Ok, so based on the condition [2], it means that during rebase on behalf of the Author/Commiter, it would be technically enough to add own sign off by person who perform the rebase, as the it would satisfy sboMe. But can you legally do that, that's the question. As if we can count singing CLA as "certification" of contribution under DCO - then it's perfect. чт, 22 мая 2025 г. в 19:46, Clark Boylan <cboylan@sapwetik.org>:
On Thu, May 22, 2025, at 8:00 AM, Clark Boylan wrote:
On Wed, May 21, 2025, at 11:22 PM, Dmitriy Rabotyagov wrote:
Well, I'd say we totally need to have a lawyer input here, as while (C) of DCO [1] does cover rebases, I am not completely sure if signing CLA is counted as meeting (A) of DCO.
As I read "by some other person who certified", as they should be having DCO as well. But I can easily assume that CLA may count here as well. We just need a clarification on such case, imo.
Top posting has made this response awkward, but I'm going to try my best.
I think the idea is that existing patchsets pushed under the CLA don't need to be updated simply to add the signed off by to the commit message. That said, once we start enforcing the signed off by lines in the commit message the Gerrit enforcement for new patchsets is going to check that the commit Author, Committer, and the person taking the Gerrit action all have signed off by lines [2].
To follow up on this, due to the way the boolean condition is formed with !sboAuthor && !sboCommitter && !sboMe in [2] we only need one of those to match a single signed off by line and then we're good according to the check. That behavior was intentionally added to Gerrit 16 years ago in this commit [3].
I believe that in most rebase situations the Author will remain the same, but if someone who isn't the Author is doing the rebase then they become Committer. This means to go from patchset N to patchset N+1 via a rebase of someone elses change Gerrit will require both individuals sign off. In those situations, the simplest thing is likely going to be having the Author do the rebase and add the signed off by themselves.
[1] https://developercertificate.org/
On Thu, 22 May 2025, 08:04 Goutham Pacha Ravi, <gouthampravi@gmail.com>
On Wed, May 21, 2025 at 10:20 PM Dmitriy Rabotyagov <noonedeadpunk@gmail.com> wrote:
If you're inclined to use the UI, you'll need to first edit the commit message, and add a "Signed-off-by" with your name and email, and then hit the "Rebase" button.
That is actually interesting point you raised. Correct me, but I
wrote: think this is an option, only if you are rebasing your own patch.
But what is the course of actions if a project maintainer wants or
needs to rebase the patch proposed by contributor who is not on in contact or does not really want (or can) to add sign off, but the patch is valid and valuable?
My understanding is that the original contributor adhered to the ICLA, and their contribution made prior to the DCO enforcement date is acceptable as is. Further edits are made by others and they must follow the DCO.
[2]
https://gerrit.googlesource.com/gerrit/+/refs/tags/v3.10.6/java/com/google/g...
[3] https://gerrit.googlesource.com/gerrit/+/007c4da18a9ef4e70c5bc57b285b4ba447d...