www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Harui <aha...@adobe.com.INVALID>
Subject Re: MXNet: "Copyright Contributors"
Date Tue, 03 Oct 2017 15:42:04 GMT
Hi Henri,

Sometimes those agreements assign copyright and avoids the issue of reassigning an existing
contributors agreement.

AIUI, the ASF is more interested in communities than code, so if source code is already under
ALv2, the SGA or some agreement is showing that each copyright holder agrees to move the "Home"
of that community to ASF which allows us to put the ASF header on those files.  If there is
some other benefit or legal aspect to signing the SGA I'm definitely interested in what that
is.  For MXNet, I think that is an agreement to stop making changes on OpenHub and start making
changes in ASF repos.

For every contributor you can't track down, there is a risk that they may object "I don't
want to move to the ASF, I want to stay at OpenHub", but since the code is already ALv2, they
really can't stop MXNet from using their code in an ASF repo.  It occurs to me, though, if
you want to be super picky, that you can't use Git Blame to determine the set of contributors.
 If you commit:

  for (i = 0; i < n; i++)

And I later change that to:

  for (i = 0; i < n -1; i++)

I believe you still own some of that line of code but Git Blame will only show me.  So I think
you have to ask every committer who ever committed.  Even if you prove their code was eventually
fully replaced or discarded, you don't really know if their code influenced other code that
wasn't.

So, if you agree my line of thinking, then some of these MXNet files are going to fall into
the typical scenarios where some committer wants to inject ALv2 code found outside the ASF
into a file in an ASF repo or an ASF committer wants to patch some non-ASF ALv2 code and bundle
it in an ASF release.  Some files coming from OpenHub may have every line signed for and thus
can have the header replaced, but if not every line is signed for, then you have mixed code
and you get to make a judgement call about the header.  If it is mostly signed for, it is
the first scenario, if it is not mostly signed for, it is the second scenario.

As to the actual words in the header or NOTICE, IMO, if a file is completely signed for and
thus you can change the header, I would suggest moving the copyright to NOTICE as "Copyright
Contributors (see Contributors.md)"  And try to make sure that Contributors.md is reasonably
up to date.

My 2 cents,
-Alex


From: <hyandell@gmail.com<mailto:hyandell@gmail.com>> on behalf of Henri Yandell
<henri@yandell.org<mailto:henri@yandell.org>>
Reply-To: "legal-discuss@apache.org<mailto:legal-discuss@apache.org>" <legal-discuss@apache.org<mailto:legal-discuss@apache.org>>
Date: Tuesday, October 3, 2017 at 1:22 AM
To: ASF Legal Discuss <legal-discuss@apache.org<mailto:legal-discuss@apache.org>>
Subject: Re: MXNet: "Copyright Contributors"

Alex: Ignoring the question of whether such an agreement could be reassigned to Apache; no
there wasn't :)

Craig: I would agree with you on the copyright statement if it included authors' names. As
it is, I'm tempted to have every file contain Copyright Contributors as it's as true for Apache
as it is for pre-Apache; it's a nonsensical statement.  (Leaving the SGA/CLA discussion for
the other thread).

Hen


On Mon, Oct 2, 2017 at 10:39 PM, Alex Harui <aharui@adobe.com.invalid<mailto:aharui@adobe.com.invalid>>
wrote:
Was there any sort of contributors agreement signed by folks before committing code to wherever
the code lived before Apache?

-Alex

From: Craig Russell <apache.clr@gmail.com<mailto:apache.clr@gmail.com>>
Reply-To: "legal-discuss@apache.org<mailto:legal-discuss@apache.org>" <legal-discuss@apache.org<mailto:legal-discuss@apache.org>>
Date: Monday, October 2, 2017 at 3:34 PM
To: "legal-discuss@apache.org<mailto:legal-discuss@apache.org>" <legal-discuss@apache.org<mailto:legal-discuss@apache.org>>
Subject: Re: MXNet: "Copyright Contributors"

Hi Henri,

This is indeed a tricky situation.

One of Apache's main operating principles is that downstream consumers can rest assured that
Apache has done due diligence to establish provenance for the code base. In this case, establishing
provenance for each line of code appears to be difficult.

But we have to try. It seems that the podling committers need to find out the long list of
contributors and what they contributed. The git history should be sufficient for that, including
all pull requests.

If we have "trivial" contributions that would not affect the viability of the project if the
contributor subsequently decided that they wanted to withdraw their consent to use them, I'm
ok with including those contributions.

But we should have clear IP grant (via either SGA or ICLA) from everyone who contributed major
functionality to the project before it arrived here.

Finally, if we have significant code whose authorship is questionable, we should not change
the header from "Copyright (c) 2015 by Contributors" to the Apache header, since we have no
legal basis for the Apache header. If the code is under the Apache license, we can distribute
that code under the terms of the license including NOTICE requirements. This is the least
desirable path.

Craig

On Oct 1, 2017, at 10:01 PM, Henri Yandell <bayard@apache.org<mailto:bayard@apache.org>>
wrote:

Another podling question.

The MXNet code previously stated:

  Copyright (c) 2015 by Contributors

This is pretty vague and begs the question of what to put in MXNet source headers going forth.
It might even perhaps be a tautology; something is always copyright to its contributors (where
contributors is open source speak for authors).

Per the previous email, it's likely that not all contributors will have signed an ICLA with
Apache. Do we keep that one liner in every file, do we put something in the NOTICE along the
lines of:

"MXNet was previously published at https://github.com/dmlc/mxnet<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fdmlc%2Fmxnet&data=02%7C01%7C%7Cf97cc716fea2452ace4e08d509e5d0ab%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636425805041175506&sdata=haVjB7wYqatKsL7OFhmNWRby8OCJgyyXSSFe6fpmYIw%3D&reserved=0>
and was Copyright (c) 2015 by Contributors"

Or put that in every source file.

It's a curious question imo. The current Apache source header says:

"Licensed to the Apache Software Foundation (ASF) under one
 or more contributor license agreements.  See the NOTICE file
 distributed with this work for additional information
 regarding copyright ownership."

Where contributor license agreements include ICLAs, CCLAs, Software Grants and Clause 5 of
the Apache License 2.0; at least in so far as contributed directly to Apache. It also possibly
includes ICLAs/CCLAs signed with third parties who then signed a Software Grant, and arguably
Clause 5 of the Apache License 2.0 to those third parties. MXNet is fun (aka normal for most
open source projects) in that it's unclear who that third party would have been; presumably
the individual who created the dmlc GitHub organization as there is no legal entity there.

All of which is to show that I've thought about this a bit, with no perfect answer. We are
not going to get an ICLA from every one of the "Contributors". We could leave that generic
and confusing text in each source file, but I feel this is an allowable case for moving that
copyright statement into the NOTICE per my proposed text of:

"MXNet was previously published at https://github.com/dmlc/mxnet<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fdmlc%2Fmxnet&data=02%7C01%7C%7Cf97cc716fea2452ace4e08d509e5d0ab%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636425805041175506&sdata=haVjB7wYqatKsL7OFhmNWRby8OCJgyyXSSFe6fpmYIw%3D&reserved=0>
and was Copyright (c) 2015 by Contributors"

Do folk on the Legal list feel this is sane, or that I'm barking mad? :)

Thanks,

Hen

Craig L Russell
Secretary, Apache Software Foundation
clr@apache.org<mailto:clr@apache.org> http://db.apache.org/jdo<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdb.apache.org%2Fjdo&data=02%7C01%7C%7Cf97cc716fea2452ace4e08d509e5d0ab%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636425805041175506&sdata=kTwr6cY3Z1TxxvtOqNhItfO4FTQW7%2BSOtxyXbspf3%2BU%3D&reserved=0>


Mime
View raw message