Thanks for both answers. Ok, so just to clearly restate what our workflow is here:
If we get a pull request from a random person on the internet, who may or may not have an ICLA with Apache, we can merge it because of clause 5 in the license. We only need an ICLA if we want someone to be able to commit directly to the TinkerPop repo. No need to reply unless I've mis-stated something - thanks again! Best regards, Stephen On Mon, Feb 9, 2015 at 6:48 PM, Rob Vesse <[email protected]> wrote: > Stephen > > Daniel's response already answered the bulk of your question. > > However it is worth nothing that most of the time an ICLA is not required > not due to clause 5 of the Apache License: > > http://apache.org/licenses/LICENSE-2.0.html#contributions > > "Unless You explicitly state otherwise, any Contribution intentionally > submitted for inclusion in the Work by You to the Licensor shall be under > the terms and conditions of this License, without any additional terms or > conditions. Notwithstanding the above, nothing herein shall supersede or > modify the terms of any separate license agreement you may have executed > with Licensor regarding such Contributions." > > It is pretty clear that opening a Pull Request counts as "intentionally > submitted" so an ICLA is not necessary. > > ICLAs are only required for people who can commit directly to the ASF > repository. It doesn't necessarily matter if the ID is not known as the > ASF maintains push records for audit purposes so even if the committer ID > in the repository is not known to Apache they can still trace who the > Apache committer was who pushed the commits into the ASF repository (as > only Apache committers can push code to the ASF repositories). > > Rob > > On 09/02/2015 07:00, "Stephen Mallette" <[email protected]> wrote: > > >Mentors, I had some questions as to how we proceed when we receive a pull > >request: > > > >1. If the PR is from someone we know to have signed an ICLA, then it's > >easy > >to go ahead and merge, but how do we verify github users submitting PRs > >whom we don't know by their ID? I found this page: > >http://people.apache.org/committer-index.html which seems to be a public > >listing of people who have signed....do we just use that to verify such > >things? > > > >2. Just to clarify, a person who signs an ICLA for Apache is covered for > >all Apache projects. It's not like they sign an ICLA for each project > >they > >commit to. Is that right? > > > >Thanks, > > > >Stephen > > > > >
