Itamar Heim <iheim@redhat.com> writes:
On 01/02/2013 06:27 PM, Anthony Liguori wrote:
Hi,
I've noticed that the various oVirt projects are not using the DCO process correctly. While contributors are adding Signed-off-by's (Good), there's no Signed-off-by being added by maintainers (Bad).
http://lwn.net/Articles/139918/
It may seem like a minor thing, but SOB is meant to provide a chain of custody and it's less effective if the certification isn't also done by maintainers.
For VDSM, I see examples like:
commit 53c6801658a8c5e05ceb518ffd9ebfefa805fda9 Author: Antoni S. Puimedon <asegurap@redhat.com> Date: Tue Dec 18 22:33:39 2012 +0100
Fix blockSD pep8.
Change-Id: I2ed4ce2a5748a911f76da02f762e5bda9352b905 Signed-off-by: Antoni S. Puimedon <asegurap@redhat.com> Reviewed-on: http://gerrit.ovirt.org/10213 Reviewed-by: Dan Kenigsberg <danken@redhat.com>
The last 'Reviewed-by' ought to be a 'Signed-off-by'.
OTOH, ovirt-engine lacks any Reviewed-by tags. For example:
Author: Sharad Mishra <snmishra@linux.vnet.ibm.com> Date: Wed Dec 26 11:10:32 2012 -0800
core: removed obsolete classes vm_template_image_map_id and vm_template_imag
These clasees are not used anymore.
Change-Id: I82f0861644f155f7b6c27ba5acb3a069b6f1a8f6 Signed-off-by: Sharad Mishra <snmishra@linux.vnet.ibm.com>
I'm not sure if this is a limitation in gerrit. I know the question has come up regarding what OpenStack does. OpenStack doesn't use DCO. They have an explicit CLA that everyone must sign before participating[1]. DCO eliminates the need for such an agreement (when used properly).
[1] http://wiki.openstack.org/CLA
Regards,
Anthony Liguori
true, this isn't supported by gerrit when using fast-forward which all projects use but vdsm.
I know very little about the hackability of gerrit... do you know if this is reasonably fixable? Does gerrit allow pre-commit hooks? The GIT_COMMITTER_{NAME,EMAIL} bits are being set correctly so it should be possible to add the Signed-off-by in a hook.
we do enforce the signed-of by for the author of the patch in gerrit.
personally, i see the value of maintainer sign of for the kernel, which has multiple layers of maintainers, but not for ovirt which has no similar concept today.
Patches float around over time even after commit. A good example is a stable branch where patches are backported from master. It's nice to preserve the Signed-off-by history in that case. Then you end up with three SoBs from contributor, master maintainer, and then stable maintainer.
I'm fine with asking for a CLA though if it solves the issue.
I cringe at thought of trying to work out a CLA. We should exhaust all options with respect to following DCO properly I think before going down that road. Regards, Anthony Liguori