On 8 February 2018 at 09:25, Laszlo Ersek <ler...@redhat.com> wrote:
> On 02/08/18 09:32, Jordan Justen wrote:
>> Given the wording from the contribution agreement, it appears that it
>> would also be fine to just use Mike's Signed-off-by if he is
>> authorized to contribute the code even though he didn't author it.
> So basically just
>   """
>   Contributed-under: TianoCore Contribution Agreement 1.1
>   Signed-off-by: Michael D Kinney <michael.d.kin...@intel.com>
>   """
> implies Mike saying, "trust me guys, I got Microsoft's authorization (or
> whoever the original authors were) to contribute their code under the
> 2-clause BSDL". Is that right?
> Dunno why but this concept is hard for me to accept. :) "whoever the
> original authors were" is super vague to me. Let's say I want to verify
> that authorization myself: whom do I contact? Are the
> "https://github.com/Microsoft/MS_UEFI/..."; references considered
> sufficient origin information?

This is exactly the reason: if someone contributes code under a
suitable license, they should take full responsibility that the code
in question is actually covered by that license.

I refuse any responsibility for verifying the origin of code that
others contribute, and I'm sure your workload doesn't allow it either.
edk2-devel mailing list

Reply via email to