| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Dec 2018 22:58:43 +0530
From: Himanshu Jha <himanshujha199640@...il.com>
To: Joe Perches <joe@...ches.com>
Cc: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@...aro.org>,
apw@...onical.com, Andrew Morton <akpm@...ux-foundation.org>,
Greg KH <gregkh@...uxfoundation.org>,
linux-kernel@...r.kernel.org, niklas.cassel@...aro.org
Subject: Re: [PATCH] checkpatch: add Co-Developed-by to signature tags
On Fri, Dec 14, 2018 at 08:27:33AM -0800, Joe Perches wrote:
> On Fri, 2018-12-14 at 21:46 +0530, Himanshu Jha wrote:
> > On Fri, Dec 14, 2018 at 07:52:15AM -0800, Joe Perches wrote:
> > > On Fri, 2018-12-14 at 14:01 +0100, Jorge Ramirez-Ortiz wrote:
> > > > As per Documentation/process/submitting-patches, Co-developed-by is a
> > > > valid signature.
> > > >
> > > > This commit removes the warning.
> > >
> > > Your commit message doesn't match your subject.
> > >
> > > A couple variants have been documented and only
> > > one should actually be used.
> > >
> > > $ git grep -i co-developed-by Documentation/process/
> > > Documentation/process/5.Posting.rst: - Co-developed-by: states that the patch was also created by another developer
> > > Documentation/process/submitting-patches.rst:12) When to use Acked-by:, Cc:, and Co-Developed-by:
> > > Documentation/process/submitting-patches.rst:A Co-Developed-by: states that the patch was also created by another developer
> > >
> > > $ git log --grep="co-developed-by:" -i | \
> > > grep -ohiP "co-developed-by:" | sort | uniq -c | sort -rn
> > > 80 Co-developed-by:
> > > 40 Co-Developed-by:
> > >
> > > So which should it be?
> > >
> > > btw: I prefer neither as I think Signed-off-by: is sufficient.
> >
> > OK, but does multiple Signed-off-by: in the commits imply that
> > the patch was created by all those developers ?
> >
> > I don't think so, perhaps this was the reason to introduce
> > Co-developed-by: tag.
>
> Perhaps, but a sign-off is also a recognition that the
> patch was passed-through by individuals
Yes, Agreed!
> Effectively, there's no real difference.
>
> "Co-developed-by:" is just another word for "Authored-by:"
> where multiple "Authorship" is the thing being notated.
>
> Is it really important to specify things like 75% / 25%
> authorship crediting?
IDK how that ratio came up into this discussion ?
Anyway, I saw on IIO list that a bunch of students were involved
in driver cleaning with the help of developers from Analog Devices
Inc who intially wrote some code snippets.
And that authorship crediting for Analog Devices folks would be
helpful distinguishing that it was not just passed-through and rather
they spent their time on it.
> I don't really care about attribution so the concept is
> not particularly valuable to me.
Well, it might not be valuable to you but it is for others and I saw
one such example in the past during my project.
At least I do care about those developers who spent a considerable
time on IIO list guiding students aside from their mainline work.
FYI, IIO has already +1'd for "Co-developed-by:"
--
Himanshu Jha
Undergraduate Student
Department of Electronics & Communication
Guru Tegh Bahadur Institute of Technology
Powered by blists - more mailing lists