On 02/08/18 08:43, Ard Biesheuvel wrote:
> On 8 February 2018 at 01:35, Laszlo Ersek <ler...@redhat.com> wrote:
>> On 02/08/18 00:48, Kinney, Michael D wrote:
>>> Laszlo,
>>> The BmpSupportLib content was from contributions from
>>> a capsule related branch.  However, the BmpSupportLib
>>> can be used for UX capsules as well as other places that
>>> conversions between BMP and GOP BLT buffers are needed,
>>> so it is a more generic feature.  The SafeIntLib was also
>>> based on content from the same capsule related branch but
>>> also has uses other than capsules.
>>> Yes.  I need to add Signed-off-by for Sean.
> I will note once again that our signed off by deviates from other
> usage in the industry.
> Usually, a sign off is not an assertion of authorship. It means that
> the submitter is able to submit the code under the license that covers
> it.

I think a license is not really interpretable unless the identity of the
licensor can be established. I'd just like something in the commit
message and/or the git metadata to spell out the shared authorship
between Microsoft and Intel.

> In our case, it means authorship, which is why we as
> reviewers/maintainers add 'reviewed-by' not 'signed-off-by' like we do
> in the linux kernel.
> So what if I want to merge code that is available under a suitable
> license, but the author is not available to give his sign off, or
> there are many (hundreds) of authors etc etc? The whole point of open
> source licensing is that we don't *need* the explicit sign off of the
> authors, because the license tells us what we can and cannot do with
> the code.

We may not need an explicit sign-off from the original author, agreed,
but we need *something* that states that it was the original author that
put the original work under the license in question.

Patch #5 starts with:

"From: Michael D Kinney <michael.d.kin...@intel.com>"

which means the git meta-datum for authorship will not credit Microsoft.
Then, we also don't see a @microsoft.com email address anywhere at the
end of the commit message. Finally, the code changes themselves don't
add a Microsoft (C) to the DSC files. So we have a patch that is derived
from original Microsoft work (at this point it is shared work between
Intel and Microsoft), with none of the common attribution methods
mentioning Microsoft.

I don't insist on either form specifically, but *something* needs to be
added, in my opinion.

> I guess this is also related to the DCO vs contributed-under tags, but
> in general, I think adding the sign off of people who are not involved
> in the actual upstreaming of the code is wrong, and it is perfectly
> fine for the author not to be in a s-o-b line.

Fine by me; but please let us find another semi-formal method then that
states that the original (non-upstreamimg) author has put the patch
under the license that actually *permits* upstreaming now, without the
original author's active participation.

I thought the best method for this would be:

    Contributed-under: TianoCore Contribution Agreement 1.1
    Signed-off-by: Sean Brogan <sean.bro...@microsoft.com>
    Contributed-under: TianoCore Contribution Agreement 1.1
    Signed-off-by: Michael D Kinney <michael.d.kin...@intel.com>

I may well be wrong about the specifics, but I feel that *something*
should spell out Microsoft's co-authorship on this patch.

edk2-devel mailing list

Reply via email to