Hi Anthony, For the uninitiated is DCO = Developer Certificate of Origin?
I am not sure whether oVirt has a formal process similar to the kernel's for this. Signed-off-by in oVirt probably doesn't carry the same baggage for maintainers as it does for the kernel.
For everyone else: this involved developers being asked, and at least verbally affirming, that they have written the patch themselves and have the rights required to publish their work under the relevant license.
A CLA gets around this by having an explicit Contributor Licensing Agreement where developers explicitly grant a license to some entity (usually the project's sponsoring entity or a non-profit supporting the project).
Both Mozilla and the Kernel, and several other projects, have avoided a CLA for a number of reasons - if you're aiming for a diverse developer base (as we are in oVirt) this can slow down adoption and participation by 3rd parties. For that reason, I would not encourage the adoption of a CLA for oVirt. On the other hand, ensuring we have the right to ship the code which is submitted to us is a good idea - and pushing the responsibility for asking to the maintainers integrating the code upstream is reasonable. How we do that is an implementation detail - we could of course "hack" SOB as the kernel has done to mean "I've checked and this is fine". It is important to realise that using SOB for this purpose is convention - a process hack, rather than something inate in SOB: http://elinux.org/Developer_Certificate_Of_Origin
Cheers, Dave. On 01/02/2013 05:27 PM, Anthony Liguori wrote:
Hi, I've noticed that the various oVirt projects are not using the DCO process correctly. While contributors are adding Signed-off-by's (Good), there's no Signed-off-by being added by maintainers (Bad). http://lwn.net/Articles/139918/ It may seem like a minor thing, but SOB is meant to provide a chain of custody and it's less effective if the certification isn't also done by maintainers. For VDSM, I see examples like: commit 53c6801658a8c5e05ceb518ffd9ebfefa805fda9 Author: Antoni S. Puimedon <[email protected]> Date: Tue Dec 18 22:33:39 2012 +0100 Fix blockSD pep8. Change-Id: I2ed4ce2a5748a911f76da02f762e5bda9352b905 Signed-off-by: Antoni S. Puimedon <[email protected]> Reviewed-on: http://gerrit.ovirt.org/10213 Reviewed-by: Dan Kenigsberg <[email protected]> The last 'Reviewed-by' ought to be a 'Signed-off-by'. OTOH, ovirt-engine lacks any Reviewed-by tags. For example: Author: Sharad Mishra <[email protected]> Date: Wed Dec 26 11:10:32 2012 -0800 core: removed obsolete classes vm_template_image_map_id and vm_template_imag These clasees are not used anymore. Change-Id: I82f0861644f155f7b6c27ba5acb3a069b6f1a8f6 Signed-off-by: Sharad Mishra <[email protected]> I'm not sure if this is a limitation in gerrit. I know the question has come up regarding what OpenStack does. OpenStack doesn't use DCO. They have an explicit CLA that everyone must sign before participating[1]. DCO eliminates the need for such an agreement (when used properly). [1] http://wiki.openstack.org/CLA Regards, Anthony Liguori _______________________________________________ Board mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/board
-- Dave Neary - Community Action and Impact Open Source and Standards, Red Hat - http://community.redhat.com Ph: +33 9 50 71 55 62 / Cell: +33 6 77 01 92 13 _______________________________________________ Board mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/board
