From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id C19AF138334 for ; Sat, 8 Sep 2018 17:37:01 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 08674E079E; Sat, 8 Sep 2018 17:36:59 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id BE79BE0788 for ; Sat, 8 Sep 2018 17:36:57 +0000 (UTC) Received: from a1i15 (host2092.kph.uni-mainz.de [134.93.134.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: ulm) by smtp.gentoo.org (Postfix) with ESMTPSA id AED3B33BE93; Sat, 8 Sep 2018 17:36:54 +0000 (UTC) From: Ulrich Mueller To: gentoo-project@lists.gentoo.org Subject: Re: [gentoo-project] [RFC] GLEP 76: Copyright Policy [v3] References: <23325.35685.793702.267278@a1i15.kph.uni-mainz.de> <23337.15822.698153.812236@a1i15.kph.uni-mainz.de> <833318c1-a337-d023-1722-8b3dda6411a3@gentoo.org> Date: Sat, 08 Sep 2018 19:36:45 +0200 In-Reply-To: <833318c1-a337-d023-1722-8b3dda6411a3@gentoo.org> (Michael Orlitzky's message of "Sat, 8 Sep 2018 10:25:03 -0400") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Archives-Salt: 1c64167f-7064-4d2a-a70f-bb7eaca44283 X-Archives-Hash: 782b970d9d95c355131d5e04f3610ca7 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable >>>>> On Sat, 08 Sep 2018, Michael Orlitzky wrote: > The Gentoo Certificate of origin says, >> By making a contribution to this project, I certify that: >>=20 >> 1 The contribution was created in whole or in part by me... >>=20 >> 2 The contribution is based upon previous work that, to the best of=20 >> my knowledge, is covered... >>=20 >> 3 The contribution is a license text (or a file of similar nature)... >>=20 >> 4 The contribution was provided directly to me by some other person=20 >> who certified (1), (2), (3), or (4), and I have not modified it. > Do we really want to allow (4)s all the way down? > That issue aside, I have some doubts about the usefulness of asserting > (4), which to me sounds like the opposite of what is intended: "someone > gave it to me and he said it was fine" is a weird defense. Especially if > the name of the person doesn't appear in the sign-off. If you certify 4., the commit should already carry a Signed-off-by line with that other person's name. If not, you must certify it with one of the other clauses (presumably, 2.). > I realize we might not be able to do much better in the case of e.g. > patches from outside contributors, but shouldn't we at least record the > person's name in that case? Yes, the idea is that either there is a chain of Signed-off-by lines, or (if not) that the committer has the responsibility that the contribution is under a free software license. Realistically, I won't expect our certification chains to have normally more than two S-o-b lines (like proxied committer and proxy committer). > If there's ever a dispute, we might need to track the guy down. We can also see it more positively, the name should be there to give credit to the right person. :) > I also realize that (4) was taken directly from the DCO which presumably > has had actual lawyers look at it, so take this with a grain of salt. Ulrich --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEZlHkP3TnuTbxrN0HwwkGhRxhwnMFAluUCK4ACgkQwwkGhRxh wnP4ewf9H+Nkg/7UEojP0lkorHkLjdyNJGBr2iAcwxXaryH32XSA8Zg3o0C63K3e FEaZjbLlEiK+IBKBvc6hY9NvAzaQ/ktslMVH/x2Y3l5B2bmaoIdxOsXb59Uh/l9q Lly5g5PJWh1YctxFVL8bm9i4jg8VD0C8a9K//ZPaTYFU+id9CYQY/zP1nBvXbNEe bzC7mwn/Z7TRIob9TT+3fdwxPb2NkN4r5nog0nU6WXve9vpthNNJY3n3i+F/NRej B0Qsy5G1vnophAz2p3emv8UqhhRbB3SbvNrmfkiYhAmZDj0mcnsvgc2iMXoqM3iM sXSlc0jwqKfP9Sn3GA04tjeIu2dc1w== =Ps5j -----END PGP SIGNATURE----- --=-=-=--