1 |
Dnia September 8, 2018 2:25:03 PM UTC, Michael Orlitzky <mjo@g.o> napisał(a): |
2 |
>The Gentoo Certificate of origin says, |
3 |
> |
4 |
>> By making a contribution to this project, I certify that: |
5 |
>> |
6 |
>> 1 The contribution was created in whole or in part by me... |
7 |
>> |
8 |
>> 2 The contribution is based upon previous work that, to the best |
9 |
>of |
10 |
>> my knowledge, is covered... |
11 |
>> |
12 |
>> 3 The contribution is a license text (or a file of similar |
13 |
>nature)... |
14 |
>> |
15 |
>> 4 The contribution was provided directly to me by some other |
16 |
>person |
17 |
>> who certified (1), (2), (3), or (4), and I have not modified it. |
18 |
> |
19 |
>Do we really want to allow (4)s all the way down? |
20 |
> |
21 |
>That issue aside, I have some doubts about the usefulness of asserting |
22 |
>(4), which to me sounds like the opposite of what is intended: "someone |
23 |
>gave it to me and he said it was fine" is a weird defense. Especially |
24 |
>if |
25 |
>the name of the person doesn't appear in the sign-off. |
26 |
> |
27 |
>I realize we might not be able to do much better in the case of e.g. |
28 |
>patches from outside contributors, but shouldn't we at least record the |
29 |
>person's name in that case? If there's ever a dispute, we might need to |
30 |
>track the guy down. |
31 |
> |
32 |
>I also realize that (4) was taken directly from the DCO which |
33 |
>presumably |
34 |
>has had actual lawyers look at it, so take this with a grain of salt. |
35 |
|
36 |
We require everyone certifying that to leave a signoff, so you'd have full backtrace. |
37 |
|
38 |
-- |
39 |
Best regards, |
40 |
Michał Górny |