Topics

[edgex] Question about commits?

espy
 

Andy --

I recently saw a commit merged in the developer-scripts project, where the reviewer asked that the developer add a "Signed-off-by" line. For some reason, I assumed that we didn't require its usage, however I went back and checked, and our "Contributing Code" wiki page [1] does cover it (Note, some of the formatting was pretty broken, so this wasn't super obvious).

I did some poking around regarding the true meaning of "Signed-off-by", and am now wondering if this is really something we should be requiring? One thing pointed out on a related discussion on stackoverflow [2] was that the git man page has been updated to read:

-s, --signoff
Add Signed-off-by line by the committer at the end of the commit log message. The meaning of a signoff depends on the project, but it typically certifies that committer has the rights to submit this work
under the same license and agrees to a Developer Certificate of Origin (see http://developercertificate.org/ for more information).

From what I recall, we decided that we weren't going to have a Developer Certificate of Origin, which according the above statement from git commit, means our usage of "Signed-off-by" isn't really serving its intended purpose.

Thoughts?

Maybe we should discuss during tomorrow's Core WG meeting?

Regards,
/tony

p.s. anyone contributing patches to EdgeX should make sure they've read our "Committing+Code+Guidelines" page, especially regarding how to write a proper commit message. ;)-

[1] https://wiki.edgexfoundry.org/display/FA/Committing+Code+Guidelines
[2] https://stackoverflow.com/questions/1962094/what-is-the-sign-off-feature-in-git-for

Andrew Foster <andy@...>
 

Tony,

Agree that it seems like the general view of "Signed-off-by" means that the committer agrees to a DCO.

We also still have the following on the Contributors page: (https://wiki.edgexfoundry.org/display/FA/Contributor%27s+Guide)

"Submission DCO - As a potential contributor of code to the project, you are highly encouraged to read the Project Charter and in particular note section 12 - Intellectual Property Policy. Contributors are advised to understand that submitting code to the project indicates you agree with the Developer Certificate of Origin. See http://elinux.org/Developer_Certificate_Of_Origin for more details."

If the DCO is still in place (not 100% sure) then imposing "Signed-off-by" probably makes sense, if not it's worth discussing whether it is really needed.

I will try and make the Core WG call tomorrow if possible but may not be able to make it (currently on the road visiting customers).

Cheers,

Andy

-----Original Message-----
From: espy [mailto:espy@...]
Sent: Wednesday, December 13, 2017 4:27 PM
To: Andrew Foster <andy@...>
Cc: White2, James <James.White2@...>; edgex-devel@...
Subject: [edgex] Question about commits?

Andy --

I recently saw a commit merged in the developer-scripts project, where the reviewer asked that the developer add a "Signed-off-by" line. For some reason, I assumed that we didn't require its usage, however I went back and checked, and our "Contributing Code" wiki page [1] does cover it (Note, some of the formatting was pretty broken, so this wasn't super obvious).

I did some poking around regarding the true meaning of "Signed-off-by", and am now wondering if this is really something we should be requiring?
One thing pointed out on a related discussion on stackoverflow [2] was that the git man page has been updated to read:

-s, --signoff
Add Signed-off-by line by the committer at the end of the commit log message. The meaning of a signoff depends on the project, but it typically certifies that committer has the rights to submit this work under the same license and agrees to a Developer Certificate of Origin (see http://developercertificate.org/ for more information).

From what I recall, we decided that we weren't going to have a Developer Certificate of Origin, which according the above statement from git commit, means our usage of "Signed-off-by" isn't really serving its intended purpose.

Thoughts?

Maybe we should discuss during tomorrow's Core WG meeting?

Regards,
/tony

p.s. anyone contributing patches to EdgeX should make sure they've read our "Committing+Code+Guidelines" page, especially regarding how to write a proper commit message. ;)-

[1] https://wiki.edgexfoundry.org/display/FA/Committing+Code+Guidelines
[2]
https://stackoverflow.com/questions/1962094/what-is-the-sign-off-feature-in-git-for

James.White2@...
 

plenty of time to revisit the sign off issue in upcoming calls if not tomorrow's.
Added to the list of upcoming topics.
________________________________________
From: Andrew Foster <andy@...>
Sent: Wednesday, December 13, 2017 3:53 PM
To: 'espy'
Cc: White2, James; edgex-devel@...
Subject: RE: [edgex] Question about commits?

Tony,

Agree that it seems like the general view of "Signed-off-by" means that the committer agrees to a DCO.

We also still have the following on the Contributors page: (https://wiki.edgexfoundry.org/display/FA/Contributor%27s+Guide)

"Submission DCO - As a potential contributor of code to the project, you are highly encouraged to read the Project Charter and in particular note section 12 - Intellectual Property Policy. Contributors are advised to understand that submitting code to the project indicates you agree with the Developer Certificate of Origin. See http://elinux.org/Developer_Certificate_Of_Origin for more details."

If the DCO is still in place (not 100% sure) then imposing "Signed-off-by" probably makes sense, if not it's worth discussing whether it is really needed.

I will try and make the Core WG call tomorrow if possible but may not be able to make it (currently on the road visiting customers).

Cheers,

Andy

-----Original Message-----
From: espy [mailto:espy@...]
Sent: Wednesday, December 13, 2017 4:27 PM
To: Andrew Foster <andy@...>
Cc: White2, James <James.White2@...>; edgex-devel@...
Subject: [edgex] Question about commits?

Andy --

I recently saw a commit merged in the developer-scripts project, where the reviewer asked that the developer add a "Signed-off-by" line. For some reason, I assumed that we didn't require its usage, however I went back and checked, and our "Contributing Code" wiki page [1] does cover it (Note, some of the formatting was pretty broken, so this wasn't super obvious).

I did some poking around regarding the true meaning of "Signed-off-by", and am now wondering if this is really something we should be requiring?
One thing pointed out on a related discussion on stackoverflow [2] was that the git man page has been updated to read:

-s, --signoff
Add Signed-off-by line by the committer at the end of the commit log message. The meaning of a signoff depends on the project, but it typically certifies that committer has the rights to submit this work under the same license and agrees to a Developer Certificate of Origin (see http://developercertificate.org/ for more information).

From what I recall, we decided that we weren't going to have a Developer Certificate of Origin, which according the above statement from git commit, means our usage of "Signed-off-by" isn't really serving its intended purpose.

Thoughts?

Maybe we should discuss during tomorrow's Core WG meeting?

Regards,
/tony

p.s. anyone contributing patches to EdgeX should make sure they've read our "Committing+Code+Guidelines" page, especially regarding how to write a proper commit message. ;)-

[1] https://wiki.edgexfoundry.org/display/FA/Committing+Code+Guidelines
[2]
https://stackoverflow.com/questions/1962094/what-is-the-sign-off-feature-in-git-for

Andrew Grimberg
 

Just interjecting a little bit of perspective from LF here.

The DCO / Signed-off-by line is something that we require on any
projects that we're helping with. The reasoning is more around code
provenance from a legal perspective, as opposed to a CLA (Contributor
License Agreement) which is more about IP assignment and rights.

Additionally, you'll find that all of the repositories for EdgeX have a
DCO check which will block merge if there is no DCO line. So, this is
mechanically enforced across the repositories.

-Andy-

On 12/13/2017 01:55 PM, James.White2@... wrote:
plenty of time to revisit the sign off issue in upcoming calls if not tomorrow's.
Added to the list of upcoming topics.
________________________________________
From: Andrew Foster <andy@...>
Sent: Wednesday, December 13, 2017 3:53 PM
To: 'espy'
Cc: White2, James; edgex-devel@...
Subject: RE: [edgex] Question about commits?

Tony,

Agree that it seems like the general view of "Signed-off-by" means that the committer agrees to a DCO.

We also still have the following on the Contributors page: (https://wiki.edgexfoundry.org/display/FA/Contributor%27s+Guide)

"Submission DCO - As a potential contributor of code to the project, you are highly encouraged to read the Project Charter and in particular note section 12 - Intellectual Property Policy. Contributors are advised to understand that submitting code to the project indicates you agree with the Developer Certificate of Origin. See http://elinux.org/Developer_Certificate_Of_Origin for more details."

If the DCO is still in place (not 100% sure) then imposing "Signed-off-by" probably makes sense, if not it's worth discussing whether it is really needed.

I will try and make the Core WG call tomorrow if possible but may not be able to make it (currently on the road visiting customers).

Cheers,

Andy

-----Original Message-----
From: espy [mailto:espy@...]
Sent: Wednesday, December 13, 2017 4:27 PM
To: Andrew Foster <andy@...>
Cc: White2, James <James.White2@...>; edgex-devel@...
Subject: [edgex] Question about commits?

Andy --

I recently saw a commit merged in the developer-scripts project, where the reviewer asked that the developer add a "Signed-off-by" line. For some reason, I assumed that we didn't require its usage, however I went back and checked, and our "Contributing Code" wiki page [1] does cover it (Note, some of the formatting was pretty broken, so this wasn't super obvious).

I did some poking around regarding the true meaning of "Signed-off-by", and am now wondering if this is really something we should be requiring?
One thing pointed out on a related discussion on stackoverflow [2] was that the git man page has been updated to read:

-s, --signoff
Add Signed-off-by line by the committer at the end of the commit log message. The meaning of a signoff depends on the project, but it typically certifies that committer has the rights to submit this work under the same license and agrees to a Developer Certificate of Origin (see http://developercertificate.org/ for more information).

From what I recall, we decided that we weren't going to have a Developer Certificate of Origin, which according the above statement from git commit, means our usage of "Signed-off-by" isn't really serving its intended purpose.

Thoughts?

Maybe we should discuss during tomorrow's Core WG meeting?

Regards,
/tony

p.s. anyone contributing patches to EdgeX should make sure they've read our "Committing+Code+Guidelines" page, especially regarding how to write a proper commit message. ;)-

[1] https://wiki.edgexfoundry.org/display/FA/Committing+Code+Guidelines
[2]
https://stackoverflow.com/questions/1962094/what-is-the-sign-off-feature-in-git-for

_______________________________________________
EdgeX-Devel mailing list
EdgeX-Devel@...
https://lists.edgexfoundry.org/mailman/listinfo/edgex-devel
--
Andrew J Grimberg
Lead, IT Release Engineering
The Linux Foundation