Signed-off-by in Wayland and Weston projects

Bryce Harrington bryce at osg.samsung.com
Thu Oct 8 02:16:16 PDT 2015 

On Thu, Oct 08, 2015 at 10:19:21AM +0300, Pekka Paalanen wrote:
> On Thu, 8 Oct 2015 10:49:18 +0800
> Jonas Ã…dahl <jadahl at gmail.com> wrote:
> 
> > On Wed, Oct 07, 2015 at 11:05:34AM -0700, Bryce Harrington wrote:
> > > On Wed, Oct 07, 2015 at 11:21:38AM -0500, Derek Foreman wrote:
> > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > Hash: SHA1
> > > > 
> > > > On 07/10/15 02:27 AM, Pekka Paalanen wrote:
> > > > > On Tue, 06 Oct 2015 15:30:17 -0500 Derek Foreman
> > > > > <derekf at osg.samsung.com> wrote:
> > > > > 
> > > > >> Hmm, I landed this one but shouldn't have - we require
> > > > >> signed-off-by for commits.
> > > > >> 
> > > > >> Could you re-send your other two with Signed-off-by?
> > > > > 
> > > > > Hi,
> > > > > 
> > > > > I think we've been quite liberal with the S-o-b. It certainly is 
> > > > > preferred to have, but I haven't called for a re-submission in case
> > > > > it was omitted.
> > > 
> > > Same, I've ignored it when it was missing many-a-time.
> > > Although see my next comment.
> > > 
> > > > I just did a really quick check and we have just one patch in weston
> > > > with a S-o-b under a pseudonym, so even when it's been present we
> > > > haven't necessarily checked it for validity. :)
> > > > 
> > > > > Should we start consistently requiring S-o-b?
> > > > 
> > > > I've seen it asked for in patch review before, so I thought it was
> > > > already a hard requirement.
> 
> > > > > If yes, would be nice to have it mentioned in doc/Contributing with
> > > > > a link explaining what it actually means.
> > > > 
> > > > Right...
> > > > 
> > > > Even then, without GPG signing everything, how do we know a
> > > > contributor is who they claim to be and that the S-o-b is meaningful
> > > > anyway?
> 
> Let's not go there. Next you'll be asking reviewers to gpg-sign their
> R-bs and having re-sent patches with R-b to be signed by all of authors
> and reviewers to prevent forged tags...
> 
> 
> > FWIW, libinput has more strict requirements than wayland/weston
> > regarding this, but since it seems to have never been a requirement for
> > wayland/weston I guess we can continue with that.
> 
> I don't know why we should be strict with S-o-b, but then again I
> didn't understand the license thing either.
> 
> I'd be happy to be ignorant and not strictly require S-o-b, but we
> could still recommend it once in a while. S-o-b never hurts, right?

It was originally introduced due to the SCO lawsuit, as a 'Developers
Certificate of Origin', I guess in relation to patent rights stuff.

I gather it's because even if you might be the author of a given patch
you may not be the actual owner of the technology in question; by
S-o-b'ing the patch I gather it is saying that you're the legal
originator of the patch and assuring that it can be used under open
source terms.

Anyway, pretty much everything in Wayland is the original work of the
authors (or their employer) and legally clear, it seems like S-o-b for
us is largely redundant.  But like you say, can't hurt.

> How about adding a recommendation to give S-o-b in Contributing,
> including explanations, but not rejecting patches only because they
> miss a S-o-b?

Sounds good.

> In more complex cases where people pick up others patches and change
> them, the S-o-b tags with change comments in the commit message help to
> describe how the patch has evolved, giving credit where it is due.

Yep.  And it sounds like this is exactly what S-o-b were introduced
for.  So as the patch evolves it should accumulate S-o-b's from each
person that worked on it.

Bryce

More information about the wayland-devel mailing list