Open Source Asked on August 28, 2021
This is a full copy from https://stackoverflow.com/questions/62969381/is-it-in-line-with-the-dco-that-a-github-sign-off-needs-and-publishes-full-name
########
Coming from Stack Overflow where a pseudo name is normal and enough, a github beginner like me does not expect to have to sign-off a git pull request with the full name and kind of full-name-email being published. Going over to github, I simply do not expect more than what Stack Overflow is asking for. I thought the other contributors on github just chose willingly to sign with their full names and respective e-mails, and I was astonished to see my personal mail being published.
The tasks you follow to do the pull request on github (not from the DCO, this was just a helping comment):
You need sign-off your PR with your email address. Below are steps to
sign-off a commit. At first, you need configure your git with user
name and email:git config --global user.name "FIRST_NAME LAST_NAME"
git config --global user.email "[email protected]"
Next rungit push --force-with-lease origin YOURBRANCHNAME
I have read the DCO Developer Certificate of Origin now in the github version https://github.com/apps/dco and in the original version https://developercertificate.org/.
The github version asks for more than the original DCO, in my opinion.
It requires all commit messages to contain the Signed-off-by line with an email address that matches the commit author.
further below…
Contributors sign-off that they adhere to these requirements by adding a Signed-off-by line to commit messages.
This is my commit messageSigned-off-by: Random J Developer [email protected]
Here you could already discuss if "Random J Developer" has to be the full name or just a pseudo name, and also whether the name (or pseudo name respectively) should be part of the mail. The original DCO speaks just generally of the personal information in the sign-off:
I understand and agree that this project and the contribution are
public and that a record of the contribution (including all personal
information I submit with it, including my sign-off) is maintained
indefinitely and may be redistributed consistent with this project or
the open source license(s) involved.
In its intro, the github DCO mentions the email that "matches the commit author" as the core of the personal information, and later adds the name in the example. This "matches the commit author" is already a stricter requirement than the original DCO is asking for, thus this requirement could already be questioned. From the original DCO I read the option to put your full name and full name email, but not the need to do so, as the github user name and a mail that includes the github author name would be personal information enough to identify you as well, which is the main requirement. From the github DCO I read the wish that you put your full name, but it is only in the example, not in the text, and I could also go around that now by putting my github username and an email that does not show my full name but includes my github name, and still following the DCO, as I read it.
My final question after this long explanation:
Is the github DCO requirement of full name and an "email address that matches the commit author" in line with the official DCO? Or does it ask too much, and a pseudo name + email using that pseudo name would be already enough? Or as a third option, would a pseudo name + email not using any pseudo or full name already be enough?
p.s.:
To anyone of github reading this. If publishing the full name and respective email is really needed, I simply would like to be informed about this when doing my first pull request, because few people will read the DCO before starting.
Some projects such as Linux ask for the DCO to be signed in order to do due diligence, and ultimately to protect downstream users. The DCO does not forbid projects from establishing individual processes, such as requiring that it's clearly the committer who has signed off on the commit and to have a clear means of contact later.
This has nothing to do with GitHub, as far as I can see. Projects on GitHub are not required to have a DCO, and most do not. The DCO integration that's available on GitHub is just a third party app or bot to automate part of this workflow, if a project chooses to use it.
Stack Overflow has it's own standards for contributions, and is not quite as bent on ensuring that downstream users can enjoy the license. However, the terms of service contain somewhat similar terms. Stack Overflow the company also has access to your email address in case they need to contact you.
Correct answer by amon on August 28, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP