Dave Neary <dneary(a)redhat.com> writes:
Hi Anthony,
For the uninitiated is DCO = Developer Certificate of Origin?
Correct.
I am not sure whether oVirt has a formal process similar to the kernel's
for this. Signed-off-by in oVirt probably doesn't carry the same baggage
for maintainers as it does for the kernel.
For everyone else: this involved developers being asked, and at least
verbally affirming, that they have written the patch themselves and have
the rights required to publish their work under the relevant license.
A CLA gets around this by having an explicit Contributor Licensing
Agreement where developers explicitly grant a license to some entity
(usually the project's sponsoring entity or a non-profit supporting the
project).
Both Mozilla and the Kernel, and several other projects, have avoided a
CLA for a number of reasons - if you're aiming for a diverse developer
base (as we are in oVirt) this can slow down adoption and participation
by 3rd parties. For that reason, I would not encourage the adoption of a
CLA for oVirt.
Agreed.
On the other hand, ensuring we have the right to ship the
code which is submitted to us is a good idea - and pushing the
responsibility for asking to the maintainers integrating the code
upstream is reasonable. How we do that is an implementation detail - we
could of course "hack" SOB as the kernel has done to mean "I've
checked
and this is fine". It is important to realise that using SOB for this
purpose is convention - a process hack, rather than something inate in
SOB:
http://elinux.org/Developer_Certificate_Of_Origin
The reason I started the thread is to clarify what the process is for
oVirt. I'd certainly prefer it to be what's commonly accepted as DCO
but what's important is for the process to be documented clearly and
followed correctly.
I really think there's a lot of value is not inventing something new so
I think we should make every attempt to follow DCO as it's commonly
implemented.
Regards,
Anthony Liguori
Cheers,
Dave.
On 01/02/2013 05:27 PM, Anthony Liguori wrote:
>
> Hi,
>
> I've noticed that the various oVirt projects are not using the DCO
> process correctly. While contributors are adding Signed-off-by's
> (Good), there's no Signed-off-by being added by maintainers (Bad).
>
>
http://lwn.net/Articles/139918/
>
> It may seem like a minor thing, but SOB is meant to provide a chain of
> custody and it's less effective if the certification isn't also done by
> maintainers.
>
> For VDSM, I see examples like:
>
> commit 53c6801658a8c5e05ceb518ffd9ebfefa805fda9
> Author: Antoni S. Puimedon <asegurap(a)redhat.com>
> Date: Tue Dec 18 22:33:39 2012 +0100
>
> Fix blockSD pep8.
>
> Change-Id: I2ed4ce2a5748a911f76da02f762e5bda9352b905
> Signed-off-by: Antoni S. Puimedon <asegurap(a)redhat.com>
> Reviewed-on:
http://gerrit.ovirt.org/10213
> Reviewed-by: Dan Kenigsberg <danken(a)redhat.com>
>
> The last 'Reviewed-by' ought to be a 'Signed-off-by'.
>
> OTOH, ovirt-engine lacks any Reviewed-by tags. For example:
>
> Author: Sharad Mishra <snmishra(a)linux.vnet.ibm.com>
> Date: Wed Dec 26 11:10:32 2012 -0800
>
> core: removed obsolete classes vm_template_image_map_id and vm_template_imag
>
> These clasees are not used anymore.
>
> Change-Id: I82f0861644f155f7b6c27ba5acb3a069b6f1a8f6
> Signed-off-by: Sharad Mishra <snmishra(a)linux.vnet.ibm.com>
>
> I'm not sure if this is a limitation in gerrit. I know the question has
> come up regarding what OpenStack does. OpenStack doesn't use DCO. They
> have an explicit CLA that everyone must sign before participating[1].
> DCO eliminates the need for such an agreement (when used properly).
>
> [1]
http://wiki.openstack.org/CLA
>
> Regards,
>
> Anthony Liguori
>
> _______________________________________________
> Board mailing list
> Board(a)ovirt.org
>
http://lists.ovirt.org/mailman/listinfo/board
>
--
Dave Neary - Community Action and Impact
Open Source and Standards, Red Hat -
http://community.redhat.com
Ph: +33 9 50 71 55 62 / Cell: +33 6 77 01 92 13