[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Process for cherry-picking patches from other projects

  • To: Julien Grall <julien@xxxxxxx>
  • From: George Dunlap <George.Dunlap@xxxxxxxxxx>
  • Date: Wed, 1 Jun 2022 13:24:03 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AjG9hrypZaAfzJEJFVUpDDNmNj+90uGx/mUfxj3Etvs=; b=ibCy6BThcQ7yWdtvy7lHl22qTtIfWLMdcgc+Ja5Dlja1u9naZ9qlyGwwIGONbwmWFICEBHfXIeeQMLYsKVuQ99/FH36vneaa3kIf2U8AFa2tVb1hqut1beKHMnPFLnRoF+7CAwbh5VNyJvMPGpFdKZo6cQhLK888z4Kbcix+Ej9MF7QEErTUlmvE1lZpIWglkeRnLwRCR9Pu3CpFjv7P/cDvqgxej7rviLyB+XujZSDEziMf9rVCWSqzZ0m83GH5b7uJ9yc4MR5oe3oGgw4wpl4X+aVG+A7PE4DENX9cao3ZuufNSi4dO/kh70j1v0sEzfqRPnf3GJMP6kAfHWm7rQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iUzG1EqbAGH6RJRa+tS8i5MYZIBm/OUCxRVPWIfzm4vCPj46aqouRc5X+U5yPMG8Fm4Jv9iLzcS6lMAnCcIut1fSCdUOgYnKuqenjKNUuUU0Br8P+yfQcYwmbxu0tbSTfBtpZ8/xR/Q9rFtIAbVOct2p6tYXbHFIcvoVuJaPX5OxhFkpCLyyab9JUALk2iFIO6IlvupdPZWcTGpAqegoqnZpPzVrVd+4OTOLyCTDAQIQnURNAuaBSYGXRXpvXni6PQaKInPhXQwt4/zssbDFBvglAUaCOG1htk9kzRuAb5XxJ8URxtyAeiJbiHe+Yy4yXTyIHzlp/0bMdtyJzeZajg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Delivery-date: Wed, 01 Jun 2022 13:24:43 +0000
  • Ironport-data: A9a23:SUME6aopfR85iB1JeE6PX7Oo36heBmKxZBIvgKrLsJaIsI4StFGz/ 9cnaN20SrzTNTykP5w0PZPnthk2DaWln4VqTQJu+C42E39H9pPJDI3Ff0r5bi6cdcCcQRM/t ZkTYdPJIp5pESeH9x3xPOK58HQihKvTTbGnVeOUYyp9SWeIJMtZZTdLwobV1aY00YjR73qxh O7PT+3j1H6N0mIsOTIZtv6Jo0Iyt/ijsWNH4gJgOPsW5lSCnSlOXcxOea3pI3XGGYQFReTSq 8QvbV2aEsE12z93V7tJR56iKhVirob6ZFTI0jwMM0SbqkAqShYai87XD9JBLxYO49m1t4opk o8V68TpEV1B0pDkw4zxbTEJS0mSAoUekFP3CSDXXRu7lhCun9PEmp2CPWluVWEq0r8f7VJmr JT0HAslfBGb799a9ZrgIgVaambPG+GwVG8XkikIITg0lp/KS7ibK0nBzYcwMDvdGqmitBsRD iYUQWMHUfjOX/FAEnY6K7QQnd6BvV2hSGZ4llC8tIYpvUGGmWSd0JC1WDbUUvqjYJwP22On/ CfB9Wm/BQwGPtuCzzbD6mirmuLEgSL8XsQVCaG88flpxlaUwwT/CjVPDQf9/ab/1BD4B4o3x 088o0LCqYAd+UuxQdS7cwC+pHeclhUdR8BRA6sx7wTlJq/8vF/IWTNeFGEphNoOpp5ufAI47 0WyovS4CwVVrO2OElaZz+LBxd+1EW1PRYMYXgcGUA8E7t/LsIw1yBXVQb5LC7Wph9f4HTXxx TGiryUkgbgXy8kR2M2T/1rKnjatrZjhVRMu60PcWWfNxhN0YsupapKl7XDf7O1cN8CJQ1+Zp n8GlsOCqucUAvmlliOXR/4WNKq0/PvDOzrZ6XZFEoM97T2r9ziGdJpJ/TBlDE5zN4APfjqBX aPIkQZY5ZsWOWTwa6ZyOti1E55ykfCmEsn5XPfJaNYIeoJ2aAKM4CBpYwiXwnzpl08v16o4P P93bPqRMJrTMow/pBLeegvX+eZyrszi7Qs/nazG8ik=
  • Ironport-hdrordr: A9a23:cfZaKavxwExEGpVd0P9Hqh3C7skC2oMji2hC6mlwRA09TyXGra 2TdaUgvyMc1gx7ZJh5o6H6BEGBKUmslqKdkrNhR4tKPTOW9VdASbsP0WKM+UyGJ8STzI9gPO JbAtBD4b7LfBRHZKTBkW+F+r8bqbHpnpxAx92utkuFJjsaCZ2Imj0JbjpzZXcGITWua6BYKL Osou584xawc3Ueacq2QlMfWfLYmtHNnJX6JTYbGh8O8mC1/H2VwY+/NyLd8gYVUjtJz7tn23 PCiRbF6qKqtOz+4gPA1lXU849dlLLau5p+7Y23+4gowwfX+0SVjbdaKvi/VfcO0aWSAWMR4Z rxStEbToNOAj3qDyeISFDWqnTdOX4VmgPfIBmj8DTeSIXCNUwHItsEioRDfhTD7U08+Nl6za JQxmqc84FaFBXagU3GlpD1v4EDrDvKnZMOq59ks5Vka/pWVFaRl/1swGpFVJMbWC7q4oEuF+ djSMna+fZNaFufK3TUpHNmztCgVmk6Wk7ueDlJhuWFlzxN2HxpxUoRw8IS2n8G6ZImUpFBo+ DJKL5hmr1CRtIfKah9GOACS82qDXGle2OGDEuCZVD8UK0XMXPErJD6pL0z+eGxYZQNiIA/nZ zQOWkowlLau3ieffFm8Kc7giwlGl/NLAgF4vsulKRRq/n7WKfhNzGFRRQnj9agys9vd/HmZw ==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHYZtZ1suK3TAKIFU2tuY9R7u+Tcq0jN1mAgADFIoCAAEpAAIAWYU6A
  • Thread-topic: Process for cherry-picking patches from other projects

> On 18 May 2022, at 08:38, Julien Grall <julien@xxxxxxx> wrote:
> 
> Hi Stefano,
> 
> On 18/05/2022 04:12, Stefano Stabellini wrote:
>> On Tue, 17 May 2022, Jan Beulich wrote:
>>> Hmm. The present rules written down in docs/process/sending-patches.pandoc
>>> are a result of me having been accused of unduly stripping S-o-b (and maybe
>>> a few other) tags. If that was for a real reason (and not just because of
>>> someone's taste), how could it ever be okay to remove S-o-b? (Personally I
>>> agree with what you propose, it just doesn't line up with that discussion
>>> we had not all that long ago.)
>> This is the meaning of the DCO: https://developercertificate.org
>> The relevant case is:
>> (b) The contribution is based upon previous work that, to the best
>>     of my knowledge, is covered under an appropriate open source
>>     license and I have the right under that license to submit that
>>     work with modifications, whether created in whole or in part
>>     by me, under the same open source license (unless I am
>>     permitted to submit under a different license), as indicated
>>     in the file; or
>> IANAL but I read this as to mean that only the submitter Signed-off-by
>> is required. Also consider that the code could come from a place where
>> Signed-off-by is not used. As long as the copyright checks out, then we
>> are OK.
> 
> I don't think I can write better than what Ian wrote back then:
> 
> "
> Please can we keep the Linux S-o-b.
> 
> Note that S-o-b is not a chain of *approval* (whose relevance to us is
> debateable) but but a chain of *custody and transmission* for
> copyright/licence/gdpr purposes.  That latter chain is hightly
> relevant to us.
> 
> All such S-o-b should be retained.
> 
> Of course if you got the patch somewhere other than the Linux commit,
> then the chain of custody doesn't pass through the Linux commit.  But
> in that case I expect you to be able to say where you got it.
> "

So the thread in question is "[PATCH 1/7] xz: add fall-through comments to a 
switch statement” [1].

This effectively turned into a policy discussion that happened on a random 
thread about compression algorithms.  It’s likely a lot of people who might 
have had opinions didn’t read the thread; that’s why I started a new thread, to 
make sure people knew there was a policy discussion going on.

I was on parental leave when this discussion happened.  Looking at the thread, 
I agree with the request of Julien to just C&P the whole Linux commit message: 
It just seems both simpler and more… fitting? Respectful? Something like that; 
and additionally it saves the reviewer having to think too much about whether 
the removed S-o-b’s were necessary.  It’s something that we should just do 
because it’s easy and generally better, particularly as we now have a way of 
indicating “above this line is *their* way of doing things, which may have 
useless data in it; below this line is *ours*.”

However, the justification Ian put forward in that thread — that "S-o-b is ...a 
chain of *custody and transmission* for copyright/licence/gdpr purposes” — must 
be incorrect.  If it were true, then when we import a file from another 
project, we would have to check in *the entire git log for that file up to that 
point*, including all patches.  After all, we need to know *for each line*, the 
copyright provenance — even having a massive list of all S-o-b’s from the 
history of the file wouldn’t be of any use if a copyright dispute actually came 
up.  I think that shows the absurdity of the position.

What we need to be able to do is, for each line of code, to be able to track 
down where it came from and who originally asserted that it was GPL, in the 
event of some sort of challenge.  As long as we have the the Linux commit at 
the point of import, we can track everything else down.  In fact, it will be 
much easier to track down from a Linux git commit than from anything checked 
into the commit message.

I’ll double check with LF legal on this, but I’m pretty sure having a “pointer” 
to where the code came from (either a git commit or a message-id) should be 
fine.

 -George

[1] 
https://patchwork.kernel.org/project/xen-devel/patch/0ed245fa-58a7-a5f6-b82e-48f9ed0b6970@xxxxxxxx/

Attachment: signature.asc
Description: Message signed with OpenPGP

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.