Sign-off is a requirement for getting patches into the Linux kernel and a few other projects, but most projects don't actually use it.
It was introduced in the wake of the SCO lawsuit, (and other accusations of copyright infringement from SCO, most of which they never actually took to court), as a Developers Certificate of Origin. It is used to say that you certify that you have created the patch in question, or that you certify that to the best of your knowledge, it was created under an appropriate open-source license, or that it has been provided to you by someone else under those terms. This can help establish a chain of people who take responsibility for the copyright status of the code in question, to help ensure that copyrighted code not released under an appropriate free software (open source) license is not included in the kernel.
Add tests for the payment processor.
Signed-off-by: Humpty Dumpty <[email protected]>
[Project Maintainer: Renamed test methods according to naming convention.]
Signed-off-by: Project Maintainer <[email protected]>
Sign-off is a line at the end of the commit message which certifies who is the author of the commit.
Its main purpose is to improve tracking of who did what, especially with patches.
Example commit:
Add tests for the payment processor.
Signed-off-by: Humpty Dumpty <[email protected]>
It should contain the user real name if used for an open-source project.
If branch maintainer need to slightly modify patches in order to merge them, he could ask the submitter to rediff, but it would be counter-productive.
He can adjust the code and put his sign-off at the end so the original author still gets credit for the patch.
Add tests for the payment processor.
Signed-off-by: Humpty Dumpty <[email protected]>
[Project Maintainer: Renamed test methods according to naming convention.]
Signed-off-by: Project Maintainer <[email protected]>
TLDR; Typically certifies that committer has the rights to submit this work under the same license and agrees to a Developer Certificate of Origin (see http://developercertificate.org/ for more information).
Add Signed-off-by line by the committer at the end of the commit log message.
The meaning of a signoff depends on the project, but it typically certifies that committer has the rights to submit this work under the same license and agrees to a Developer Certificate of Origin (see https://developercertificate.org for more information).
Expand documentation describing --signoff
Modify various document (man page) files to explain in more detail what --signoff means.
The issue I have with DCO is that there adding a "-s" argument to git commit doesn't really mean you have even heard of the DCO (the git commit man page makes no mention of the DCO anywhere), never mind actually seen it.
So how can the presence of "signed-off-by" in any way imply the sender is agreeing to and committing to the DCO? Combined with fact I've seen replies on lists to patches without SOBs that say nothing more than "Resend this with signed-off-by so I can commit it".
Extending git's documentation will make it easier to argue that developers understood --signoff when they use it.
Note that this signoff is now (for Git 2.15.x/2.16, Q1 2018) available for git pull as well.
Move the section discussing the addition of a SOB trailer above the section that discusses generating the patch itself.
This makes sense as we don't want someone to go through the process of "git format-patch"(man), only to realize late that they should have used "git commit -s"(man) or equivalent.
Certify your work by adding your Signed-off-by trailer
To improve tracking of who did what, we ask you to certify that you
wrote the patch or have the right to pass it on under the same license
as ours, by "signing off" your patch. Without sign-off, we cannot
accept your patches.
If (and only if) you certify the below D-C-O:
[[dco]]
.Developer's Certificate of Origin 1.1
Note that GitHub can force you (since June 2022) to add signoff to your commit messages:
Organization owners and repository admins can now require developers to sign off on commits made through GitHub's web interface, such as when editing a file or merging a pull request.
Also, it is now easier for developers to complete a signoff in the web interface, resulting in fewer commits being blocked from merging and less time spent resolving blocked commits.
When the setting is enabled, the web interface will inform developers that their action of committing will also constitute signing off, as shown below.
Like using Git's --signoff option on the command line, signing off in the web interface will automatically append the Signed-off-by: text to the commit message.
mm: remove gup_flags FOLL_WRITE games from __get_user_pages()
This is an ancient bug that was actually attempted to be fixed once
(badly) by me eleven years ago in commit 4ceb5db9757a ("Fix
get_user_pages() race for write access") but that was then undone due to
problems on s390 by commit f33ea7f404e5 ("fix get_user_pages bug").
In the meantime, the s390 situation has long been fixed, and we can now
fix it by checking the pte_dirty() bit properly (and do it better). The
s390 dirty bit was implemented in abf09bed3cce ("s390/mm: implement
software dirty bits") which made it into v3.9. Earlier kernels will
have to look at the page state itself.
Also, the VM has become more scalable, and what used a purely
theoretical race back then has become easier to trigger.
To fix it, we introduce a new internal FOLL_COW flag to mark the "yes,
we already did a COW" rather than play racy games with FOLL_WRITE that
is very fundamental, and then use the pte dirty flag to validate that
the FOLL_COW flag is still valid.
Reported-and-tested-by: Phil "not Paul" Oester <[email protected]>
Acked-by: Hugh Dickins <[email protected]>
Reviewed-by: Michal Hocko <[email protected]>
Cc: Andy Lutomirski <[email protected]>
Cc: Kees Cook <[email protected]>
Cc: Oleg Nesterov <[email protected]>
Cc: Willy Tarreau <[email protected]>
Cc: Nick Piggin <[email protected]>
Cc: Greg Thelen <[email protected]>
Cc: [email protected]
Signed-off-by: Linus Torvalds <[email protected]>
There are some nice answers on this question. I’ll try to add a more
broad answer, namely about what these kinds of lines/headers/trailers
are about in current practice. Not so much about the sign-off header in
particular (it’s not the only one).
Headers or trailers (↑1) like “sign-off” (↑2) is, in current
practice in projects like Git and Linux, effectively structured metadata
for the commit. These are all appended to the end of the commit message,
after the “free form” (unstructured) part of the body of the message.
These are token–value (or key–value) pairs typically delimited by a
colon and a space (:␣).
Like I mentioned, “sign-off” is not the only trailer in current practice. See
for example this commit,
which has to do with “Dirty Cow”:
mm: remove gup_flags FOLL_WRITE games from __get_user_pages()
This is an ancient bug that was actually attempted to be fixed once
(badly) by me eleven years ago in commit 4ceb5db9757a ("Fix
get_user_pages() race for write access") but that was then undone due to
problems on s390 by commit f33ea7f404e5 ("fix get_user_pages bug").
In the meantime, the s390 situation has long been fixed, and we can now
fix it by checking the pte_dirty() bit properly (and do it better). The
s390 dirty bit was implemented in abf09bed3cce ("s390/mm: implement
software dirty bits") which made it into v3.9. Earlier kernels will
have to look at the page state itself.
Also, the VM has become more scalable, and what used a purely
theoretical race back then has become easier to trigger.
To fix it, we introduce a new internal FOLL_COW flag to mark the "yes,
we already did a COW" rather than play racy games with FOLL_WRITE that
is very fundamental, and then use the pte dirty flag to validate that
the FOLL_COW flag is still valid.
Reported-and-tested-by: Phil "not Paul" Oester <[email protected]>
Acked-by: Hugh Dickins <[email protected]>
Reviewed-by: Michal Hocko <[email protected]>
Cc: Andy Lutomirski <[email protected]>
Cc: Kees Cook <[email protected]>
Cc: Oleg Nesterov <[email protected]>
Cc: Willy Tarreau <[email protected]>
Cc: Nick Piggin <[email protected]>
Cc: Greg Thelen <[email protected]>
Cc: [email protected]
Signed-off-by: Linus Torvalds <[email protected]>
In addition to the “sign-off” trailer in the above, there is:
“Cc” (was notified about the patch)
“Acked-by” (acknowledged by the owner of the code, “looks good to me”)
“Reviewed-by” (reviewed)
“Reported-and-tested-by” (reported and tested the issue (I assume))
Other projects, like for example Gerrit, have their own headers and
associated meaning for them.
It is my impression that, although the initial motivation for this
particular metadata was some legal issues (judging by the other
answers), the practice of such metadata has progressed beyond just
dealing with the case of forming a chain of authorship.
[↑1]: man git-interpret-trailers
[↑2]: These are also sometimes called “s-o-b” (initials), it seems.
发布评论
评论(4)
签核是将补丁添加到 Linux 内核和其他一些项目中的必要条件,但大多数项目实际上并不使用它。
它是在SCO 诉讼之后引入的,(以及SCO 的其他侵犯版权的指控,其中大部分从未真正告上法庭),作为 开发者原产地证书。它用于表示您证明您已经创建了相关补丁,或者您证明据您所知,它是在适当的开源许可证下创建的,或者它是由某人提供给您的其他根据这些条款。这可以帮助建立一个对相关代码的版权状态负责的人员链,以帮助确保未在适当的自由软件(开源)许可证下发布的受版权保护的代码不包含在内核中。
Sign-off is a requirement for getting patches into the Linux kernel and a few other projects, but most projects don't actually use it.
It was introduced in the wake of the SCO lawsuit, (and other accusations of copyright infringement from SCO, most of which they never actually took to court), as a Developers Certificate of Origin. It is used to say that you certify that you have created the patch in question, or that you certify that to the best of your knowledge, it was created under an appropriate open-source license, or that it has been provided to you by someone else under those terms. This can help establish a chain of people who take responsibility for the copyright status of the code in question, to help ensure that copyrighted code not released under an appropriate free software (open source) license is not included in the kernel.
签核是提交消息末尾的一行,用于证明提交的作者是谁。
其主要目的是改进对谁做了什么的跟踪,尤其是补丁。
示例提交:
如果用于开源项目,则应包含用户真实姓名。
如果分支维护者需要稍微修改补丁以合并它们,他可以要求提交者重新比较,但这会适得其反。
他可以调整代码并将其签名放在最后,这样原始作者仍然可以获得补丁的功劳。
来源:http ://gerrit.googlecode.com/svn/documentation/2.0/user-signedoffby.html
Sign-off is a line at the end of the commit message which certifies who is the author of the commit.
Its main purpose is to improve tracking of who did what, especially with patches.
Example commit:
It should contain the user real name if used for an open-source project.
If branch maintainer need to slightly modify patches in order to merge them, he could ask the submitter to rediff, but it would be counter-productive.
He can adjust the code and put his sign-off at the end so the original author still gets credit for the patch.
Source: http://gerrit.googlecode.com/svn/documentation/2.0/user-signedoffby.html
太长了;通常证明提交者有权在同一许可证下提交此作品,并同意开发者原产地证书(请参阅http://developercertificate.org/ 了解更多信息)。
Git 2.7.1(2016 年 2 月)澄清了 commit b2c150d(2016 年 1 月 5 日) David A. Wheeler (
david-a-wheeler)。(由 Junio C Hamano --
gitster-- 合并于 提交 7aae9ba,2016 年 2 月 5 日)git commit手册页 现在包括:请注意,此签核现在(对于 Git 2.15.x/2.16,2018 年第一季度)也可用于
git pull。请参阅 提交 3a4d2c7(2017 年 10 月 12 日),作者:W.特雷弗·金 (
wking)。(由 Junio C Hamano --
gitster-- 合并于 提交fb4cd88,2017年11月6日)在 Git 2.33(2021 年第 3 季度)中,
SubmitingPatches文档进一步(重新)说明了signoff背后的意图:DCO (对于开源项目更喜欢 CLA)。请参阅提交f003a91,提交 4523dc8(2021 年 7 月 22 日),作者:Ævar Arnfjörð Bjarmason (<代码>avar)。
(由 Junio C Hamano --
gitster-- 合并于 提交 58705b4,2021 年 8 月 4 日)SubmittingPatches现在包含在其 手册页< /a>:请注意,GitHub 可以强制您(自 2022 年 6 月起)在提交消息中添加签名:
TLDR; Typically certifies that committer has the rights to submit this work under the same license and agrees to a Developer Certificate of Origin (see http://developercertificate.org/ for more information).
Git 2.7.1 (February 2016) clarifies that in commit b2c150d (05 Jan 2016) by David A. Wheeler (
david-a-wheeler).(Merged by Junio C Hamano --
gitster-- in commit 7aae9ba, 05 Feb 2016)git commitman page now includes:Note that this signoff is now (for Git 2.15.x/2.16, Q1 2018) available for
git pullas well.See commit 3a4d2c7 (12 Oct 2017) by W. Trevor King (
wking).(Merged by Junio C Hamano --
gitster-- in commit fb4cd88, 06 Nov 2017)With Git 2.33 (Q3 2021), the
SubmitingPatchesdocument further (re)illustrate the intent behindsignoff: DCO (prefered to CLAs for open-source projects).See commit f003a91, commit 4523dc8 (22 Jul 2021) by Ævar Arnfjörð Bjarmason (
avar).(Merged by Junio C Hamano --
gitster-- in commit 58705b4, 04 Aug 2021)SubmittingPatchesnow includes in its man page:Note that GitHub can force you (since June 2022) to add signoff to your commit messages:
关于这个问题有一些很好的答案。我会尝试添加更多
广泛的答案,即关于这些类型的台词/标题/预告片的内容
是关于目前的实践。与中的签核标题无关
特别的(这不是唯一的)。
标题或预告片 (↑1),如“签核”(↑2),在当前
在 Git 和 Linux 等项目中进行实践,有效结构化元数据
用于提交。这些都附加到提交消息的末尾,
在消息正文的“自由形式”(非结构化)部分之后。
这些是令牌-值(或键-值)对,通常由
冒号和空格 (
:␣)。就像我提到的,“签核”并不是当前实践中唯一的预告片。看
例如 此提交 ,
与“Dirty Cow”有关:
除了上面的“sign-off”预告片之外,还有:
其他项目,例如 Gerrit,有自己的标题和
对他们来说有相关的意义。
请参阅:https://git.wiki.kernel.org/index.php/CommitMessageConventions
这个故事的寓意
我的印象是,虽然这个故事的最初动机
特定的元数据是一些法律问题(从其他方面来看)
答案),此类元数据的实践已经超越了仅仅
处理形成作者链的情况。
[↑1]:
man git-interpret-trailers[↑2]:这些似乎有时也被称为“sob”(缩写)。
There are some nice answers on this question. I’ll try to add a more
broad answer, namely about what these kinds of lines/headers/trailers
are about in current practice. Not so much about the sign-off header in
particular (it’s not the only one).
Headers or trailers (↑1) like “sign-off” (↑2) is, in current
practice in projects like Git and Linux, effectively structured metadata
for the commit. These are all appended to the end of the commit message,
after the “free form” (unstructured) part of the body of the message.
These are token–value (or key–value) pairs typically delimited by a
colon and a space (
:␣).Like I mentioned, “sign-off” is not the only trailer in current practice. See
for example this commit,
which has to do with “Dirty Cow”:
In addition to the “sign-off” trailer in the above, there is:
Other projects, like for example Gerrit, have their own headers and
associated meaning for them.
See: https://git.wiki.kernel.org/index.php/CommitMessageConventions
Moral of the story
It is my impression that, although the initial motivation for this
particular metadata was some legal issues (judging by the other
answers), the practice of such metadata has progressed beyond just
dealing with the case of forming a chain of authorship.
[↑1]:
man git-interpret-trailers[↑2]: These are also sometimes called “s-o-b” (initials), it seems.