incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geir Magnusson Jr. <ge...@apache.org>
Subject Request for Comment : Harmony Contribution Policy
Date Mon, 01 Aug 2005 04:06:27 GMT
Incubator PMC and community :

We have developed a contribution policy in the Apache Harmony  
podling, and I'd like to present it here and ask for comment.  We  
believe that this is in the spirit of openness of the ASF, as well as  
supporting the ASFs respect for IP and interest in minimizing risk to  
the ASF, the project community, and eventual downstream users due to  
third party encumbrance.

Motivation
----------

Apache Harmony is going to develop a full, certified version of J2SE  
5, a distribution which includes both the VM and class library.  We  
will be building from new code, contributions, and re-use of external  
packages.  We require a high level of certainty that any of the  
software in our distribution is original work and not subject to  
claim by any other party.  We believe that this will give us the  
greatest opportunity for full community participation.

Risks
-----
Sun Microsystems, as well as other vendors, have made the source code  
for their VM and class library widely available under a host of non- 
open source licenses.  For example, the distribution has been wide  
enough that it's a reasonable guess that every JDK from Sun has  
included such source code, and many, many developers have examined  
such source for a host of innocent and legitimate reasons, such as  
stepping into the source when debugging their programs, or examining  
the source to see how something worked/why a bug was happening/etc.   
All of these exposures are legitimate, but we need to ensure that  
because of this wide availability, we take extra precautions to  
protect those copyrights.  Further, we believe that many people with  
professional experience relevant to Harmony - for example, have  
worked for Sun or other vendors on Java -  are interested in the  
project, and that runs the risk of accidental exposure of trade  
secrets, and the subsequent problems that a project may then be  
subject to, e.g. SCO vs IBM as an example.

Goal
----

Our goal is two-fold :

a) Ensure that we structure our contribution policies
    to maximize participation across the entire community.

b) Ensure that we do everything practical to ensure we do
    not violate the copyright or trade secrets of other
    entities as we build our project.

Contribution Framework
----------------------

0) The standard Apache process of Individual Contributor License  
Agreements, Corporate Contributor License Agreements and Software  
Grants will be followed as the basis of our policies.

1) We will have a SVN repository structured around technology parts  
of the platform to which ACLs can be used to limit access.  The  
granularity of the access will be determined by the information  
obtained from the Authorized Contributors (see #2, next).  IOW, we'll  
add fine structure as necessary.  To start, we expect to see high  
level structure such as JVM, class library and tools, with  
substructure as needed (ex JVM : (interpreter, memory manager,  
compiler, OS integration layer), classlibrary : (... package  
groupings ...) etc)

2) We are creating the concept of an Authorized Contributor.  An  
Authorized Contributor is someone who has, in addition to the ICLA  
and CCLA (if appropriate), has executed a Authorized Contributor  
Questionnaire  :

   http://incubator.apache.org/harmony/auth_cont_quest.html

a document which basically has a contributor state where/how they  
have been exposed to relevant IP.  From this information, we can  
limit their access to those places where their participation doesn't  
add an unreasonable element of contamination to the codebase.  For  
example, an engineer who works for a corporation full time on the  
hotspot compiler part of a virtual machine would be prevented from  
working only in that part of the project (unless that corporate  
granted that person permission to work there via a CCLA).  That  
engineer would of course be welcome in all other parts of the codebase.

Authorized Contributor Questionnaires will be accepted and managed by  
the Apache Harmony PMC (PPMC for now), and we will kindly request  
that original documents can be stored with the rest of the  
Foundation's records.

3) A  Bulk Contribution is defined as any work that was created  
outside of the normal day-to-day development stream of the project  
and is being offered as a contribution to the project.  For Bulk  
Contributions we shall :

   a) Require the CCLA & Software Grant, or a Software Grant,
      as is normal for any contribution to the ASF
   b) Require that it is contributed by Authorized Contributors
   b) Register each donation via distinct inclusion in a
      "bulk contribution" area of SVN before intermingling
      with the rest of the codebase


We expect to enact these policies through a combination of :

1) focused PMC oversight
2) constant contributor education
3) additional mechanical means such as enhancements to template for  
commits
4) external surveillance such as a third-party looking for  
significant similarity between our codebase and other codebases, such  
as Sun's source, source from other vendors that wish to participate,  
and other open source projects.


Finally, we plan to continue to work with Sun and other organizations  
to clarify or amend any existing third-party licenses in order to  
reduce the number of people that would have limits on how they  
participate in the project.

Comments?  (Like I need to ask for them... )

geir

-- 
Geir Magnusson Jr                                  +1-203-665-6437
geir@apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message