Yeah, I'm also unclear if Martin means the "-s" (aka "signoff") or the "-S" (sign) feature or both? Check out: http://mikegerwitz.com/papers/git-horror-story for some discussion about these issues around trust. From a legal standpoint, signoffs mean next to nothing since they too are spoofable (just like you can impersonate anybody in a commit message). If people really care about provenance then, IMHO, we need: * Signed contributor agreements * Signed commits IANAL but I've gone through a fair number of audits (from both sides of the table). Hope this helps, John On May 30, 2014, at 13:04 , zerotacg <zero@xxxxxxxxxxxxxxxx> wrote: > I'm relatively new to git, what does that actually mean? > I see that it adds a "Signed off by ..." to the commit but how does that > solve the need of the patch license? > > Tobias > > On 30.05.2014 18:33, Martin Sustrik wrote: >> I quite like the linux kernel model. You have a developers' agreement >> somewhere on the web and individual contributors sign the patches off >> when committing to git: >> >> git commit -s >> >> Easy and efficient. >> >> Would people on the list prefer this model? >> >> Martin >> >> On 30/05/14 18:24, John D. Mitchell wrote: >>> That's pretty iffy. Much better to have explicit contributor >>> agreements for each person. >> >>> Cheers, John >> >>> On May 30, 2014, at 07:33 , Garrett D'Amore <garrett@xxxxxxxxxx> >>> wrote: >> >>>> It doesn't. But if the existing file is licensed under MIT and >>>> no new notice is placed with the copyright addition then I think >>>> the common convention is to assume that the new changes are >>>> licensed under the same existing license. Now changing the >>>> license would be a different matter and in that case a new notice >>>> in the file would be needed. >>>> >>>> Sent from my iPhone >>>> >>>>> On May 30, 2014, at 12:19 AM, Martin Sustrik >>>>> <sustrik@xxxxxxxxxx> wrote: >>>>> >>> Hi Garrett, >> >>>>>>> Well, I'm not the package maintainers. But for those >>>>>>> packages that I do maintain (illumos, mangos, etc.) I ask >>>>>>> that contributors update the copyright statements in the >>>>>>> files that they are updating as part of their patch >>>>>>> submission. >> >>> Are you sure it works that way? I am not a lawyer, but my feeling >>> is that claiming a copyright on the file doesn't necessarily mean >>> you are providing your patched under the MIT license... >> >>> Martin >> >>>>> >>>> >> >> >> >> > >