1 |
On Mon, Jun 25, 2018 at 11:53 AM Denis Dupeyron <calchan@g.o> wrote: |
2 |
> |
3 |
> I want to note here that if this comes into effect, and becomes |
4 |
> mandatory, some critical pieces of Gentoo would go unmaintained for |
5 |
> months, if not longer and possibly indefinitely, until the employer of |
6 |
> the maintainers allows them to sign whatever it is you would require. |
7 |
|
8 |
Just to get you to elaborate a bit more: is this a concern with the |
9 |
Gentoo DCO in particular, or any requirement to sign off on anything? |
10 |
|
11 |
It is probably worth nothing that the DCO (either upstream's or |
12 |
Gentoo's) is just an affirmation of compliance. It doesn't actually |
13 |
have any binding statements on the signer. You aren't signing away |
14 |
any rights or accepting any restrictions, and it doesn't constitute a |
15 |
contract as far as I can tell. It is merely a statement of fact about |
16 |
a commit. |
17 |
|
18 |
That said, part of me does wonder as such whether we're just as |
19 |
covered by a policy that requires all commits be redistributable, |
20 |
training all developers in it, and leaving it at that. That would |
21 |
basically be the status quo, and I don't think anybody is going to |
22 |
object to a policy that says only stuff we can legally distribute goes |
23 |
in the repos. That really isn't any more restrictive than our general |
24 |
social contract. |
25 |
|
26 |
Ultimately this is all just reasonable care. Somebody can add a |
27 |
signed-off-by without reading the DCO just as they can do a commit |
28 |
without reading our policy on what is allowed to be committed. Is the |
29 |
one standard truly any more defensible than the other? |
30 |
|
31 |
-- |
32 |
Rich |