Gentoo Archives: gentoo-project

From: Sam James <sam@g.o>
To: gentoo-project@l.g.o
Cc: Joonas Niilola <juippis@g.o>
Subject: Re: [gentoo-project] [RFC] glep-0076: add clarification about the sign-off requirements
Date: Wed, 28 Jul 2021 04:29:21
Message-Id: 178DD728-6A34-4027-9E73-524022368909@gentoo.org
In Reply to: [gentoo-project] [RFC] glep-0076: add clarification about the sign-off requirements by Joonas Niilola
1 > On 28 Jul 2021, at 05:07, Joonas Niilola <juippis@g.o> wrote:
2 >
3 > Summary:
4 > Make it clearer that a sign-off to a git commit is only required from
5 > the committer, not from the author. It's only encouraged for the
6 > authors.
7 >
8
9 Big thanks for working on this. It seems reasonable to me and you know
10 that I've got strong feelings on including more contributors -- as have you!
11
12 I have some thoughts I've outlined below about _possible_ clarifications
13 we could make, but they're not objections to this as-is.
14
15 For the benefit of the archive/anyone who isn't caught up:
16 it may be worth reading robbat2's thread for additional context/thoughts/
17 discussion on this [0].
18
19 > Rationale:
20 > 1. We're actively rejecting contributions from people who do not wish to
21 > have their real name shown in public, or link it to their Git*
22 > accounts.
23 >
24
25 This has been a matter of complaint from contributors, often wanting to make
26 trivial or small changes for quite some time, and is the real motivation
27 for me in wanting to see a change.
28
29 > 2. We have no way of knowing or confirming whether the given name is
30 > "legal". I'd rather not have the sign-off from the author in the first
31 > place than see clearly made up names in there, with a fresh-made Git*
32 > account with no prior activity.
33 >
34
35 Maybe we could add that developers should drop signoffs from people
36 with pseudonyms (I'm thinking where the contributor freely admits such,
37 not where we're guessing - in case it's added accidentally or out of habit,
38 etc).
39
40 I understand if you'd rather not get into that, but I was thinking
41 this would be useful to avoid having the debates in future if someone
42 ends up retaining it. I'd like to know if I should be dropping it in such cases,
43 but maybe we can just reach that via consensus on the ML.
44
45 Just a thought.
46
47 > 3. Recently we've had a couple of cases where our long-standing
48 > contributors, with ~300 commits in total, reveal they've been using
49 > pseudonyms. I'm sure there are many others. AFAIK all their commits
50 > should then be revoked, and possibly future contributions rejected
51 > due to trust issues?
52
53 I don't think that's written down anywhere and part of the problem
54 is that at least in the UK, AFAIK, if it's a name you're legitimately using,
55 it's yours -- even if you weren't born with it, and so on.
56
57 So, my point is, even if a contributor is trying to be honest with us,
58 it doesn't mean we can assume anything about the validity of past statements.
59
60 But again, not looking to get into that either way. I'm generally happy
61 people have felt comfortable enough to be honest with us knowing
62 the potential risks.
63
64 >
65 > 4. As said, there are already devs committing work from people we
66 > know to have made-up names. And/or there are devs committing patches
67 > without the sign-off to begin with.
68 >
69
70 Yep. I think the worst thing for everybody is when developers end up committing
71 as themselves but note the patch is from XYZ because it just makes the git
72 history slightly less useful. It doesn't change the contribution at all.
73
74 > 5. The infra git-hooks currently only check for a matching sign-off
75 > from the committer anyway.
76 >
77 > Final words:
78 > So currently, this GLEP can be interpreted in two different ways: the
79 > sign-off is and isn't required from the author. This does harm
80 > towards contributors who work with devs who do require the sign-off
81 > from the author, and thus the GLEP needs to be updated and enforced
82 > one way or the other. I vote what benefits our contributors, and
83 > therefore us, better.
84
85 +1.
86
87 >
88 > Signed-off-by: Joonas Niilola <juippis@g.o>
89 > ---
90 > [snip]
91
92 [0] https://archives.gentoo.org/gentoo-project/message/26d68349541e4db54a93edf57d6e7404
93
94 best,
95 sam

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-project] [RFC] glep-0076: add clarification about the sign-off requirements Emily Rowlands <emily.rowlands+gentoo@×××××××.org>