www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Mattmann <mattm...@apache.org>
Subject Re: Podling CLA/Grant advice
Date Tue, 03 Oct 2017 18:05:17 GMT
Hi Hen,


While I understand the below, there is no need to make it more complicated then it has to


For MXNet, I assume there was an SGA filed, no? There only needs to be 1:1 on the project
and contributors don’t need to separately submit an SGA. I would assume you wouldn’t have
email 380 people and that the initial SGA and whomever were specified on it in the attachment,

is sufficient to begin. 


Then we look that we have ICLAs on file for all *major* and non 5-10  lines of code, or 30+
of code, or some number N lines of code *contributors*, for commits and contributions going

forward. For those before hand, if there were 380 contributors, I’m assuming not all of
were Amazon employees. However, perhaps within the 380, many were the 5-10 lines of code
variety, a fix here or there variety, etc etc. I know you can adopt an *opt out* rather than
*opt in*
there. That is, leave the code in there. We assume good faith and that the person will want
it there.
If they *don’t* want it there, and they make that known, we take it out (we only want code
wants to be here).


Taking the above into account, I do not think it has to be harder than that. And the PMC is
for IP management in relation to the code, so this is something the PPMC needs to decide.
Consider the
above (and below else-thread) advice helping you all to come to your decisions ☺








From: <hyandell@gmail.com> on behalf of Henri Yandell <henri@yandell.org>
Reply-To: "legal-discuss@apache.org" <legal-discuss@apache.org>
Date: Tuesday, October 3, 2017 at 1:37 AM
To: ASF Legal Discuss <legal-discuss@apache.org>
Subject: Re: Podling CLA/Grant advice



Here be dragons :)


In #1, there are two sets:

1a) The entity are the copyright holder for 100% of the work (ignoring clearly decoupled dependencies).

1b) The entity are a partial copyright holder of the work (ignoring deps), have received a
license to the rest of the work, and have the rights to assign that license to Apache. The
latter is probably rare, yet this option (1b) is most likely for any codebase that has been
public. That is, we rely on the entity contributing the project to Apache to have clean IP,
we don't rely on them to be able to hand over their clean IP to us. 

I believe in #2 (below, not 1(b) above) that the git/github model has changed how we look
at this. Historically we would have looked at the commits, but I don't believe we would have
analysed the issue tracker. With pull requests on GitHub, folk who would have attached a patch
to the issue tracker are now a part of the commit history and we see the authors increase
by an order of magnitude.


Note that MXNet did have a form of IP management. As a user of the Apache 2.0 license every
contribution to the project (per clause 5) was licensed under the Apache 2.0 license ('in/out
licensing'). That's the same IP management Apache uses for contributions on JIRA/pull requests,
both trivial and anything up to 'major' (where the occasional major contribution requires
an SGA, or lazily (in a good way) an ICLA). 

Going back to the original email; I'd like to know what to say to 380 people to explain why
we need them to sign something. With a relicence it's easy, relicensing needs the copyright
owner's permission, they are a copyright owner, please can we have permission. With this,
not so easy.  "We don't trust your contribution, please sign this SGA so we can trust your




On Mon, Oct 2, 2017 at 6:21 PM, Chris Mattmann <mattmann@apache.org> wrote:

Craig, I share the below opinions.

RE: SGA, let me clarify, I think there are a few situations:

1) SGA for a donation e.g., from a company or gov agency
a. The person providing or “granting” the SGA may have
the permission of the institution e.g., a signing authority, that
represents the IP from the company or agency, fine.
b. The person may be someone without signing authority but
designated by the agency as someone who can provide the Grant,
2) SGA for a donation e.g., from a set of contributors
a. The person providing or “granting” the SGA would ideally point to
some permanent URL or public URL with the decision by the binding
set of members of the contributors (at a minimum, within reason e.g.,
defined as all those active, or as all contributors ever, or all those
that responded to my email with a deadline of 2 weeks, or a month etc.)
b. If the community already uses some form of IP management besides
having a version repository and headers, etc., then pointing to those
on file would be useful and welcomed.

I’m sure there are variations on 1ab or 2ab but those are the ones fresh in my mind
with what I was talking about.

Thoughts, Craig? Roman?


On 10/2/17, 5:51 PM, "Craig Russell" <apache.clr@gmail.com> wrote:

    > On Oct 2, 2017, at 5:23 PM, Roman Shaposhnik <roman@shaposhnik.org> wrote:
    > On Mon, Oct 2, 2017 at 3:23 PM, Craig Russell <apache.clr@gmail.com> wrote:
    >> Not to contradict our VP, Legal, just to clarify.
    >>> On Oct 2, 2017, at 1:17 PM, Chris Mattmann <mattmann@apache.org> wrote:
    >>> Clearly, an SGA is intended for the copyright holder. If that’s an individual
who as an
    >>> individual represents those copyright holders, OK, but it’s gotta be pretty
    >> That is a pretty high bar, and I've not seen it in practice. In order for an
individual to own
    >> the rights and grant those rights via an SGA, there would need to be some grant
    >> from the contributor to the individual(s) signing the SGA.
    > +1 to what Craig is saying -- I've also seen a much laxer attitude in
    > the past. The very questions
    > I'm asking is whether we should consider tighten our practices or
    > still allow SGAs that are lax.
    > I'm actually working on a proposal right now for a project that
    > existed on GitHub for sometime.
    > I've assumed that an SGA *on behalf* of the community (but NOT from
    > somebody who is legally
    > speaking a copyright holder) will be a way to go.

    Speaking as a non-lawyer, "You cannot grant rights that you do not own." And the following
is strictly my own opinion.

    A project that is licensed under alv2.0 and has existed for so long that the contributors
cannot be found can still use code with the Apache license, but not with the Apache header.

    If the project is currently licensed using the alv2.0 as its license, then the project
can continue to use the license with its original headers and NOTICE.


    > Thanks,
    > Roman.
    > ---------------------------------------------------------------------
    > To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
    > For additional commands, e-mail: legal-discuss-help@apache.org

    Craig L Russell
    Secretary, Apache Software Foundation
    clr@apache.org http://db.apache.org/jdo

    To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
    For additional commands, e-mail: legal-discuss-help@apache.org

To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


View raw message