Use of DCO

Anthony Liguori aliguori at us.ibm.com
Wed Jan 2 19:24:01 UTC 2013 

Itamar Heim <iheim at redhat.com> writes:

> On 01/02/2013 06:27 PM, Anthony Liguori wrote:
>>
>> Hi,
>>
>> I've noticed that the various oVirt projects are not using the DCO
>> process correctly.  While contributors are adding Signed-off-by's
>> (Good), there's no Signed-off-by being added by maintainers (Bad).
>>
>> http://lwn.net/Articles/139918/
>>
>> It may seem like a minor thing, but SOB is meant to provide a chain of
>> custody and it's less effective if the certification isn't also done by
>> maintainers.
>>
>> For VDSM, I see examples like:
>>
>> commit 53c6801658a8c5e05ceb518ffd9ebfefa805fda9
>> Author: Antoni S. Puimedon <asegurap at redhat.com>
>> Date:   Tue Dec 18 22:33:39 2012 +0100
>>
>>      Fix blockSD pep8.
>>
>>      Change-Id: I2ed4ce2a5748a911f76da02f762e5bda9352b905
>>      Signed-off-by: Antoni S. Puimedon <asegurap at redhat.com>
>>      Reviewed-on: http://gerrit.ovirt.org/10213
>>      Reviewed-by: Dan Kenigsberg <danken at redhat.com>
>>
>> The last 'Reviewed-by' ought to be a 'Signed-off-by'.
>>
>> OTOH, ovirt-engine lacks any Reviewed-by tags.  For example:
>>
>> Author: Sharad Mishra <snmishra at linux.vnet.ibm.com>
>> Date:   Wed Dec 26 11:10:32 2012 -0800
>>
>>      core: removed obsolete classes vm_template_image_map_id and vm_template_imag
>>
>>      These clasees are not used anymore.
>>
>>      Change-Id: I82f0861644f155f7b6c27ba5acb3a069b6f1a8f6
>>      Signed-off-by: Sharad Mishra <snmishra at linux.vnet.ibm.com>
>>
>> I'm not sure if this is a limitation in gerrit.  I know the question has
>> come up regarding what OpenStack does.  OpenStack doesn't use DCO.  They
>> have an explicit CLA that everyone must sign before participating[1].
>> DCO eliminates the need for such an agreement (when used properly).
>>
>> [1] http://wiki.openstack.org/CLA
>>
>> Regards,
>>
>> Anthony Liguori
>>
>
> true, this isn't supported by gerrit when using fast-forward which all 
> projects use but vdsm.

I know very little about the hackability of gerrit... do you know if
this is reasonably fixable?

Does gerrit allow pre-commit hooks?  The GIT_COMMITTER_{NAME,EMAIL} bits
are being set correctly so it should be possible to add the
Signed-off-by in a hook.

> we do enforce the signed-of by for the author of the patch in gerrit.
>
> personally, i see the value of maintainer sign of for the kernel, which 
> has multiple layers of maintainers, but not for ovirt which has no 
> similar concept today.

Patches float around over time even after commit.  A good example is a
stable branch where patches are backported from master.  It's nice to
preserve the Signed-off-by history in that case.  Then you end up with
three SoBs from contributor, master maintainer, and then stable
maintainer.

> I'm fine with asking for a CLA though if it solves the issue.

I cringe at thought of trying to work out a CLA.  We should exhaust all
options with respect to following DCO properly I think before going down
that road.

Regards,

Anthony Liguori

More information about the Board mailing list