[apparmor] Signed-off-by: (was: Re: [patch] Fix a test name in test-signal.py)

Christian Boltz apparmor at cboltz.de
Thu Dec 17 21:39:27 UTC 2015 

Hello,

Am Donnerstag, 17. Dezember 2015 schrieb Tyler Hicks:
> Side question, how come these patches don't include a Signed-off-by?
> The idea behind code provenance (tracking who wrote a patch, who
> acked it, etc.) is that the author includes a "Developer's
> Certificate of Origin" by including an S-o-b:

Well, nobody asked for such a line before ;-) and the mail's From: line 
(and later the commiter in bzr) should be obvious [1]. Therefore if you 
receive a mail with a patch from me, you can assume I wrote it (unless 
indicated otherwise) and that I fulfill all conditions that would allow 
to add the Signed-off-by. 
In other words: feel free to s/From:/Signed-off-by/ in my mails ;-)

Another (IMHO more interesting) question is if we should recommend GPG 
signed mails for patches, ACKs and NAKs (to make things easier: for all 
mails). That's something that can't be faked easily and ensures the 
integrity of the patch and mail content. (As you can see in this mail, I 
have a GPG key and attended some keysigning parties ;-)

> It really isn't a big deal to me but it seems like something that all
> committers should be doing or that none of us should be doing. If you
> don't want to include an S-o-b, then lets define the process. If you
> don't mind, then that's even better. :)

I already have a script that creates a copy&paste-ready version of the 
patch and its description. If you insist on the Signed-off-by, it 
shouldn't be too hard to add that automatically. However, that looks 
like useless paperwork to me ;-)

Things are probably different when working on kernel patches, which get 
through more hands. I understand that people who (also) work on the 
kernel see it as self-evident to add the Signed-off-by. That doesn't 
hurt ;-) but I doubt we need it for the AppArmor userspace.


Regards,

Christian Boltz

PS: random sig!

[1] We could discuss about forged mail headers, but it's even easier
    to add a wrong Signed-off-by: in the mail body ;-)
-- 
/me thinks this gets silly. Can I have something written with at least
three signatures?
[Stephan Binner in https://bugzilla.novell.com/show_bug.cgi?id=300773]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20151217/5f906570/attachment.pgp>

More information about the AppArmor mailing list