logo
Published on KernelTrap (http://kerneltrap.org)

Linux: Clarifying the Developer's Certificate of Origin

By Jeremy
Created Jun 14 2005 - 08:00

Following SCO's allegations regarding the origination of some source code files comprising the Linux Kernel, in May of 2004 Linux creator Linus Torvalds implemented a simple method for tracking how patches reach the source tree [story [1]]. The simple system was further refined in the following months [story [2]], and has become second nature to most kernel developers. However, a recent debate [3] on the lkml [4] illustrated the fact that nothing is simple, in this case with concerns that archiving someone else's email address in the "Signed-off-by:" line could violate the UK's Data Protection Act [5].

Alan Cox [interview [6]] suggested that to solve for this concern, the DCO, or Developer's Certificate of Origin [7], be updated to explicitly give permission to include an email address when archiving patch information. Linus agreed, "yes, I'll update the SubmittingPatches [documentation file] to state explicitly that the sign-off is a public record." Alan pointed out that adding a comment to the file alone is not enough, but that the new wording needs to be part of the DCO, "you have to -actively- agree to the DCO to submit a change, and that is what makes it work (whether you put something in submitting patches or not that is more explanatory)." Again, Linus agreed, "I'll also run it past the OSDL lawyer, and if others were to run it past their lawyers, that would be good." Once approved, the update will become version 1.1 of the DCO.


From: Alan Cox [8] [email blocked]
Subject: Re: When we detect that a 16550 was in fact part of a NatSemi SuperIO chip
Date: Sun, 22 May 2005 22:16:54 +0100

> So, regretfully, this leaves me with the only option but to ignore
> David via all forms of communication until the reason for deference
> is resolved - namely the completion of OSDLs investigation.

Would a few people mind growing up ?

Let me make the obvious little point that nobody has it seems bothered
to notice. Dwmw2 asked you to not mangle his headers. Whatever the data
protection legislation covers is open to some debate but he has clearly
giving you permission to include them unmangled. End of debate both in
DP law and by estoppel.

There is also a really simple and trivial way to deal with data
protection questions in this case with complete clarity, without
tantrums and without an army of lawyers - that is to follow the whole
point and goal of such systems.

Take the existing OSDL statement which must be attached to all
submissions by reference or directly and update it to include

"A public record of contributions is kept which includes the name and
email address of each contributor. By contributing to the kernel project
I accept that my email address provided will be part of that public
record."

and the problem goes away.

I think this change is worth making anyway, perceived privacy is an ever
growing issue of importance in our surveillance and database society
worldwide.

Alan

From: Linus Torvalds [email blocked]
Subject: Re: When we detect that a 16550 was in fact part of a NatSemi SuperIO chip
Date: Sun, 22 May 2005 14:50:27 -0700 (PDT)

On Sun, 22 May 2005, Alan Cox wrote:
>
> Take the existing OSDL statement which must be attached to all
> submissions by reference or directly and update it to include

You mean DCO, not OSDL ("Developer's Certificate of Origin").

And yes, I'll update the SubmittingPatches to state explicitly that the
sign-off is a public record.

> "A public record of contributions is kept which includes the name and
> email address of each contributor. By contributing to the kernel project
> I accept that my email address provided will be part of that public
> record."

Note that we've never _required_ that the sign-off has an email address
per se. I much much prefer people to have them, because the sign-off lines
really have been very useful when we've had issues with some patch
(several times I've just been able to send a directed email to everybody
involved), but I don't actually want this to be a requirement. After all,
10 years goes by, and many people will end up having different email
addresses anyway.

So I'll just update the documentation that explains the DCO to say
something like this, and not make it part of the official DCO itself.
After all, all we really want the sign-off to signify is that you've been
involved and have the right to pass changes on - the fact that the end
result is public is really a different issue.

So how about just something like the appended? Along with making a very
public announcement on linux-kernel for the next kernel release (rather
than this discussion that is taking place under a fairly obscure subject),
that should make sure that people are aware of the fact that the thing
isn't exactly private.

(I think everybody realized that anyway, since a private sign-off would be
totally pointless, but hey, let's make things as explicit as possible).

Linus

----
diff --git a/Documentation/SubmittingPatches b/Documentation/SubmittingPatches
--- a/Documentation/SubmittingPatches
+++ b/Documentation/SubmittingPatches
@@ -299,6 +299,16 @@ Some people also put extra tags at the e
now, but you can do this to mark internal company procedures or just
point out some special detail about the sign-off.

+PRIVACY NOTE! This sign-off - with full name and preferably email
+address - is for obvious reasons going to be very publicly archived with
+the kernel, and as such we are _not_ going to keep these things private.
+
+If you want to use a special email address for sign-off procedures for
+this reason, feel free to do that, but since the email address ends up
+being very useful if it turns out that the patch had a bug, we really do
+prefer an active and live email address. We encourage people to use
+spamassassin etc tools to fight spam.
+

-----------------------------------
SECTION 2 - HINTS, TIPS, AND TRICKS

From: Alan Cox [9] [email blocked]
Subject: Re: When we detect that a 16550 was in fact part of a NatSemi SuperIO chip
Date: Sun, 22 May 2005 23:22:35 +0100

On Sul, 2005-05-22 at 22:50, Linus Torvalds wrote:
> You mean DCO, not OSDL ("Developer's Certificate of Origin").
>
> And yes, I'll update the SubmittingPatches to state explicitly that the
> sign-off is a public record.

The DCO yes.

> So how about just something like the appended? Along with making a very
> public announcement on linux-kernel for the next kernel release (rather
> than this discussion that is taking place under a fairly obscure subject),
> that should make sure that people are aware of the fact that the thing
> isn't exactly private.

It actually doesn't help. EU privacy law rather sensibly is "opt-in".
Putting the statement in the DCO, which is a document and submission
agreement works because you have to agree to it, putting it in a
document is probably not "opt-in".

You have to -actively- agree to the DCO to submit a change, and that is
what makes it work (whether you put something in submitting patches or
not that is more explanatory).

From: Linus Torvalds [email blocked]
Subject: Re: When we detect that a 16550 was in fact part of a NatSemi SuperIO chip
Date: Sun, 22 May 2005 15:40:24 -0700 (PDT)

On Sun, 22 May 2005, Alan Cox wrote:
>
> You have to -actively- agree to the DCO to submit a change, and that is
> what makes it work (whether you put something in submitting patches or
> not that is more explanatory).

Ok, that would imply that we'll need to bump the version to 1.1 or
something. So how about something like this? I'll also run it past the
OSDL lawyer, and if others were to run it past their lawyers, that would
be good.

I can't imagine that this change really would upset anybody, but hey,
let's double- and triple-check before I commit something like this.. As
mentioned, I think everybody is _very_ aware that Linux is a public
project, and I can't imagine that there are kernel developers who haven't
seen the changelogs we keep, so this feels a bit unnecessary, but let's
be careful..

Linus

----
diff --git a/Documentation/SubmittingPatches b/Documentation/SubmittingPatches
--- a/Documentation/SubmittingPatches
+++ b/Documentation/SubmittingPatches
@@ -271,7 +271,7 @@ patch, which certifies that you wrote it
pass it on as a open-source patch. The rules are pretty simple: if you
can certify the below:

- Developer's Certificate of Origin 1.0
+ Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

@@ -291,6 +291,11 @@ can certify the below:
person who certified (a), (b) or (c) and I have not modified
it.

+ (d) I understand that the project is public, and that a record is
+ kept of not just my submission but also of my sign-off,
+ including whatever personal information (eg email address)
+ that I include in the submission.
+
then you just add a line saying

Signed-off-by: Random J Developer [email blocked]

From: Alan Cox [10] [email blocked]
Subject: Re: When we detect that a 16550 was in fact part of a NatSemi SuperIO chip
Date: Sun, 22 May 2005 23:43:42 +0100

On Sul, 2005-05-22 at 23:40, Linus Torvalds wrote:
> + (d) I understand that the project is public, and that a record is

I'd s/a record/a public record/ in the interests of clarity, but see
what the lawyers say. Otherwise looks good.

Alan

"In my paradise the streets are paved with lawyers"
Anon.

From: Willy Tarreau [email blocked]
Subject: Re: When we detect that a 16550 was in fact part of a NatSemi SuperIO chip
Date: Mon, 23 May 2005 06:09:05 +0200

Linus,

On Sun, May 22, 2005 at 03:40:24PM -0700, Linus Torvalds wrote:
(...)
> - Developer's Certificate of Origin 1.0
> + Developer's Certificate of Origin 1.1
(...)
> then you just add a line saying
>
> Signed-off-by: Random J Developer [email blocked]

Why not change this slightly to something like :

DCO-1.1-Signed-off-by: Random J Developer [email blocked]

which would imply that this person has read (and agreed with) version 1.1 ?

Willy

From: Linus Torvalds [email blocked]
Subject: Re: When we detect that a 16550 was in fact part of a NatSemi SuperIO chip
Date: Mon, 23 May 2005 07:27:56 -0700 (PDT)

On Mon, 23 May 2005, Willy Tarreau wrote:
>
> Why not change this slightly to something like :
>
> DCO-1.1-Signed-off-by: Random J Developer [email blocked]
>
> which would imply that this person has read (and agreed with) version 1.1 ?

This is one reason I wanted to avoid the 1.0->1.1 change.

I think that if somebody really cares about the version, the above is
certainly acceptable.

In general, I'd personally not use it, and it seems pointless. If we make
some _real_ changes to the DCO that really matter rather than the 1.0->1.1
thing that I'd consider "obvious clarifications", we'll probably have to
change the sign-off.

As it is, I think we should just make the change very public and let
people know about it, and go with it, because quite frankly, even if
somebody claims that they didn't know about the new version of the DCO,
he'd have to be crazy to claim that he didn't know Linux was public and
that the resulting sign-off is public too, so I see it as a "comfort
level" thing, not anything fundamental.

(And note that even the "comfort level" is not for the people doing the
sign-off, but for the person _receiving_ the sign-off).

Linus


Related Links:

Source URL:
http://kerneltrap.org/node/5277

Links:
[1] http://kerneltrap.org/node/3180
[2] http://kerneltrap.org/node/3929
[3] http://kerneltrap.org/mailarchive/1/message/69318/flat
[4] http://tux.org/lkml/
[5] http://www.informationcommissioner.gov.uk/eventual.aspx?id=34
[6] http://kerneltrap.org/node/9
[7] http://kerneltrap.org/files/Jeremy/DCO.txt
[8] http://kerneltrap.org/node/view/9
[9] http://kerneltrap.org/node/view/9
[10] http://kerneltrap.org/node/view/9
[11] http://kerneltrap.org/mailarchive/1/message/69318/flat
[12] http://kerneltrap.org/node/view/2
[13] http://kerneltrap.org/node/view/9