Use of DCO
Anthony Liguori
aliguori at us.ibm.com
Wed Jan 2 19:24:01 UTC 2013
Itamar Heim <iheim at redhat.com> writes:
> On 01/02/2013 06:27 PM, Anthony Liguori wrote:
>>
>> Hi,
>>
>> I've noticed that the various oVirt projects are not using the DCO
>> process correctly. While contributors are adding Signed-off-by's
>> (Good), there's no Signed-off-by being added by maintainers (Bad).
>>
>> http://lwn.net/Articles/139918/
>>
>> It may seem like a minor thing, but SOB is meant to provide a chain of
>> custody and it's less effective if the certification isn't also done by
>> maintainers.
>>
>> For VDSM, I see examples like:
>>
>> commit 53c6801658a8c5e05ceb518ffd9ebfefa805fda9
>> Author: Antoni S. Puimedon <asegurap at redhat.com>
>> Date: Tue Dec 18 22:33:39 2012 +0100
>>
>> Fix blockSD pep8.
>>
>> Change-Id: I2ed4ce2a5748a911f76da02f762e5bda9352b905
>> Signed-off-by: Antoni S. Puimedon <asegurap at redhat.com>
>> Reviewed-on: http://gerrit.ovirt.org/10213
>> Reviewed-by: Dan Kenigsberg <danken at redhat.com>
>>
>> The last 'Reviewed-by' ought to be a 'Signed-off-by'.
>>
>> OTOH, ovirt-engine lacks any Reviewed-by tags. For example:
>>
>> Author: Sharad Mishra <snmishra at linux.vnet.ibm.com>
>> Date: Wed Dec 26 11:10:32 2012 -0800
>>
>> core: removed obsolete classes vm_template_image_map_id and vm_template_imag
>>
>> These clasees are not used anymore.
>>
>> Change-Id: I82f0861644f155f7b6c27ba5acb3a069b6f1a8f6
>> Signed-off-by: Sharad Mishra <snmishra at linux.vnet.ibm.com>
>>
>> I'm not sure if this is a limitation in gerrit. I know the question has
>> come up regarding what OpenStack does. OpenStack doesn't use DCO. They
>> have an explicit CLA that everyone must sign before participating[1].
>> DCO eliminates the need for such an agreement (when used properly).
>>
>> [1] http://wiki.openstack.org/CLA
>>
>> Regards,
>>
>> Anthony Liguori
>>
>
> true, this isn't supported by gerrit when using fast-forward which all
> projects use but vdsm.
I know very little about the hackability of gerrit... do you know if
this is reasonably fixable?
Does gerrit allow pre-commit hooks? The GIT_COMMITTER_{NAME,EMAIL} bits
are being set correctly so it should be possible to add the
Signed-off-by in a hook.
> we do enforce the signed-of by for the author of the patch in gerrit.
>
> personally, i see the value of maintainer sign of for the kernel, which
> has multiple layers of maintainers, but not for ovirt which has no
> similar concept today.
Patches float around over time even after commit. A good example is a
stable branch where patches are backported from master. It's nice to
preserve the Signed-off-by history in that case. Then you end up with
three SoBs from contributor, master maintainer, and then stable
maintainer.
> I'm fine with asking for a CLA though if it solves the issue.
I cringe at thought of trying to work out a CLA. We should exhaust all
options with respect to following DCO properly I think before going down
that road.
Regards,
Anthony Liguori
More information about the Board
mailing list