[LinuxBIOS] r2550 - trunk/LinuxBIOSv2/util/flashrom

Segher Boessenkool segher at kernel.crashing.org
Mon Feb 12 15:20:45 CET 2007 

>>>> You can only commit a patch to the tree if you take
>>>> responsibility for it (at some level), and that means
>>>> you'll have to sign off on it.
>>>
>>> Ok, so our policy is that the committer always adds a sign off?
>>
>> If not, the whole signed-off-by thing becomes useless,
>> so it better be policy.
>
> now, why exactly?

It's point (c) in the DCO.

If you allow any code to be checked in without the person
doing that stating he has the the right to do that, i.e.
without adding the signed-off, all previous signed-off
statements (by the original developer, etc.) have no
significance as to whether the LinuxBIOS project did check
if it was allowed (for IP or copyright reasons) to use
the code.  Only full chains work; one missing link and
it's broken.

>>> But I also reviewed it, so I should ack, right?
>>
>> Dunno.  "acked-by" as used in Linux is only an informal
>> comment; if LinuxBIOS wants to formalise its usage, the
>> rules should be written down somewhere.
>
> Whats missing in http://www.linuxbios.org/Development_Guidelines?

The doc should be in the repo itself.  Other than that,
it could be formalised a bit ;-)

>>> Yes, but does the committer need to sign-off too?
>>> Isn't it enough with the signed-off-by from the author and an ack
>>> from the committer?
>>
>> No.  Every step in the chain into the repo needs to
>> be tracked or the "chain of trust" is lost.
>
> I dont think the chain of trust goes lost. The repository monitors who
> did the commit, so it will be as easy to find out as grepping for the
> Signed-off-by: ?

The "commit" message the repo gives you only tells you
who did the check in; it doesn't say that the commiter
states that he checked to the best of his knowledge that
he is allowed to (re-)publish that source code.

> ie. Are you saying the mails that get sent out to the mailing list
> should be filtered to say
>
>     Signed-off-by: Committer
>
> instead of
>
>     Committed by: Committer
>
> ?

No.  I'm saying that committers should manually (or at least
consciously) add the signed-off.

>> I don't see the incompatibility?  Unless you mean that
>> the acked-by tags should be put into the commit; that
>> is a foolish thing indeed, there are many problems with
>> it (for example, it is easy to forget to add one of those
>> when you commit; not the case with signed-off, since
>> that's in the patch when you send it out for review
>> already, and a committer will add it automatically if
>> he has his tools set up for that).
>
> If you think our review process is useless, you are of course not
> forced to contribute to it.

I'm not saying the review process is useless; I'm saying
that recording history of who thought what patch was a
good idea, _when those patches never end up being committed_,
is pretty damn useless.  A newer version of the patch
superseded the old one; knowing who approved the final
commit *can* of course be useful.  I wasn't commenting
on the review process at all; just on the acked-by lines
that people add to commit messages.


Segher

More information about the coreboot mailing list