| 1 |
On 06/15/2018 12:11 PM, Rich Freeman wrote: |
| 2 |
> On Fri, Jun 15, 2018 at 12:03 PM kuzetsa <kuzetsa@×××××.com> wrote: |
| 3 |
>> |
| 4 |
>> from: "$ man git-commit" : [...] The meaning of a |
| 5 |
>> signoff depends on the project, but it typically |
| 6 |
>> certifies that committer has the rights to submit |
| 7 |
>> this work [...] |
| 8 |
>> |
| 9 |
>> this is frustratingly vague (to me), but I suppose |
| 10 |
>> the extra metadata included in the same paragraph |
| 11 |
>> has a link to: https://developercertificate.org/ |
| 12 |
> |
| 13 |
> Well, we aren't using that as-is, but a modified version of this. |
| 14 |
> Gentoo policies aren't contained in manpages. |
| 15 |
> |
| 16 |
> The Gentoo policy is in draft GLEP 76: |
| 17 |
> https://gitweb.gentoo.org/data/glep.git/tree/glep-0076.rst |
| 18 |
> |
| 19 |
> (It was posted a few days ago on this list, and discussed here in |
| 20 |
> various forms over the last few years.) |
| 21 |
> |
| 22 |
>> ^ took me a few minutes to figure out what you meant, |
| 23 |
>> or where that particular quote came from: |
| 24 |
> |
| 25 |
> It came from GLEP 76 (still in draft). It is of course based on the |
| 26 |
> Linux DCO (which I believe is attributed in the GLEP). |
| 27 |
> |
| 28 |
>> I had never considered this, because historically, |
| 29 |
>> gentoo developers who use their PGP key to commit |
| 30 |
>> rarely use the --signoff feature when committing the |
| 31 |
>> submissions of a contributor, and even if they had, |
| 32 |
>> there's not a stable definition. |
| 33 |
> |
| 34 |
> Today they shouldn't be using --signoff, because there IS no official |
| 35 |
> policy. They will be required to do so once GLEP 76 is approved (this |
| 36 |
> will be enforced with a commit hook). |
| 37 |
> |
| 38 |
>> "some other person who certified" - does this mean the |
| 39 |
>> contributor needs to use their PGP key to sign or...? |
| 40 |
>> |
| 41 |
>> it would be good for gentoo to have clarity on this. |
| 42 |
> |
| 43 |
> IMO it is up to the certifier to decide what constitutes a |
| 44 |
> certification made by somebody else. This is necessarily outside of |
| 45 |
> Gentoo so to try to impose a particular mechanism would make it harder |
| 46 |
> to use outside code. For example, all Linux commits have a DCO |
| 47 |
> signoff, but these have no GPG signoffs to go with them. We wouldn't |
| 48 |
> want to block people from using GPL2 Linux code just because they use |
| 49 |
> a different mechanism to track such things. |
| 50 |
> |
| 51 |
> The Gentoo DCO is an agreement between the Gentoo committer (a Gentoo |
| 52 |
> dev) and Gentoo. |
| 53 |
> |
| 54 |
> That is roughly how I see it at least. |
| 55 |
> |
| 56 |
> -- |
| 57 |
> Rich |
| 58 |
> |
| 59 |
|
| 60 |
well golly. that's swell. I hadn't been keeping up with |
| 61 |
those details. sounds good. like real good. |
| 62 |
|
| 63 |
(I'll likely be silent for a few days. busy.) |
| 64 |
|
| 65 |
-- kuza |
Archives