On 02/08/18 08:43, Ard Biesheuvel wrote: > On 8 February 2018 at 01:35, Laszlo Ersek <ler...@redhat.com> wrote: >> On 02/08/18 00:48, Kinney, Michael D wrote: >>> Laszlo, >>> >>> The BmpSupportLib content was from contributions from >>> a capsule related branch. However, the BmpSupportLib >>> can be used for UX capsules as well as other places that >>> conversions between BMP and GOP BLT buffers are needed, >>> so it is a more generic feature. The SafeIntLib was also >>> based on content from the same capsule related branch but >>> also has uses other than capsules. >>> >>> Yes. I need to add Signed-off-by for Sean. > > I will note once again that our signed off by deviates from other > usage in the industry. > > Usually, a sign off is not an assertion of authorship. It means that > the submitter is able to submit the code under the license that covers > it.
I think a license is not really interpretable unless the identity of the licensor can be established. I'd just like something in the commit message and/or the git metadata to spell out the shared authorship between Microsoft and Intel. > In our case, it means authorship, which is why we as > reviewers/maintainers add 'reviewed-by' not 'signed-off-by' like we do > in the linux kernel. > > So what if I want to merge code that is available under a suitable > license, but the author is not available to give his sign off, or > there are many (hundreds) of authors etc etc? The whole point of open > source licensing is that we don't *need* the explicit sign off of the > authors, because the license tells us what we can and cannot do with > the code. We may not need an explicit sign-off from the original author, agreed, but we need *something* that states that it was the original author that put the original work under the license in question. Patch #5 starts with: "From: Michael D Kinney <michael.d.kin...@intel.com>" which means the git meta-datum for authorship will not credit Microsoft. Then, we also don't see a @microsoft.com email address anywhere at the end of the commit message. Finally, the code changes themselves don't add a Microsoft (C) to the DSC files. So we have a patch that is derived from original Microsoft work (at this point it is shared work between Intel and Microsoft), with none of the common attribution methods mentioning Microsoft. I don't insist on either form specifically, but *something* needs to be added, in my opinion. > I guess this is also related to the DCO vs contributed-under tags, but > in general, I think adding the sign off of people who are not involved > in the actual upstreaming of the code is wrong, and it is perfectly > fine for the author not to be in a s-o-b line. Fine by me; but please let us find another semi-formal method then that states that the original (non-upstreamimg) author has put the patch under the license that actually *permits* upstreaming now, without the original author's active participation. I thought the best method for this would be: """ Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Sean Brogan <sean.bro...@microsoft.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kin...@intel.com> """ I may well be wrong about the specifics, but I feel that *something* should spell out Microsoft's co-authorship on this patch. Thanks Laszlo _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel