Signed-off-by in Wayland and Weston projects
Bryce Harrington
bryce at osg.samsung.com
Wed Oct 7 11:05:34 PDT 2015
On Wed, Oct 07, 2015 at 11:21:38AM -0500, Derek Foreman wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 07/10/15 02:27 AM, Pekka Paalanen wrote:
> > On Tue, 06 Oct 2015 15:30:17 -0500 Derek Foreman
> > <derekf at osg.samsung.com> wrote:
> >
> >> Hmm, I landed this one but shouldn't have - we require
> >> signed-off-by for commits.
> >>
> >> Could you re-send your other two with Signed-off-by?
> >
> > Hi,
> >
> > I think we've been quite liberal with the S-o-b. It certainly is
> > preferred to have, but I haven't called for a re-submission in case
> > it was omitted.
Same, I've ignored it when it was missing many-a-time.
Although see my next comment.
> I just did a really quick check and we have just one patch in weston
> with a S-o-b under a pseudonym, so even when it's been present we
> haven't necessarily checked it for validity. :)
>
> > Should we start consistently requiring S-o-b?
>
> I've seen it asked for in patch review before, so I thought it was
> already a hard requirement.
>
> When I started contributing someone told me I had to S-o-b all my
> patches, but I can't remember who it was.
I seem to recall Samsung requires (or strongly recommends) you and I to
S-O-B patches using our Samsung address. I would certainly flag this
during a new employee's ramp up, so wouldn't surprise me if in your
described situation I'd been that reviewer...
If that's the case, then yeah don't worry about it for anyone !samsung.
> If we don't strictly require it, I'd love to land 61060 before it bit
> rots all to pieces again. :)
IIRC, s-o-b was introduced back when Linux was being attacked by that
patent troll, as a way for IP ownership accountability or some such.
I know that's only one part of the rationale for it, but that bit may
not be all that big of a worry for Wayland.
Bit rot, on the other hand, now there's a real problem. :-)
> > If yes, would be nice to have it mentioned in doc/Contributing with
> > a link explaining what it actually means.
>
> Right...
>
> Even then, without GPG signing everything, how do we know a
> contributor is who they claim to be and that the S-o-b is meaningful
> anyway?
How do we know your dog didn't get his paws on your GPG key when you
weren't looking? ;-)
> That said, I'd love to have absolutely nothing to do with this policy
> decision, and will happily enforce whatever requirements others decide o
> n.
>
> I just hope they don't make contributing any harder than it already is.
> :)
Hey, if your dog can do it...
Bryce
> > Thanks, pq
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEbBAEBAgAGBQJWFUaSAAoJEF5USY5pfxHXz68H+O69t4vaHsH27JzDvINKhX9H
> VMF7WW+ZyHXBLMozgXa1TjkOcRwQ3to+wEok2t8inxhvqZSd96SiwVnuvFGAo7Zd
> Ci2ovnJshG8rJM1cVCmEhb0MTu4yWuq7xhArVn5zhnh3lSaay4lCFEJ8nfzBe9tb
> 2iw8QvVozfnOqQprvb5ZJSI+nOv+4t0U2A4qF3+pOZVTr6TwCuns5HJ7SzgC9Kqa
> XhRkSPk1pak77ZB98ihwMFGky0NHq5Wx5kC8McskxlehZjnPFGsCZPcWEb4wVk6Q
> 4b8pvJLVuM9Z/u00SalUkXQEhNG3YG1JPhf1NQpfmvw2nj8QQB47DpDcIzXfoQ==
> =vbUH
> -----END PGP SIGNATURE-----
More information about the wayland-devel
mailing list