What is the Sign Off feature in Git for?
Sign-off is a requirement for getting patches into the Linux kernel and a few other projects, but most projects don't actually use it.
It was introduced in the wake of the SCO lawsuit, (and other accusations of copyright infringement from SCO, most of which they never actually took to court), as a Developers Certificate of Origin. It is used to say that you certify that you have created the patch in question, or that you certify that to the best of your knowledge, it was created under an appropriate open-source license, or that it has been provided to you by someone else under those terms. This can help establish a chain of people who take responsibility for the copyright status of the code in question, to help ensure that copyrighted code not released under an appropriate free software (open source) license is not included in the kernel.
Sign-off is a line at the end of the commit message which certifies who is the author of the commit. Its main purpose is to improve tracking of who did what, especially with patches.
Example commit:
Add tests for the payment processor.
Signed-off-by: Humpty Dumpty <[email protected]>
It should contain the user real name if used for an open-source project.
If branch maintainer need to slightly modify patches in order to merge them, he could ask the submitter to rediff, but it would be counter-productive. He can adjust the code and put his sign-off at the end so the original author still gets credit for the patch.
Add tests for the payment processor.
Signed-off-by: Humpty Dumpty <[email protected]>
[Project Maintainer: Renamed test methods according to naming convention.]
Signed-off-by: Project Maintainer <[email protected]>
Source: http://gerrit.googlecode.com/svn/documentation/2.0/user-signedoffby.html
git 2.7.1 (February 2016) clarifies that in commit b2c150d (05 Jan 2016) by David A. Wheeler (david-a-wheeler
).
(Merged by Junio C Hamano -- gitster
-- in commit 7aae9ba, 05 Feb 2016)
git commit
man page now includes:
-s::
--signoff::
Add
Signed-off-by
line by the committer at the end of the commit log message.
The meaning of a signoff depends on the project, but it typically certifies that committer has the rights to submit this work under the same license and agrees to a Developer Certificate of Origin (see https://developercertificate.org for more information).
Expand documentation describing
--signoff
Modify various document (man page) files to explain in more detail what
--signoff
means.This was inspired by "lwn article 'Bottomley: A modest proposal on the DCO'" (Developer Certificate of Origin) where paulj noted:
The issue I have with DCO is that there adding a "
-s
" argument to git commit doesn't really mean you have even heard of the DCO (thegit commit
man page makes no mention of the DCO anywhere), never mind actually seen it.So how can the presence of "
signed-off-by
" in any way imply the sender is agreeing to and committing to the DCO? Combined with fact I've seen replies on lists to patches without SOBs that say nothing more than "Resend this withsigned-off-by
so I can commit it".Extending git's documentation will make it easier to argue that developers understood
--signoff
when they use it.
Note that this signoff is now (for Git 2.15.x/2.16, Q1 2018) available for git pull
as well.
See commit 3a4d2c7 (12 Oct 2017) by W. Trevor King (wking
).
(Merged by Junio C Hamano -- gitster
-- in commit fb4cd88, 06 Nov 2017)
pull
: pass--signoff/--no-signoff
to "git merge
"merge can take
--signoff
, but without pull passing--signoff
down, it is inconvenient to use; allow 'pull
' to take the option and pass it through.