Use of DCO

Anthony Liguori aliguori at us.ibm.com
Thu Jan 3 13:59:48 UTC 2013 

Dave Neary <dneary at redhat.com> writes:

> Hi Anthony,
>
> For the uninitiated is DCO = Developer Certificate of Origin?

Correct.

>
> I am not sure whether oVirt has a formal process similar to the kernel's 
> for this. Signed-off-by in oVirt probably doesn't carry the same baggage 
> for maintainers as it does for the kernel.
>
> For everyone else: this involved developers being asked, and at least 
> verbally affirming, that they have written the patch themselves and have 
> the rights required to publish their work under the relevant license.
>
> A CLA gets around this by having an explicit Contributor Licensing 
> Agreement where developers explicitly grant a license to some entity 
> (usually the project's sponsoring entity or a non-profit supporting the 
> project).
>
> Both Mozilla and the Kernel, and several other projects, have avoided a 
> CLA for a number of reasons - if you're aiming for a diverse developer 
> base (as we are in oVirt) this can slow down adoption and participation 
> by 3rd parties. For that reason, I would not encourage the adoption of a 
> CLA for oVirt.

Agreed.

> On the other hand, ensuring we have the right to ship the 
> code which is submitted to us is a good idea - and pushing the 
> responsibility for asking to the maintainers integrating the code 
> upstream is reasonable. How we do that is an implementation detail - we 
> could of course "hack" SOB as the kernel has done to mean "I've checked 
> and this is fine". It is important to realise that using SOB for this 
> purpose is convention - a process hack, rather than something inate in 
> SOB: http://elinux.org/Developer_Certificate_Of_Origin

The reason I started the thread is to clarify what the process is for
oVirt.  I'd certainly prefer it to be what's commonly accepted as DCO
but what's important is for the process to be documented clearly and
followed correctly.

I really think there's a lot of value is not inventing something new so
I think we should make every attempt to follow DCO as it's commonly
implemented.

Regards,

Anthony Liguori

>
> Cheers,
> Dave.
>
> On 01/02/2013 05:27 PM, Anthony Liguori wrote:
>>
>> Hi,
>>
>> I've noticed that the various oVirt projects are not using the DCO
>> process correctly.  While contributors are adding Signed-off-by's
>> (Good), there's no Signed-off-by being added by maintainers (Bad).
>>
>> http://lwn.net/Articles/139918/
>>
>> It may seem like a minor thing, but SOB is meant to provide a chain of
>> custody and it's less effective if the certification isn't also done by
>> maintainers.
>>
>> For VDSM, I see examples like:
>>
>> commit 53c6801658a8c5e05ceb518ffd9ebfefa805fda9
>> Author: Antoni S. Puimedon <asegurap at redhat.com>
>> Date:   Tue Dec 18 22:33:39 2012 +0100
>>
>>      Fix blockSD pep8.
>>
>>      Change-Id: I2ed4ce2a5748a911f76da02f762e5bda9352b905
>>      Signed-off-by: Antoni S. Puimedon <asegurap at redhat.com>
>>      Reviewed-on: http://gerrit.ovirt.org/10213
>>      Reviewed-by: Dan Kenigsberg <danken at redhat.com>
>>
>> The last 'Reviewed-by' ought to be a 'Signed-off-by'.
>>
>> OTOH, ovirt-engine lacks any Reviewed-by tags.  For example:
>>
>> Author: Sharad Mishra <snmishra at linux.vnet.ibm.com>
>> Date:   Wed Dec 26 11:10:32 2012 -0800
>>
>>      core: removed obsolete classes vm_template_image_map_id and vm_template_imag
>>
>>      These clasees are not used anymore.
>>
>>      Change-Id: I82f0861644f155f7b6c27ba5acb3a069b6f1a8f6
>>      Signed-off-by: Sharad Mishra <snmishra at linux.vnet.ibm.com>
>>
>> I'm not sure if this is a limitation in gerrit.  I know the question has
>> come up regarding what OpenStack does.  OpenStack doesn't use DCO.  They
>> have an explicit CLA that everyone must sign before participating[1].
>> DCO eliminates the need for such an agreement (when used properly).
>>
>> [1] http://wiki.openstack.org/CLA
>>
>> Regards,
>>
>> Anthony Liguori
>>
>> _______________________________________________
>> Board mailing list
>> Board at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/board
>>
>
> -- 
> Dave Neary - Community Action and Impact
> Open Source and Standards, Red Hat - http://community.redhat.com
> Ph: +33 9 50 71 55 62 / Cell: +33 6 77 01 92 13

More information about the Board mailing list