From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jordan.l.justen@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.43; helo=mga05.intel.com;
 envelope-from=jordan.l.justen@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 4DF2822361E5C
 for <edk2-devel@lists.01.org>; Thu,  8 Feb 2018 00:26:44 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga004.fm.intel.com ([10.253.24.48])
 by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 08 Feb 2018 00:32:29 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.46,477,1511856000"; d="scan'208";a="28360031"
Received: from nvashis-mobl.amr.corp.intel.com (HELO localhost)
 ([10.254.187.252])
 by fmsmga004.fm.intel.com with ESMTP; 08 Feb 2018 00:32:28 -0800
MIME-Version: 1.0
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 Laszlo Ersek <lersek@redhat.com>
Message-ID: <151807874262.22216.16754691005585782342@jljusten-skl>
From: Jordan Justen <jordan.l.justen@intel.com>
In-Reply-To: <CAKv+Gu-=wT6biPaFMnWXviMOU4KQiYjb5v8LEMZq6gDP=aOiZg@mail.gmail.com>
Cc: "Kinney, Michael D" <michael.d.kinney@intel.com>,
 "edk2-devel@lists.01.org" <edk2-devel@lists.01.org>,
 Sean Brogan <sean.brogan@microsoft.com>, "Yao, Jiewen" <jiewen.yao@intel.com>
References: <20180207225822.28876-1-michael.d.kinney@intel.com>
 <20180207225822.28876-6-michael.d.kinney@intel.com>
 <db439361-57ad-89b0-4457-80daefc623c0@redhat.com>
 <E92EE9817A31E24EB0585FDF735412F5B8963E8B@ORSMSX113.amr.corp.intel.com>
 <e047caf2-1a20-c71c-e509-bdd6a91af174@redhat.com>
 <CAKv+Gu-=wT6biPaFMnWXviMOU4KQiYjb5v8LEMZq6gDP=aOiZg@mail.gmail.com>
User-Agent: alot/0.6
Date: Thu, 08 Feb 2018 00:32:28 -0800
Subject: Re: [Patch 05/10] OvmfPkg: Add SafeIntLib and BmpSupportLib to DSC files
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Feb 2018 08:26:45 -0000
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

On 2018-02-07 23:43:44, Ard Biesheuvel wrote:
> On 8 February 2018 at 01:35, Laszlo Ersek <lersek@redhat.com> wrote:
> > On 02/08/18 00:48, Kinney, Michael D wrote:
> >> Laszlo,
> >>
> >> The BmpSupportLib content was from contributions from
> >> a capsule related branch.  However, the BmpSupportLib
> >> can be used for UX capsules as well as other places that
> >> conversions between BMP and GOP BLT buffers are needed,
> >> so it is a more generic feature.  The SafeIntLib was also
> >> based on content from the same capsule related branch but
> >> also has uses other than capsules.
> >>
> >> Yes.  I need to add Signed-off-by for Sean.
> =

> I will note once again that our signed off by deviates from other
> usage in the industry.
> =

> Usually, a sign off is not an assertion of authorship. It means that
> the submitter is able to submit the code under the license that covers
> it.
> =

> In our case, it means authorship,

From=20"TianoCore Contribution Agreement 1.1":

  "You" or "Contributor" shall mean the copyright owner or legal
  entity authorized by the copyright owner that is making a
  Contribution hereunder.

For reference, the kernel DCO:

https://www.kernel.org/doc/html/latest/process/submitting-patches.html#deve=
loper-s-certificate-of-origin-1-1

Maybe the kernel does make it clearer in some ways, but I don't think
it has to be the actual author for EDK II.

One argument for following the kernel process might be that more
people that work on open source are familiar with it.

> which is why we as
> reviewers/maintainers add 'reviewed-by' not 'signed-off-by' like we do
> in the linux kernel.

Maybe this is more about the fact that sub-systems don't do pull
requests in EDK II, but just push the changes directly?

> So what if I want to merge code that is available under a suitable
> license, but the author is not available to give his sign off, or
> there are many (hundreds) of authors etc etc? The whole point of open
> source licensing is that we don't *need* the explicit sign off of the
> authors, because the license tells us what we can and cannot do with
> the code.
> =

> I guess this is also related to the DCO vs contributed-under tags, but
> in general, I think adding the sign off of people who are not involved
> in the actual upstreaming of the code is wrong, and it is perfectly
> fine for the author not to be in a s-o-b line.

It does seem like it would be preferable (or simpler?) for the author
to publicly note that they wrote it and give their Signed-off-by under
the contribution agreement.

Given the wording from the contribution agreement, it appears that it
would also be fine to just use Mike's Signed-off-by if he is
authorized to contribute the code even though he didn't author it.

-Jordan