docs: permit a user's chosen identity with SoB

The docs for submitting a patch describe using your "Legal Name" with
the Signed-off-by line.

In recent times, there's been a general push back[1] against the notion
that use of Signed-off-by in a project automatically requires / implies
the use of legal ("real") names and greater awareness of the downsides.

Full discussion of the problems of such policies is beyond the scope of
this commit message, but at a high level they are liable to marginalize,
disadvantage, and potentially result in harm, to contributors.

TL;DR: there are compelling reasons for a person to choose distinct
identities in different contexts & a decision to override that choice
should not be taken lightly.

A number of key projects have responded to the issues raised by making
it clear that a contributor is free to determine the identity used in
SoB lines:

 * Linux has clarified[2] that they merely expect use of the
   contributor's "known identity", removing the previous explicit
   rejection of pseudonyms.

 * CNCF has clarified[3] that the real name is simply the identity
   the contributor chooses to use in the context of the community
   and does not have to be a legal name, nor birth name, nor appear
   on any government ID.

Since we have no intention of ever routinely checking any form of ID
documents for contributors[4], realistically we have no way of knowing
anything about the name they are using, except through chance, or
through the contributor volunteering the information. IOW, we almost
certainly already have people using pseudonyms for contributions.

This proposes to accept that reality and eliminate unnecessary friction,
by following Linux & the CNCF in merely asking that a contributors'
commonly known identity, of their choosing, be used with the SoB line.

[1] Raised in many contexts at many times, but a decent overall summary
    can be read at https://drewdevault.com/2023/10/31/On-real-names.html
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d4563201f33a022fc0353033d9dfeb1606a88330
[3] https://github.com/cncf/foundation/blob/659fd32c86dc/dco-guidelines.md
[4] Excluding the rare GPG key signing parties for regular maintainers

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrangé 2024-10-22 10:38:58 +01:00
parent 42ab0148dd
commit 372d4b42d3
2 changed files with 9 additions and 6 deletions

View File

@ -112,9 +112,9 @@ There are no special requirements to becoming a contributor other than having
the interest and ability to provide a contribution. The libvirt project **does the interest and ability to provide a contribution. The libvirt project **does
not require** any *"Contributor License Agreement"* to be signed prior to not require** any *"Contributor License Agreement"* to be signed prior to
engagement with the community. However for contributing patches, providing a engagement with the community. However for contributing patches, providing a
'Signed-off-by' line with the author's legal name and e-mail address to 'Signed-off-by' line with the author's chosen name and e-mail address to
demonstrate agreement and compliance with the `Developer Certificate of demonstrate agreement and compliance with the `Developer Certificate
Origin <https://developercertificate.org/>`__ is required. of Origin <hacking.html#developer-certificate-of-origin>`__ is required.
In making a non-patch contribution to the project, the community member is In making a non-patch contribution to the project, the community member is
implicitly stating that they accept the terms of the license under which the implicitly stating that they accept the terms of the license under which the

View File

@ -83,9 +83,12 @@ Contributors to libvirt projects **must** assert that they are
in compliance with the `Developer Certificate of Origin in compliance with the `Developer Certificate of Origin
1.1 <https://developercertificate.org/>`__. This is achieved by 1.1 <https://developercertificate.org/>`__. This is achieved by
adding a "Signed-off-by" line containing the contributor's name adding a "Signed-off-by" line containing the contributor's name
and e-mail to every commit message. The presence of this line and e-mail to every commit message. The name should be the identity
attests that the contributor has read the above lined DCO and the contributor has chosen to be known as in the context of the
agrees with its statements. community. It does not need to be a legal name, nor match any
formal ID documents, but should not be anonymous, nor misrepresent
who you are. The presence of this line attests that the contributor
has read the above linked DCO and agrees with its statements.
Further reading Further reading
=============== ===============