1 |
On Fri, Jun 15, 2018 at 10:55 AM kuzetsa <kuzetsa@×××××.com> wrote: |
2 |
> |
3 |
> "Gentoo Developer's Certificate of Origin" - shouldn't |
4 |
> the author / contributor themselves be involved in this? |
5 |
> |
6 |
|
7 |
It already requires this. The committer would have to certify: |
8 |
|
9 |
" (4) The contribution was provided directly to me by some other person |
10 |
who certified (1), (2), (3), or (4), and I have not modified it." |
11 |
|
12 |
(or one of the other items in the list, if they did modify it) |
13 |
|
14 |
Ultimately the committer is the person Gentoo has a relationship with, |
15 |
so they need to make the certification when they make the commit, even |
16 |
if it is just certifying that somebody else certified it. |
17 |
|
18 |
This goes along with something Thomas said earlier - ultimately the |
19 |
committers are responsible for what they commit. There really isn't a |
20 |
sane alternative since the whole reason we try to control our |
21 |
committers is to ensure that things don't end up in the repository |
22 |
which shouldn't be there. This isn't diminishing the value of 3rd |
23 |
party contributors - but simply affirming the value-add of having |
24 |
somebody we know actually look at what is being contributed. That |
25 |
includes the copyright/license and not just the code. After all, all |
26 |
this stuff ends up on all our users's systems so we want to protect |
27 |
them as well as ourselves. Users already have the freedom to use any |
28 |
overlays they wish if they value these things differently. |
29 |
|
30 |
-- |
31 |
Rich |