incubator-allura-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Stein <gst...@gmail.com>
Subject Re: Licensing of contributions
Date Mon, 20 Aug 2012 18:44:03 GMT
Hey Dave,


On Wed, Aug 15, 2012 at 11:41 AM, Dave Brondsema <dave@brondsema.net> wrote:
> I would like to merge
> https://sourceforge.net/p/allura/git/merge-requests/6/ a contribution
> from Hendrik Brummermann, but am not sure how we should handle licensing.

Section 5 of the Apache License covers such contributions. Just apply the patch.

Beyond the text of license, there is also demonstrated *intent* for
the patch to be applied. Hendrik knows he is contributing to a work
under the ALv2. On the weird chance that he comes back and says
"that's not what I meant"... well, we'd just revert the patch. But
it's not gonna happen. Some third party can't raise a claim that we
improperly included his Contribution, given the license and the
intent.

> I understand that other projects that take patches via JIRA have a
> checkbox when the patch is attached.  "Grant license to ASF for
> inclusion in ASF works (as per the Apache License §5)"

There isn't a strong need for that checkbox in Jira (and it is
in-process on being removed).

> Should we just capture the same approval on the Allura merge request or
> ticket?  For now it'd have to be a regular comment, but we could make it
> a special field eventually.

Nope. Just pull the commits into the repo. Given the use of Git, we
can track the author of the patch, separate from the person who
incorporated the change into the project repository (soon to be moved
to the ASF, right?).

In Apache Subversion, we apply patches regularly, and have a standard
item in our log message to say who provided it:

Patch by: Joe Developer <somewhere{_AT_}example.com>

That gives appropriate credit to the developer, and provides
historical tracking of where the code came from.

If the git records don't have enough, or you're applying the patch
(from the ticket) manually, then I would very much recommend attaching
something like the above to the commit/log message.

> In the past, our few contributors have signified that they have rights
> to the code and that they wish to share it under the terms of the Apache
> License Version 2.0 by using "git commit --signoff"  This has been a bit
> of a pain since sometimes we'd have to ask folks to redo their commits
> with the sign-off.  Also IMO the sign-off doesn't clearly denote its
> meaning.

The ICLA covers this. For the random patches supplied by people who do
NOT have an ICLA, then we refer to §5 and intent.

Note: for "large" contributions, it is best to get the developer to
sign an ICLA. That would cover the contribution, and all future
contributions. If there is no expectation of future contributions,
then a software grant would be fine.

Cheers,
-g

Mime
View raw message