Comments (9)
It's pretty easy to implement: https://coderwall.com/p/jp7d5q/create-a-global-git-commit-hook.
@ribasushi I'm not sure about that config setup. The solution I just l pointed to seems to work for me. Maybe I am missing something?
from community.
this is just a draft for prep.
TL;DR: we need explicit "Signed-off-by" sigs for some git commits. You can just sign this google doc form, and done!
<google-form-link>
Long Version:
Greetings Everyone,
Thank you very much for your past, present, and future contributions to the IPFS Project. Sorry to bother you with this silly Open Source hygiene thing.
As you may remember, the various code repositories of the IPFS Project are MIT Licensed. All contributions carry the same MIT license, except for "vendored" or "linked" code, which carries compatible licenses (BSD, Apache 2, etc).
You're getting this email beacuse you contributed code to an IPFS Repository, before we began enforcing the "License commit trailers required" policy. A "License trailer" is a small signoff in the bottom of a commit message, that looks like this:
License: MIT
Signed-off-by: Juan Batiz-Benet <[email protected]>
The "Signed-off-by" part is the sign-off typical to the linux kernel, git, docker, and other projects. The "Sign-off" agrees to the Developer Certificate of Origin (1.1), which is a document that certifies the contribution. You can find out more about the DCO here: http://elinux.org/Developer_Certificate_Of_Origin and see our own hosted copy here: https://github.com/ipfs/community/blob/master/docs/developer-certificate-of-origin
The reason these projects ask for the explicit "Signed-off-by" trailer in commits is that a conscious step must be taken by the contributor to formally sign the work to the license, even if only done once. As far as lawyers are concerned, it is really not enough to make a pull-request on a repo with a given License file (as of 2015-06). Rather than hope law practice catches up to common open-source practice, we want to make absolutely sure that all users can use and contribute to IPFS without any worry. Thus (advised by our lawyers) we are making sure all the commits have a "Signed-off-by" clause. And we now have a bot that checks Pull Requests for us: GitCop (many thanks to the author gazler and chriscool for setting it all up). GitCop verifies the trailers, and otherwise asks the author to add them, pointing to guidelines, instructions, and even a helpful git commit hook.
The "License: MIT" part is a section added to make it clear, beyond shadow of a doubt, that all the code in the the commit at hand has been Licensed MIT, as the rest of the project, regardless of where that commit lands. Note that it is understood that if non-MIT vendored code is included and clearly labeled with its own LICENSE file in its own directory and/or with License headers on the files then that code carries that License. (We do not have an automated check today for verifying the LICENSE files added are all compatible with the MIT License, but we may in the future).
So, there's a few commits you made that we need to get explicit "Signed-off-bys" from you. The commits are technically already covered by the License file in the root of the repo, as is common practice and our contribution documentation states, but it is important that we make sure we apply the same level of OSS hygiene to them.
To make this easy for you, we've made a google doc form for everyone. You just need to fill out your name and email, as it would appear on the commit sign-off, for example:
Juan Batiz-Benet <[email protected]>
We'll then make one commit to the repository noting all the relevant commit hashes, with all the "Signed-off-by" lines. The google form takes only a few seconds, and is over at:
<google-form-link>
Again, thank you so much for your contribution, thank you for your prompt reply, and sorry to bother you with this silly thing!
Thanks,
Juan Benet
from community.
We should get this for the JS repos as well. @RichardLitt could you lead this?
from community.
Talked to @flyingzumwalt a bit about this today. I can certainly help, but not sure I'd be the best DRI for this particular effort.
Are we still going with gitcop? I haven't seen it in a while - have I just not been watching go-ipfs enough? That's the only repo we use it for, currently, correct?
from community.
Just had some fun: It would be possible to ask users to add a global git commit hook without too much hassle. We could have them add this:
#!/bin/sh
if [[ $(git remote get-url origin | grep "[ipfs|libp2p|ipld|orbit|multiformats]") ]]; then
grep "^License:" "$1" || {
echo >>"$1"
echo "License: MIT" >>"$1"
echo "Signed-off-by: $(git config user.name) <$(git config user.email)>" >>"$1"
}
fi
If you're working on any of our repos, you would automatically add the same things we currently add only to go-ipfs.
from community.
Oh, I didn't know global commit hooks. Where would you put that script?
About GitCop, I've seen it just the other day -- we're eager to switch away from it. It's just very blunt and unfriendly.
from community.
Oh, I didn't know global commit hooks. Where would you put that script?
It's a relatively new thing that has not yet trickled down to dists: git/git@867ad08a
You still need to distribute a config somehow, this is the closest to "safe" I was able to come up with some time ago (read the commit message carefully): Perl5/DBIx-Class@1f99022a59
from community.
@RichardLitt you mentioning global commit hook
made me think of the git 2.11 feature, not of init
templates.
The extra faffing I show in the second paragraph is a workflow to both allow updates from upstream ( the scripts are hosted in-repo, instead of some one-off comment on github ) while at the same time highlighting the concern that a malicious committer might drop unsavory code into the hook/config areas.
from community.
@dignifiedquire Pointed out that github added a default contributor license. We could potentially use that. However, as @Kubuxu mentioned in the All Hands call, this means it is a bit more removed from git.
from community.
Related Issues (20)
- Madison IPFS
- Request for improvement suggestions for the 🙌🏽 IPFS Weekly Call 📞 HOT 3
- Adding prettier action to auto-format markdowns and javascript files
- How can i solve this problem related IPFS private network setup HOT 1
- Uploading large number of files HOT 1
- No Explicit License for Images in "assests" directory HOT 3
- #ipfs on freenode has been left an empty shell HOT 1
- Setup IPFS Implementer's Sync HOT 5
- Setup IPFS Community Office Hours HOT 1
- Error: No "exports" main defined HOT 2
- HTTPError: {"code":401,"message":"Unauthorized"}
- The website has been hacked! HOT 1
- Malicious user easy can change website content manipulate files HOT 1
- The content not seeded by users and users can not downloaded it easy way (not 24/7 seeded content by the owner)
- TOR or another onion routing free from third parties protection to hosting, download and sharing content
- IPFS needs a way to combat content abuse
- Hacking & Phishing with ipfs.io HOT 1
- Fishing using ifps one more case... HOT 5
- Reporting spam, phishing, abuse etc. HOT 8
- README is well out of date: "pruning/archiving old content in 2022Q4"
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from community.