1 |
>>>>> On Sat, 08 Sep 2018, Michael Orlitzky wrote: |
2 |
|
3 |
> The Gentoo Certificate of origin says, |
4 |
>> By making a contribution to this project, I certify that: |
5 |
>> |
6 |
>> 1 The contribution was created in whole or in part by me... |
7 |
>> |
8 |
>> 2 The contribution is based upon previous work that, to the best of |
9 |
>> my knowledge, is covered... |
10 |
>> |
11 |
>> 3 The contribution is a license text (or a file of similar nature)... |
12 |
>> |
13 |
>> 4 The contribution was provided directly to me by some other person |
14 |
>> who certified (1), (2), (3), or (4), and I have not modified it. |
15 |
|
16 |
> Do we really want to allow (4)s all the way down? |
17 |
|
18 |
> That issue aside, I have some doubts about the usefulness of asserting |
19 |
> (4), which to me sounds like the opposite of what is intended: "someone |
20 |
> gave it to me and he said it was fine" is a weird defense. Especially if |
21 |
> the name of the person doesn't appear in the sign-off. |
22 |
|
23 |
If you certify 4., the commit should already carry a Signed-off-by line |
24 |
with that other person's name. If not, you must certify it with one of |
25 |
the other clauses (presumably, 2.). |
26 |
|
27 |
> I realize we might not be able to do much better in the case of e.g. |
28 |
> patches from outside contributors, but shouldn't we at least record the |
29 |
> person's name in that case? |
30 |
|
31 |
Yes, the idea is that either there is a chain of Signed-off-by lines, or |
32 |
(if not) that the committer has the responsibility that the contribution |
33 |
is under a free software license. |
34 |
|
35 |
Realistically, I won't expect our certification chains to have normally |
36 |
more than two S-o-b lines (like proxied committer and proxy committer). |
37 |
|
38 |
> If there's ever a dispute, we might need to track the guy down. |
39 |
|
40 |
We can also see it more positively, the name should be there to give |
41 |
credit to the right person. :) |
42 |
|
43 |
> I also realize that (4) was taken directly from the DCO which presumably |
44 |
> has had actual lawyers look at it, so take this with a grain of salt. |
45 |
|
46 |
Ulrich |