lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAPt3h3X0MKiNotU7=bQWzd=sxwu4pkuw3YOvFU9qw23xu8v6oA@mail.gmail.com>
Date:   Mon, 28 May 2018 13:31:56 +0800
From:   xin tan <tanxin0725@...il.com>
To:     linux-kernel@...r.kernel.org
Subject: Can I use 'signed -off-by' to define maintainers' workload?

Hi all,

I am a student from Peking University. I'm not sure if it's
appropriate to ask questions here. I have already tried other mailing
lists, but I got no reply. I am very sorry to bother all of you.

I am doing a research about the maintainers' workload in the Linux
kernel community. We all know that the commits submitted by the
developer will be reviewed layer by layer and eventually merged into
the main repository. Most commits have one or several signed-off-by
tags. The documentation from community about signed-off-by is
described as follows: The sign-off is a simple line at the end of the
explanation for the patch, which certifies that you wrote it or
otherwise have the right to pass it on as an open-source patch.
The documentation is very clear, which  means that only two types of
people can sign their name: 1. The author 2. The related maintainer. I
want to define the maintainer's workload by this tag. There are
several questions that I would like to consult you:

1) Do all the maintainers in the path from the author of the commits
to the mainline repository sign their name?

2) If the answer is yes, do the workload of subsystem maintainer and
the upper maintainer are the same in the code review? In other words,
whether is it possible that the first maintainer who merge the commits
submitted by the developer to its own repository spend a lot effort on
review? The upper maintainer is based on the trust of the lower layer
maintainer, and simply merges it into his/her own repository as long
as there is no compiling problem and also sign their name.

3) If the answer is no, why do some maintainers sign their names, and
some do not? Is it because these maintainers trust the lower layer
very much and feel that it is not necessary to review it?

4) Is there any special situation that leads to signing-off-by not
identifying all the maintainers in the path of the commits develiry?
For example, the upper maintainer does not trust the lower layer
maintainers, and he/she will contribute a new commits by himself
instead of passing by, so it will not record the maintainer of the
lower layer.
Or because this commit contains modification to several files and each
file has a specific maintainer, only one maintainer merged it to his
repository and signed his name.

In short, I would like to know how signed-off-by is used in the actual process.

I would be grateful if you could reply to me. Thank you again!

Best regards,
Xin Tan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ