On Mar 2, 2007, at 6:29 AM, Jim Jagielski wrote:
> On Mar 2, 2007, at 8:11 AM, Roy T. Fielding wrote:
>
>>> On 2/27/07, Jim Jagielski <jim@apache.org> wrote:
>>>> David, no problem. We just need You to fill out another CCLA
>>>> and note changes and mark the CCLA as an addendum to the one
>>>> currently on file. You can FAX it to us (410-803-2258) or
>>>> Email a scanned copy of the signed-and-filled-out CCLA
>>>> to secretary@apache.org *and* legal-archive@apache.org.
>>
>> That doesn't make any sense. The CCLA is designed to be updated by
>> the point of contact (David) -- all he has to do is send the ASF
>> an email message to do so. The legality and signatures to that
>> effect
>> have already been established by the original CCLA.
>>
>> Creating a new CCLA each time the contact wants to add an addendum
>> is a very bad idea -- it means we have to have the entire text
>> approved by Day legal, again, and have two officers of the company
>> sign it. I am sure that other companies have similar restrictions
>> on IP licensing. That is why the CCLA was designed for addendums
>> to simply be communicated (in any written fashion) to the ASF.
>
> Certainly we need to ensure that the entity/person
> making the changes is legally entitled to do so.
> With Email so easy to spoof, assuming it's not GPG signed,
> we have no guarantee that David is David.
We don't have such a guarantee with paper signatures either.
We don't need any. As agreed by all, Day Software has officially
named David (CTO and member of Day's board) as the person responsible
for such addendums. If it were a spoof, one of the 10 or so Apache
contributors from Day (including myself) would catch wind of it and
correct the matter pretty fast, even faster than we would with
a paper copy sent by fax. After all, it is far easier to fake a
fax than it is to fake an email address, since people reply to
emails.
In any case, why would anyone spoof a code contribution?
How is this person going to both obtain the source code and
submit it as a contribution, while at the same time spoofing
an email message? It just isn't worth worrying about.
> I do not interpret such updates as "submissions" as defined
> in 1. Definitions. So since this is a change to a legal
> document between 2 parties, it's not unreasonable, imo,
> to ensure that there is clear tracking of those changes.
The State of Delaware says that email is just as good as paper
when it comes to legally binding contracts. The only way to do
better is to have the signature(s) notarized.
The CCLA says:
8. It is your responsibility to notify the Foundation when any
change is required to the list of designated employees authorized
to submit Contributions on behalf of the Corporation, or to the
Corporation's Point of Contact with the Foundation.
The software grant is a simple non-exclusive license according
to the same terms agreed to in the CCLA. There is, in fact, no
need for any software grant at this point because we have already
agreed that all of Day's employee contributions (even the people
who we haven't listed yet) are covered by the CCLA. If David
writes to you and says "this contribution is covered by the
terms of the existing CCLA", then that is a legally binding
statement and every bit as enforceable as a new document.
The ASF is adequately covered, from a legal standpoint, based on
the fact that the CCLA makes sure that Day (the company) is formally
aware of the license terms and that each of our employee committers
are aware of them via the iCLAs they signed. There is absolutely
no way that Day could actively contribute code at this point, whether
posted to a mailing list, jira, or committed directly, and then
later come back and claim infringement on the basis of Apache
doing exactly what we agreed would happen to our contributions.
Our legal processes must be kept reasonable. A low entry barrier
to contributions is more important than being anal about duplicate
paperwork when we already have signed legal agreements in effect.
....Roy
---------------------------------------------------------------------
DISCLAIMER: Discussions on this list are informational and educational
only. Statements made on this list are not privileged, do not
constitute legal advice, and do not necessarily reflect the opinions
and policies of the ASF. See <http://www.apache.org/licenses/> for
official ASF policies and documents.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
|