1 |
The Gentoo Certificate of origin says, |
2 |
|
3 |
> By making a contribution to this project, I certify that: |
4 |
> |
5 |
> 1 The contribution was created in whole or in part by me... |
6 |
> |
7 |
> 2 The contribution is based upon previous work that, to the best of |
8 |
> my knowledge, is covered... |
9 |
> |
10 |
> 3 The contribution is a license text (or a file of similar nature)... |
11 |
> |
12 |
> 4 The contribution was provided directly to me by some other person |
13 |
> who certified (1), (2), (3), or (4), and I have not modified it. |
14 |
|
15 |
Do we really want to allow (4)s all the way down? |
16 |
|
17 |
That issue aside, I have some doubts about the usefulness of asserting |
18 |
(4), which to me sounds like the opposite of what is intended: "someone |
19 |
gave it to me and he said it was fine" is a weird defense. Especially if |
20 |
the name of the person doesn't appear in the sign-off. |
21 |
|
22 |
I realize we might not be able to do much better in the case of e.g. |
23 |
patches from outside contributors, but shouldn't we at least record the |
24 |
person's name in that case? If there's ever a dispute, we might need to |
25 |
track the guy down. |
26 |
|
27 |
I also realize that (4) was taken directly from the DCO which presumably |
28 |
has had actual lawyers look at it, so take this with a grain of salt. |