You can only commit a patch to the tree if you take responsibility for it (at some level), and that means you'll have to sign off on it.
Ok, so our policy is that the committer always adds a sign off?
If not, the whole signed-off-by thing becomes useless, so it better be policy.
When you want to pass the code on (for example, by committing it to the repo), you have to sign off on it as well.
But I also reviewed it, so I should ack, right?
Dunno. "acked-by" as used in Linux is only an informal comment; if LinuxBIOS wants to formalise its usage, the rules should be written down somewhere.
Adding my own Signed-off-by doesn't imply review, or does it?
It doesn't, but it would be silly (and irresponsible) to sign-off on something you didn't look at first.
It seems neither the sign-off nor the ack fits for just a commit.
You *need* a signed-off for a commit though, that's what the DCO is all about.
Yes, but does the committer need to sign-off too? Isn't it enough with the signed-off-by from the author and an ack from the committer?
No. Every step in the chain into the repo needs to be tracked or the "chain of trust" is lost.
If what you want is keeping track of committers -- that's not a property of a patch, but a property of the repo; any good SCM tracks that for you automatically.
But the policy of sign-off+ack required for commit is incompatible with the suggested author sign-off+committer sign-off scheme, hence my questions. :)
I don't see the incompatibility? Unless you mean that the acked-by tags should be put into the commit; that is a foolish thing indeed, there are many problems with it (for example, it is easy to forget to add one of those when you commit; not the case with signed-off, since that's in the patch when you send it out for review already, and a committer will add it automatically if he has his tools set up for that).