From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 9BFE5138334 for ; Mon, 25 Jun 2018 16:51:01 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4FB76E0A04; Mon, 25 Jun 2018 16:51:00 +0000 (UTC) Received: from mail-pg0-f65.google.com (mail-pg0-f65.google.com [74.125.83.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 05B12E09EB for ; Mon, 25 Jun 2018 16:50:59 +0000 (UTC) Received: by mail-pg0-f65.google.com with SMTP id z1-v6so6310979pgv.12 for ; Mon, 25 Jun 2018 09:50:59 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=cX/ZLffTKTeiNH0QdOFKs/VPMr0zxtxRy3BRLozXyQg=; b=YolciJscWqxHYwE0F91OMAU4nc/lUeJ8od3bQyfjLSSgkIjshxNv1Vto6wBPimyvR6 WUea4z99izIESKmI7SdmI6RgPTC722o1Q5KPf6Nh94sQ+1pdiYkFSibIzN61JnHaqyOn S1mroNNkuKeBxC3K2lXnurQLj655fwbdwFWIVE752k8Mbi0/L3OmMF8Jgxn7A0YnKfRy BkcMZIJV7oID8mV3dOin/A6u4CCzx+BkkABtJSoiq2InwaaVcTUCGxHd0OScAX2wXYVL x+6/k2F+4OuCg12YakdesfwV59Z6TkDWDwhrugGN6aGUUaTRne8paho8O4Y3EHuwxR/x TbfQ== X-Gm-Message-State: APt69E0z4PEkNoFJ4zr7IH+Kc4DEUR/j73UyrK1rNh4gAvs1pR96DJC0 FQMIhF53N03Pow0KEZnJz6KhFplKHEvm8zmjtah3TQ== X-Google-Smtp-Source: ADUXVKICUrAv3pSosdlS8iZP7Ev0v54Uqxq8HpvrhUSzL5XFupXZ7aWyt2Fa3p4tpJ01+dUdcmA0CsLHYc/Wuwshlks= X-Received: by 2002:a65:51c9:: with SMTP id i9-v6mr11497227pgq.202.1529945458339; Mon, 25 Jun 2018 09:50:58 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org MIME-Version: 1.0 References: <23310.46809.293787.611345@a1i15.kph.uni-mainz.de> <23317.12829.91552.529904@a1i15.kph.uni-mainz.de> <20180625013334.GA28404@kroah.com> <23344.37042.753481.563752@a1i15.kph.uni-mainz.de> <20180625070525.GA6151@kroah.com> <23344.40875.105369.227774@a1i15.kph.uni-mainz.de> <20180625110540.GB3058@kroah.com> <23344.65054.620110.958503@a1i15.kph.uni-mainz.de> <0a9228f1-338e-06a3-f3f4-6b27eea71408@iee.org> In-Reply-To: From: Rich Freeman Date: Mon, 25 Jun 2018 12:50:46 -0400 Message-ID: Subject: Re: [gentoo-project] Re: [gentoo-core] Re: Poll: Would you sign a Contributer License Agreement? To: gentoo-project Content-Type: text/plain; charset="UTF-8" X-Archives-Salt: 5a4a4b6e-219e-49c9-9517-f476f39d66fc X-Archives-Hash: bb299eb0aeff3549f5891a3df6ecf4a7 On Mon, Jun 25, 2018 at 11:53 AM Denis Dupeyron wrote: > > I want to note here that if this comes into effect, and becomes > mandatory, some critical pieces of Gentoo would go unmaintained for > months, if not longer and possibly indefinitely, until the employer of > the maintainers allows them to sign whatever it is you would require. Just to get you to elaborate a bit more: is this a concern with the Gentoo DCO in particular, or any requirement to sign off on anything? It is probably worth nothing that the DCO (either upstream's or Gentoo's) is just an affirmation of compliance. It doesn't actually have any binding statements on the signer. You aren't signing away any rights or accepting any restrictions, and it doesn't constitute a contract as far as I can tell. It is merely a statement of fact about a commit. That said, part of me does wonder as such whether we're just as covered by a policy that requires all commits be redistributable, training all developers in it, and leaving it at that. That would basically be the status quo, and I don't think anybody is going to object to a policy that says only stuff we can legally distribute goes in the repos. That really isn't any more restrictive than our general social contract. Ultimately this is all just reasonable care. Somebody can add a signed-off-by without reading the DCO just as they can do a commit without reading our policy on what is allowed to be committed. Is the one standard truly any more defensible than the other? -- Rich