[libvirt] [PATCH] docs: document requirement to provide Signed-off-by lines for DCO

Daniel P. Berrange posted 1 patch 6 years, 2 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20180122124037.10605-1-berrange@redhat.com
docs/hacking.html.in | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
[libvirt] [PATCH] docs: document requirement to provide Signed-off-by lines for DCO
Posted by Daniel P. Berrange 6 years, 2 months ago
Document that contributors are required to assert compliance with the
Developers Certification of Origin 1.1, by providing Signed-off-by tags
for all commit messages. The DCO is formally stating what we have long
implicitly expected of contributors in terms of their legal rights to
make the contribution. This puts the project in a stronger position
should any questions around contributions be raised going forward in the
future.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 docs/hacking.html.in | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/docs/hacking.html.in b/docs/hacking.html.in
index 6cadfb8343..98a24d785c 100644
--- a/docs/hacking.html.in
+++ b/docs/hacking.html.in
@@ -108,12 +108,18 @@
           of the bug number is useful; but also summarize the issue
           rather than making all readers follow the link.  You can use
           'git shortlog -30' to get an idea of typical summary lines.
-          Libvirt does not currently attach any meaning to
-          Signed-off-by: lines, so it is up to you if you want to
-          include or omit them in the commit message.
         </p>
       </li>
 
+      <li><p>Contributors to libvirt projects <strong>must</strong>
+          assert that they are in compliance with the
+          <a href="https://developercertificate.org/">Developers
+            Certificate of Origin 1.1</a>. This is achieved by adding
+          a "Signed-off-by" line to every commit message. The presence
+          of this line attests that the contributor has read the
+          above lined DCO and agrees with its statements.
+      </p></li>
+
       <li><p>Split large changes into a series of smaller patches,
         self-contained if possible, with an explanation of each patch
         and an explanation of how the sequence of patches fits
-- 
2.14.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] docs: document requirement to provide Signed-off-by lines for DCO
Posted by Andrea Bolognani 6 years, 2 months ago
On Mon, 2018-01-22 at 12:40 +0000, Daniel P. Berrange wrote:
> Document that contributors are required to assert compliance with the
> Developers Certification of Origin 1.1, by providing Signed-off-by tags

Both here...

> for all commit messages. The DCO is formally stating what we have long
> implicitly expected of contributors in terms of their legal rights to
> make the contribution. This puts the project in a stronger position
> should any questions around contributions be raised going forward in the
> future.
> 
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
>  docs/hacking.html.in | 12 +++++++++---
>  1 file changed, 9 insertions(+), 3 deletions(-)
> 
> diff --git a/docs/hacking.html.in b/docs/hacking.html.in
> index 6cadfb8343..98a24d785c 100644
> --- a/docs/hacking.html.in
> +++ b/docs/hacking.html.in
> @@ -108,12 +108,18 @@
>            of the bug number is useful; but also summarize the issue
>            rather than making all readers follow the link.  You can use
>            'git shortlog -30' to get an idea of typical summary lines.
> -          Libvirt does not currently attach any meaning to
> -          Signed-off-by: lines, so it is up to you if you want to
> -          include or omit them in the commit message.
>          </p>
>        </li>
>  
> +      <li><p>Contributors to libvirt projects <strong>must</strong>
> +          assert that they are in compliance with the
> +          <a href="https://developercertificate.org/">Developers
> +            Certificate of Origin 1.1</a>. This is achieved by adding

... and here, use either "Developer Certificate of Origin" or
"Developer's Certificate of Origin" - the DCO website irritatingly
uses both wordings :(

> +          a "Signed-off-by" line to every commit message. The presence
> +          of this line attests that the contributor has read the
> +          above lined DCO and agrees with its statements.
> +      </p></li>

The indentation is off in the above paragraph.

Other than that it looks good, so

  Reviewed-by: Andrea Bolognani <abologna@redhat.com>

but I'm wondering if we need some sort of vote or agreement at the
community level before this can be formalized and enforced.

-- 
Andrea Bolognani / Red Hat / Virtualization

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] docs: document requirement to provide Signed-off-by lines for DCO
Posted by Ján Tomko 6 years, 2 months ago
On Mon, Jan 22, 2018 at 02:28:14PM +0100, Andrea Bolognani wrote:
>On Mon, 2018-01-22 at 12:40 +0000, Daniel P. Berrange wrote:
>> Document that contributors are required to assert compliance with the
>> Developers Certification of Origin 1.1, by providing Signed-off-by tags
>
>Both here...
>
>> for all commit messages. The DCO is formally stating what we have long
>> implicitly expected of contributors in terms of their legal rights to
>> make the contribution. This puts the project in a stronger position
>> should any questions around contributions be raised going forward in the
>> future.
>>
>> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
>> ---
>>  docs/hacking.html.in | 12 +++++++++---
>>  1 file changed, 9 insertions(+), 3 deletions(-)
>>
>> diff --git a/docs/hacking.html.in b/docs/hacking.html.in
>> index 6cadfb8343..98a24d785c 100644
>> --- a/docs/hacking.html.in
>> +++ b/docs/hacking.html.in
>> @@ -108,12 +108,18 @@
>>            of the bug number is useful; but also summarize the issue
>>            rather than making all readers follow the link.  You can use
>>            'git shortlog -30' to get an idea of typical summary lines.
>> -          Libvirt does not currently attach any meaning to
>> -          Signed-off-by: lines, so it is up to you if you want to
>> -          include or omit them in the commit message.
>>          </p>
>>        </li>
>>
>> +      <li><p>Contributors to libvirt projects <strong>must</strong>
>> +          assert that they are in compliance with the
>> +          <a href="https://developercertificate.org/">Developers
>> +            Certificate of Origin 1.1</a>. This is achieved by adding
>
>... and here, use either "Developer Certificate of Origin" or
>"Developer's Certificate of Origin" - the DCO website irritatingly
>uses both wordings :(
>
>> +          a "Signed-off-by" line to every commit message. The presence

"line containing the contributor's name and e-mail" maybe?
I presume just 'Signed-off-by' is not enough for the "legal snake oil",
even though it's all the git hook asks for.

>> +          of this line attests that the contributor has read the
>> +          above lined DCO and agrees with its statements.
>> +      </p></li>
>
>The indentation is off in the above paragraph.
>
>Other than that it looks good, so
>
>  Reviewed-by: Andrea Bolognani <abologna@redhat.com>
>
>but I'm wondering if we need some sort of vote or agreement at the
>community level before this can be formalized and enforced.

There will never be agreement.

But from the git hook thread:
In favor: Dan, John, Michal(?)
Indifferent: Erik
Against: Me, Peter

Which already is some kind of vote, so I'll give this one:
"Meh, ACK, please don't try to make another tag mandatory in the
future"

Jan
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] docs: document requirement to provide Signed-off-by lines for DCO
Posted by Daniel P. Berrange 6 years, 2 months ago
On Wed, Jan 24, 2018 at 02:59:17PM +0100, Ján Tomko wrote:
> > > +          a "Signed-off-by" line to every commit message. The presence
> 
> "line containing the contributor's name and e-mail" maybe?
> I presume just 'Signed-off-by' is not enough for the "legal snake oil",
> even though it's all the git hook asks for.

Yes, good point - it ought to be the name of the person who contributed
the patch, which is usually, but not always also the author.

> > > +          of this line attests that the contributor has read the
> > > +          above lined DCO and agrees with its statements.
> > > +      </p></li>
> > 
> > The indentation is off in the above paragraph.
> > 
> > Other than that it looks good, so
> > 
> >  Reviewed-by: Andrea Bolognani <abologna@redhat.com>
> > 
> > but I'm wondering if we need some sort of vote or agreement at the
> > community level before this can be formalized and enforced.
>
> There will never be agreement.
>
> But from the git hook thread:
> In favor: Dan, John, Michal(?)
> Indifferent: Erik
> Against: Me, Peter
> 
> Which already is some kind of vote, so I'll give this one:
> "Meh, ACK, please don't try to make another tag mandatory in the
> future"

Thankyou, none the less I don't want to just push it through while an
explicit NACK from stands, depsite a number of others in favour. Simple
majority voting is too crude and leads to unhappiness if someone does
feel so strongly about a proposal that they want to veto it.

So I will wait to see if, given the range of opinions, Peter would be
ok with the proposal being applied, despite his previous nack.

I had considered whether we should require a Reviewed-by tags to show
that someone other than the author has reviewed a patch before it is
pushed. It is not practical to check this automatically though, given
that we like the flexibility to be able to push build-breaker fixes
or trivial fixes, etc as-is. So I won't propose making anything else
mandatory - at very most I'd encourage, but *not* require, other tags.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] docs: document requirement to provide Signed-off-by lines for DCO
Posted by Jiri Denemark 6 years, 2 months ago
On Wed, Jan 24, 2018 at 14:34:49 +0000, Daniel P. Berrange wrote:
...
> I had considered whether we should require a Reviewed-by tags to show
> that someone other than the author has reviewed a patch before it is
> pushed. It is not practical to check this automatically though, given
> that we like the flexibility to be able to push build-breaker fixes
> or trivial fixes, etc as-is. So I won't propose making anything else
> mandatory - at very most I'd encourage, but *not* require, other tags.

Since Signed-off-by is going to be required, automatic check would be
doable. After all at some point in the past you mentioned either
Signed-off-by from someone with commit access or Reviewed-by could be
required. However anyone pushing a patch is either the contributor or is
apparently confident of the patch to the extent they could provide
Reviewed-by so the condition is implicitly met by the fact the patch was
pushed. In other words, having Reviewed-by in the commit message is nice
for generating statistics for KVM Forum keynotes, once the patch gets
out of our git repository (i.e., is backported to a downstream), or when
someone wants to see who the hell could have acked this. But it's not
something one couldn't live without.

That said, I don't mind if either of these tags are mandatory as both
are somewhat useful.

Jirka

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] docs: document requirement to provide Signed-off-by lines for DCO
Posted by Daniel P. Berrange 6 years, 2 months ago
On Wed, Jan 24, 2018 at 04:14:54PM +0100, Jiri Denemark wrote:
> pushed. In other words, having Reviewed-by in the commit message is nice
> for generating statistics for KVM Forum keynotes, once the patch gets
> out of our git repository (i.e., is backported to a downstream), or when

BTW, when generating libvirt stats for KVM Forum 2018, whoever does it
ought to process every git repo hosted on libvirt.org, rather than just
libvirt.git, as we have non-negligible amount of work going on in the
other repos, even if much if it doesn't use the mailing list for review
all the time :-)

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] docs: document requirement to provide Signed-off-by lines for DCO
Posted by Kashyap Chamarthy 6 years, 2 months ago
On Mon, Jan 22, 2018 at 12:40:37PM +0000, Daniel P. Berrange wrote:
> Document that contributors are required to assert compliance with the
> Developers Certification of Origin 1.1, by providing Signed-off-by tags
> for all commit messages. The DCO is formally stating what we have long
> implicitly expected of contributors in terms of their legal rights to
> make the contribution. This puts the project in a stronger position
> should any questions around contributions be raised going forward in the
> future.
> 
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
>  docs/hacking.html.in | 12 +++++++++---
>  1 file changed, 9 insertions(+), 3 deletions(-)
>

With the nits Andrea pointed out fixed, FWIW:

    Reviewed-by: Kashyap Chamarthy <kchamart@redhat.com>

[...]

-- 
/kashyap

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list