| 1 |
Dnia September 8, 2018 2:25:03 PM UTC, Michael Orlitzky <mjo@g.o> napisał(a): |
| 2 |
>The Gentoo Certificate of origin says, |
| 3 |
> |
| 4 |
>> By making a contribution to this project, I certify that: |
| 5 |
>> |
| 6 |
>> 1 The contribution was created in whole or in part by me... |
| 7 |
>> |
| 8 |
>> 2 The contribution is based upon previous work that, to the best |
| 9 |
>of |
| 10 |
>> my knowledge, is covered... |
| 11 |
>> |
| 12 |
>> 3 The contribution is a license text (or a file of similar |
| 13 |
>nature)... |
| 14 |
>> |
| 15 |
>> 4 The contribution was provided directly to me by some other |
| 16 |
>person |
| 17 |
>> who certified (1), (2), (3), or (4), and I have not modified it. |
| 18 |
> |
| 19 |
>Do we really want to allow (4)s all the way down? |
| 20 |
> |
| 21 |
>That issue aside, I have some doubts about the usefulness of asserting |
| 22 |
>(4), which to me sounds like the opposite of what is intended: "someone |
| 23 |
>gave it to me and he said it was fine" is a weird defense. Especially |
| 24 |
>if |
| 25 |
>the name of the person doesn't appear in the sign-off. |
| 26 |
> |
| 27 |
>I realize we might not be able to do much better in the case of e.g. |
| 28 |
>patches from outside contributors, but shouldn't we at least record the |
| 29 |
>person's name in that case? If there's ever a dispute, we might need to |
| 30 |
>track the guy down. |
| 31 |
> |
| 32 |
>I also realize that (4) was taken directly from the DCO which |
| 33 |
>presumably |
| 34 |
>has had actual lawyers look at it, so take this with a grain of salt. |
| 35 |
|
| 36 |
We require everyone certifying that to leave a signoff, so you'd have full backtrace. |
| 37 |
|
| 38 |
-- |
| 39 |
Best regards, |
| 40 |
Michał Górny |
Archives