Signed-off-by in Wayland and Weston projects

[Pekka Paalanen]

On Thu, 8 Oct 2015 10:49:18 +0800
Jonas Ådahl <jadahl at gmail.com> wrote:

> On Wed, Oct 07, 2015 at 11:05:34AM -0700, Bryce Harrington wrote:
> > On Wed, Oct 07, 2015 at 11:21:38AM -0500, Derek Foreman wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > > 
> > > On 07/10/15 02:27 AM, Pekka Paalanen wrote:
> > > > On Tue, 06 Oct 2015 15:30:17 -0500 Derek Foreman
> > > > <derekf at osg.samsung.com> wrote:
> > > > 
> > > >> Hmm, I landed this one but shouldn't have - we require
> > > >> signed-off-by for commits.
> > > >> 
> > > >> Could you re-send your other two with Signed-off-by?
> > > > 
> > > > Hi,
> > > > 
> > > > I think we've been quite liberal with the S-o-b. It certainly is 
> > > > preferred to have, but I haven't called for a re-submission in case
> > > > it was omitted.
> > 
> > Same, I've ignored it when it was missing many-a-time.
> > Although see my next comment.
> > 
> > > I just did a really quick check and we have just one patch in weston
> > > with a S-o-b under a pseudonym, so even when it's been present we
> > > haven't necessarily checked it for validity. :)
> > > 
> > > > Should we start consistently requiring S-o-b?
> > > 
> > > I've seen it asked for in patch review before, so I thought it was
> > > already a hard requirement.

> > > > If yes, would be nice to have it mentioned in doc/Contributing with
> > > > a link explaining what it actually means.
> > > 
> > > Right...
> > > 
> > > Even then, without GPG signing everything, how do we know a
> > > contributor is who they claim to be and that the S-o-b is meaningful
> > > anyway?

Let's not go there. Next you'll be asking reviewers to gpg-sign their
R-bs and having re-sent patches with R-b to be signed by all of authors
and reviewers to prevent forged tags...


> FWIW, libinput has more strict requirements than wayland/weston
> regarding this, but since it seems to have never been a requirement for
> wayland/weston I guess we can continue with that.

I don't know why we should be strict with S-o-b, but then again I
didn't understand the license thing either.

I'd be happy to be ignorant and not strictly require S-o-b, but we
could still recommend it once in a while. S-o-b never hurts, right?

How about adding a recommendation to give S-o-b in Contributing,
including explanations, but not rejecting patches only because they
miss a S-o-b?

In more complex cases where people pick up others patches and change
them, the S-o-b tags with change comments in the commit message help to
describe how the patch has evolved, giving credit where it is due.


Thanks,
pq
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 811 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/wayland-devel/attachments/20151008/155eec7a/attachment-0001.sig>