You can only commit a patch to the tree if you take responsibility for it (at some level), and that means you'll have to sign off on it.
Ok, so our policy is that the committer always adds a sign off?
If not, the whole signed-off-by thing becomes useless, so it better be policy.
now, why exactly?
It's point (c) in the DCO.
If you allow any code to be checked in without the person doing that stating he has the the right to do that, i.e. without adding the signed-off, all previous signed-off statements (by the original developer, etc.) have no significance as to whether the LinuxBIOS project did check if it was allowed (for IP or copyright reasons) to use the code. Only full chains work; one missing link and it's broken.
But I also reviewed it, so I should ack, right?
Dunno. "acked-by" as used in Linux is only an informal comment; if LinuxBIOS wants to formalise its usage, the rules should be written down somewhere.
Whats missing in http://www.linuxbios.org/Development_Guidelines?
The doc should be in the repo itself. Other than that, it could be formalised a bit ;-)
Yes, but does the committer need to sign-off too? Isn't it enough with the signed-off-by from the author and an ack from the committer?
No. Every step in the chain into the repo needs to be tracked or the "chain of trust" is lost.
I dont think the chain of trust goes lost. The repository monitors who did the commit, so it will be as easy to find out as grepping for the Signed-off-by: ?
The "commit" message the repo gives you only tells you who did the check in; it doesn't say that the commiter states that he checked to the best of his knowledge that he is allowed to (re-)publish that source code.
ie. Are you saying the mails that get sent out to the mailing list should be filtered to say
Committed by: Committer
No. I'm saying that committers should manually (or at least consciously) add the signed-off.
I don't see the incompatibility? Unless you mean that the acked-by tags should be put into the commit; that is a foolish thing indeed, there are many problems with it (for example, it is easy to forget to add one of those when you commit; not the case with signed-off, since that's in the patch when you send it out for review already, and a committer will add it automatically if he has his tools set up for that).
If you think our review process is useless, you are of course not forced to contribute to it.
I'm not saying the review process is useless; I'm saying that recording history of who thought what patch was a good idea, _when those patches never end up being committed_, is pretty damn useless. A newer version of the patch superseded the old one; knowing who approved the final commit *can* of course be useful. I wasn't commenting on the review process at all; just on the acked-by lines that people add to commit messages.