incubator-callback-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ross Gardler <rgard...@apache.org>
Subject Contributions policy for those with no ICLA
Date Thu, 16 Feb 2012 10:45:48 GMT
A couple of times I've noted people in this community indicate that
there is a practice of committing on behalf of other people (most
recently in a private mail that I have requested be discussed onlist),
sometimes from different companies.

Before I go on I am not talking about contributions made through the
normal contribution process (patch submission, or pull request) where
the contribution does not contain significant IP. I am only referring
to contributions that contain significant IP or are not made available
through some public repository. If all cases referred to on this list
have been of the former category then this is just informational. If
any are of the latter category this is much more important (and at
least one mail back in December indicated that significant IP would be
involved).

As a mentor I want to make it clear that the practice of committing
third party code with significant IP but without an ICLA on file is
not acceptable to the ASF. This is for two reasons, the first is
legal, the second is social.

All individuals contributing IP must sign an ICLA, it is the CCLA that
is optional. Furthermore the CCLA is usually for named individuals,
not for all employees. So having a CCLA on file from a company has
little to no bearing on whether an individual has permission to
contribute their code. Committing significant IP on behalf of someone
else means you are committing code you do not have permission to
contribute, or at least some argue that you do not have provable
permission. Consequently, the foundation cannot provide the necessary
legal protection for either the original author or the committer.

[ASIDE many people in the ASF argue that the contribution under the
Apache License is sufficient, this is not the forum for this
discussion, current policy is that an ICLA is required - the forum to
seek policy change is legal-discuss@a.o]

Since one of the foundations primary goals is to provide legal
protection we cannot accept this practice. It not only puts the
project at risk (code might have to be pulled out at a moments notice)
but it puts our volunteers at risk.

Secondly and arguably more importantly, the ASF is a meritocracy. We
recognise people for their contributions. By contributing a third
parties code you are robbing an individual of (at least some) of the
merit they deserve and claiming it for yourself. This is not good for
community development. Of course, if the contribution is coming
through a pull request this is less of an issue, but will highlight
the IP issues above.

If nobody is contributing code that is not coming in through an active
contribution process there is nothing to worry about and I'm just
blowing hot air.

If nobody is contributing code that contains significant IP but no
ICLA is on file there is nothing to worry about and I'm just blowing
hot air.

If somebody finds them in either of these two positions we need to
resolve it ASAP. It's usually just a question of educating the
employer so let us know how we can help.

Ross

Mime
View raw message