[PATCH] doc: clarify distinction between sign-off and pgp-signing

[PATCH] doc: clarify distinction between sign-off and pgp-signing

[cornelius.weig]

From: Cornelius Weig <cornelius.weig@tngtech.com>

The documentation for submission discourages pgp-signing, but demands
a proper sign-off by contributors. However, when skimming the headings,
the wording of the section for sign-off could mistakenly be understood
as concerning pgp-signing. Thus, new contributors could oversee the
necessary sign-off.

This commit improves the wording such that the section about sign-off
cannot be misunderstood as pgp-signing. In addition, the paragraph about
pgp-signing is changed such that it avoids the impression that
pgp-signing could be relevant at later stages of the submission.

Signed-off-by: Cornelius Weig <cornelius.weig@tngtech.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Signed-off-by: Philip Oakley <philipoakley@iee.org>
Signed-off-by: Stefan Beller <sbeller@google.com>
---

Notes:
    This patch summarizes the suggested changes.
    
    As I don't know what is appropriate, I took the liberty to add everybody's
    sign-off who was involved in the discussion in alphabetic order.

 Documentation/SubmittingPatches | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/Documentation/SubmittingPatches b/Documentation/SubmittingPatches
index 08352de..3faf7eb 100644
--- a/Documentation/SubmittingPatches
+++ b/Documentation/SubmittingPatches
@@ -216,12 +216,11 @@ that it will be postponed.
 Exception:  If your mailer is mangling patches then someone may ask
 you to re-send them using MIME, that is OK.
 
-Do not PGP sign your patch, at least for now.  Most likely, your
-maintainer or other people on the list would not have your PGP
-key and would not bother obtaining it anyway.  Your patch is not
-judged by who you are; a good patch from an unknown origin has a
-far better chance of being accepted than a patch from a known,
-respected origin that is done poorly or does incorrect things.
+Do not PGP sign your patch. Most likely, your maintainer or other people on the
+list would not have your PGP key and would not bother obtaining it anyway.
+Your patch is not judged by who you are; a good patch from an unknown origin
+has a far better chance of being accepted than a patch from a known, respected
+origin that is done poorly or does incorrect things.
 
 If you really really really really want to do a PGP signed
 patch, format it as "multipart/signed", not a text/plain message
@@ -246,7 +245,7 @@ patch.
      *2* The mailing list: git@vger.kernel.org
 
 
-(5) Sign your work
+(5) Certify your work by adding your "Signed-off-by: " line
 
 To improve tracking of who did what, we've borrowed the
 "sign-off" procedure from the Linux kernel project on patches
-- 
2.10.2

Re: [PATCH] doc: clarify distinction between sign-off and pgp-signing

[Cornelius Weig]

Sorry, I forgot to mark this patch as follow-up to message
<xmqq60l01jr9.fsf@gitster.mtv.corp.google.com>

Re: [PATCH] doc: clarify distinction between sign-off and pgp-signing

[Junio C Hamano]

Cornelius Weig <cornelius.weig@tngtech.com> writes:

> Sorry, I forgot to mark this patch as follow-up to message
> <xmqq60l01jr9.fsf@gitster.mtv.corp.google.com>

I appreciate that you are very considerate, but in practice, if you
do not have too many topics in flight and your response time is less
than 48 hours, we can tell which new message is about which older
discussion thread.  Don't worry about it too much.

Thanks.

Re: [PATCH] doc: clarify distinction between sign-off and pgp-signing

[Stefan Beller]

On Fri, Jan 27, 2017 at 12:01 PM,  <cornelius.weig@tngtech.com> wrote:
> From: Cornelius Weig <cornelius.weig@tngtech.com>
>
> The documentation for submission discourages pgp-signing, but demands
> a proper sign-off by contributors. However, when skimming the headings,
> the wording of the section for sign-off could mistakenly be understood
> as concerning pgp-signing. Thus, new contributors could oversee the
> necessary sign-off.
>
> This commit improves the wording such that the section about sign-off
> cannot be misunderstood as pgp-signing. In addition, the paragraph about
> pgp-signing is changed such that it avoids the impression that
> pgp-signing could be relevant at later stages of the submission.
>
> Signed-off-by: Cornelius Weig <cornelius.weig@tngtech.com>
> Signed-off-by: Junio C Hamano <gitster@pobox.com>
> Signed-off-by: Philip Oakley <philipoakley@iee.org>
> Signed-off-by: Stefan Beller <sbeller@google.com>
> ---
>
> Notes:
>     This patch summarizes the suggested changes.
>
>     As I don't know what is appropriate, I took the liberty to add everybody's
>     sign-off who was involved in the discussion in alphabetic order.

Heh, my first though was to conclude you haven't read the
sign off part, yet apart from the changed header.
/me goes back and actually reads the DCO again.
And actually these sign offs were there in other patches in this area,
so you'd claim (a) that yours was just created partly by you and having
other patches that were also signed off (b), whose sign offs you
merely copy over to here.

And then after reading I realized I slightly confused the signing
myself as the sign offs are also used to track the flow of a patch.
These sign offs suggest that you made the patch initially, then
passed it to Junio, then to Philip and then to me.
And Junio will sign it again when applying the patch.

So maybe s/signed-off-by/helped-by/?

The patch with the aggregation looks good to me.

Thanks,
Stefan

>
>  Documentation/SubmittingPatches | 13 ++++++-------
>  1 file changed, 6 insertions(+), 7 deletions(-)
>
> diff --git a/Documentation/SubmittingPatches b/Documentation/SubmittingPatches
> index 08352de..3faf7eb 100644
> --- a/Documentation/SubmittingPatches
> +++ b/Documentation/SubmittingPatches
> @@ -216,12 +216,11 @@ that it will be postponed.
>  Exception:  If your mailer is mangling patches then someone may ask
>  you to re-send them using MIME, that is OK.
>
> -Do not PGP sign your patch, at least for now.  Most likely, your
> -maintainer or other people on the list would not have your PGP
> -key and would not bother obtaining it anyway.  Your patch is not
> -judged by who you are; a good patch from an unknown origin has a
> -far better chance of being accepted than a patch from a known,
> -respected origin that is done poorly or does incorrect things.
> +Do not PGP sign your patch. Most likely, your maintainer or other people on the
> +list would not have your PGP key and would not bother obtaining it anyway.
> +Your patch is not judged by who you are; a good patch from an unknown origin
> +has a far better chance of being accepted than a patch from a known, respected
> +origin that is done poorly or does incorrect things.
>
>  If you really really really really want to do a PGP signed
>  patch, format it as "multipart/signed", not a text/plain message
> @@ -246,7 +245,7 @@ patch.
>       *2* The mailing list: git@vger.kernel.org
>
>
> -(5) Sign your work
> +(5) Certify your work by adding your "Signed-off-by: " line
>
>  To improve tracking of who did what, we've borrowed the
>  "sign-off" procedure from the Linux kernel project on patches
> --
> 2.10.2
>

Re: [PATCH] doc: clarify distinction between sign-off and pgp-signing

[Cornelius Weig]

> 
> So maybe s/signed-off-by/helped-by/?
> 

This is getting real complex :-/

As I said in the notes for the patch:

>>     As I don't know what is appropriate, I took the liberty to add everybody's
>>     sign-off who was involved in the discussion in alphabetic order.

With your explanation, I guess the most accurate sign-off chain would be:

Signed-off-by: Stefan Beller <sbeller@google.com> (as you sent a patch)
Helped-by: Philip Oakley <philipoakley@iee.org> (no patch, but helpful)
Signed-off-by: Cornelius Weig <cornelius.weig@tngtech.com> (this patch)
Signed-off-by: Junio C Hamano <gitster@pobox.com> (once he decides it's good)

Re: [PATCH] doc: clarify distinction between sign-off and pgp-signing

[Stefan Beller]

On Fri, Jan 27, 2017 at 12:48 PM, Cornelius Weig
<cornelius.weig@tngtech.com> wrote:
>>
>> So maybe s/signed-off-by/helped-by/?
>>
>
> This is getting real complex :-/

uh; sorry for that. I do not mind the patch as posted,
just in case you reroll for another reason, this is worth thinking about.

In fact, as said before I like that patch.

>
> As I said in the notes for the patch:
>
>>>     As I don't know what is appropriate, I took the liberty to add everybody's
>>>     sign-off who was involved in the discussion in alphabetic order.
>
> With your explanation, I guess the most accurate sign-off chain would be:
>
> Signed-off-by: Stefan Beller <sbeller@google.com> (as you sent a patch)

...and here we could continue arguing. ;)
Is the patch I sent note-worthy enough to be deriving work from?
My gut reaction would be "no".

> Helped-by: Philip Oakley <philipoakley@iee.org> (no patch, but helpful)
> Signed-off-by: Cornelius Weig <cornelius.weig@tngtech.com> (this patch)
> Signed-off-by: Junio C Hamano <gitster@pobox.com> (once he decides it's good)

Re: [PATCH] doc: clarify distinction between sign-off and pgp-signing

[Philip Oakley]

From: "Stefan Beller" <sbeller@google.com>
> On Fri, Jan 27, 2017 at 12:01 PM,  <cornelius.weig@tngtech.com> wrote:
>> From: Cornelius Weig <cornelius.weig@tngtech.com>
>>
>> The documentation for submission discourages pgp-signing, but demands
>> a proper sign-off by contributors. However, when skimming the headings,
>> the wording of the section for sign-off could mistakenly be understood
>> as concerning pgp-signing. Thus, new contributors could oversee the
>> necessary sign-off.
>>
>> This commit improves the wording such that the section about sign-off
>> cannot be misunderstood as pgp-signing. In addition, the paragraph about
>> pgp-signing is changed such that it avoids the impression that
>> pgp-signing could be relevant at later stages of the submission.
>>
>> Signed-off-by: Cornelius Weig <cornelius.weig@tngtech.com>
>> Signed-off-by: Junio C Hamano <gitster@pobox.com>
>> Signed-off-by: Philip Oakley <philipoakley@iee.org>
>> Signed-off-by: Stefan Beller <sbeller@google.com>
>> ---
>>
>> Notes:
>>     This patch summarizes the suggested changes.
>>
>>     As I don't know what is appropriate, I took the liberty to add 
>> everybody's
>>     sign-off who was involved in the discussion in alphabetic order.
>
> Heh, my first though was to conclude you haven't read the
> sign off part, yet apart from the changed header.
> /me goes back and actually reads the DCO again.
> And actually these sign offs were there in other patches in this area,
> so you'd claim (a) that yours was just created partly by you and having
> other patches that were also signed off (b), whose sign offs you
> merely copy over to here.
>
> And then after reading I realized I slightly confused the signing
> myself as the sign offs are also used to track the flow of a patch.
> These sign offs suggest that you made the patch initially, then
> passed it to Junio, then to Philip and then to me.
> And Junio will sign it again when applying the patch.
>
> So maybe s/signed-off-by/helped-by/?

Helped-by: Philip Oakley <philipoakley@iee.org>

is sufficient for me (if that).
>
> The patch with the aggregation looks good to me.
>
> Thanks,
> Stefan
>
>>
>>  Documentation/SubmittingPatches | 13 ++++++-------
>>  1 file changed, 6 insertions(+), 7 deletions(-)
>>
>> diff --git a/Documentation/SubmittingPatches 
>> b/Documentation/SubmittingPatches
>> index 08352de..3faf7eb 100644
>> --- a/Documentation/SubmittingPatches
>> +++ b/Documentation/SubmittingPatches
>> @@ -216,12 +216,11 @@ that it will be postponed.
>>  Exception:  If your mailer is mangling patches then someone may ask
>>  you to re-send them using MIME, that is OK.
>>
>> -Do not PGP sign your patch, at least for now.  Most likely, your
>> -maintainer or other people on the list would not have your PGP
>> -key and would not bother obtaining it anyway.  Your patch is not
>> -judged by who you are; a good patch from an unknown origin has a
>> -far better chance of being accepted than a patch from a known,
>> -respected origin that is done poorly or does incorrect things.
>> +Do not PGP sign your patch. Most likely, your maintainer or other people 
>> on the
>> +list would not have your PGP key and would not bother obtaining it 
>> anyway.
>> +Your patch is not judged by who you are; a good patch from an unknown 
>> origin
>> +has a far better chance of being accepted than a patch from a known, 
>> respected
>> +origin that is done poorly or does incorrect things.
>>
>>  If you really really really really want to do a PGP signed
>>  patch, format it as "multipart/signed", not a text/plain message
>> @@ -246,7 +245,7 @@ patch.
>>       *2* The mailing list: git@vger.kernel.org
>>
>>
>> -(5) Sign your work
>> +(5) Certify your work by adding your "Signed-off-by: " line
>>
>>  To improve tracking of who did what, we've borrowed the
>>  "sign-off" procedure from the Linux kernel project on patches
>> --
>> 2.10.2
>>
>