real good. |
62 |
|
63 |
(I'll likely be silent for a few days. busy.) |
64 |
|
65 |
-- kuza |