[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-project
Subject:    Re: [gentoo-project] Questions for Gentoo Council nominees: GLEP 76
From:       "Robin H. Johnson" <robbat2 () gentoo ! org>
Date:       2019-06-30 22:27:17
Message-ID: robbat2-20190630T220039-399135145Z () orbis-terrarum ! net
[Download RAW message or body]


On Sun, Jun 30, 2019 at 10:03:52AM +0200, Patrick Lauer wrote:
> Adding an autogenerated "Blessed-by-Krom" has very little *meaning*, so
> what do we gain by adding an autogenerated "Blessed-by-Krom"? (No,
> eternal battle in the afterlife is not guaranteed)
> 
> Since it's mandatory to continue committing, and autogenerated ... what
> does it really do? And how does it do more than requiring people to read
> and understand the rules before, and signing their commits? (Which,
> legally, shows an equivalent intent)
> 
> (Does anyone actually read *and understand* Terms&Conditions? How do you
> verify that? Usually you'd just assume that people are not actively
> malicious and that their word is enough)
> 
> So from my perspective GLEP76 doesn't really improve the situation, just
> makes everything more complex and causes exhausting discussions about
> non-technical topics that don't improve the distro.
As a clear example of meaningful agreement to the DCO vs the
autogenerated agreement that Patrick is concerned about, look at GnuPG's
model:

1. A new contributor must send a OpenPGP-signed copy of the GnuPG DCO
   text to the public mailing list (the exact wording of the DCO
   contains only a minor change s/open/free/ per FSF principles).
2. Signed-off-by trailer in the commit message is ALSO required, and is
   only used to verify against the DCO registry.
3. The documentation says a) no pseudonyms, and b) anonymous contributions
   can be done with a proxy who is willing to certify for you:
   https://gnupg.org/faq/HACKING.html#sec-1-3
4. There's a registry of DCO signatories:
   https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=AUTHORS;hb=HEAD#l163

However, there are two names that stand out as pseudonyms:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=AUTHORS;hb=HEAD#l187

I think is an implicit outcome of the two policy statements together:
Pseudonyms are also valid if there is a certifying proxy.


-- 
Robin Hugh Johnson
Gentoo Linux: Dev, Infra Lead, Foundation Treasurer
E-Mail   : robbat2@gentoo.org
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]