Dear Hans de Goede,
In message 532DA872.5000606@redhat.com you wrote:
No as said before the parts for which we don't have a Signed-off-by for falls under b), since we took it from existing code which has clear GPLv2+ license headers on each and every file.
Can the code be properly attributed, i. e. does it have proper Signed-off-by: lines?
using your real name (sorry, no pseudonyms or anonymous contributions.)
Right but these are not Signed-off-by lines. Just as I may thank a tester in a commit message with just his name because he does not want me to disclose his email address, we are attributing people here with just there names.
If these people attributed to the code, we should have their commits with their respective Signed-off-by: lines.
Note in some cases we do have email addresses and Ian has said he will add those in the next version, but we cannot magically conjure up Signed-off-by's which we don't have, and section b) says we don't need to since all the original files have a clear GPLv2+ license header.
I don't see this so simple. The code was derived from some earlier mainline U-Boot version, for which a proper chain of SoBs was in place. Then the code was modified in some ways by some unknown people who did not provide their Developer's Certificate of Origin. So what gives us reason to believe that these modifications can be freely reused, i. e. that they do not for example violate third party IP rights?
Section (b) applies for example in cases where an employer has a team of people working on such tasks, and uses a single contact as interface to the community, so the original authors are not directly visible. But unless you contract such work (and make sure fromt he contract terms that you have the appropriate rights), it is IMO difficult or impossible to certify the Developer's Certificate of Origin for modifications done by others - the fact that there was a license header in the code before is good, but not good enough.
Best regards,
Wolfgang Denk