On Sat, Jan 31, 2015 at 11:32 AM, Matt Franklin <[email protected]> wrote: > On Sat Jan 31 2015 at 11:22:15 AM Benson Margulies <[email protected]> > wrote: > >> On Sat, Jan 31, 2015 at 10:55 AM, James Carman >> <[email protected]> wrote: >> > Are there guidelines for these "usual considerations"? >> >> (Queue Marvin on the subject of documentation.) >> >> http://www.apache.org/licenses/ >> >> My understanding: when a significant body of code arrives all at once, >> the Foundation desires an SGA. That, however, assumes that one legal >> entity is granting the license to the whole thing. So, if you have a >> github repo whose contents are assembled of a uniform distribution of >> small contributions, there would be no point to an SGA. If, on the >> other hand, the histogram of contribution size versus copyright holder >> indicated that some copyright owners contributed 'significant' bodies >> of code, then SGAs from those entities might be called for. There is >> no established law that allows the Foundation to set hard criteria in >> terms of lines of code, so this has to be a judgement call, and people >> sometimes call upon the VP, Legal for assistance in making those >> judgement calls. >> >> For all the small stuff, the safe path is to get an ICLA from each >> committer, and an email message positively stating an intent to donate >> the code. > > > Yes, this is the safest approach; but, may not be necessary for changes > that do not represent significant IP. For instance, our projects accept > minor contributions through JIRA, without an ICLA.
There's a critical distinction here. Once you have released a product under the Apache license, people can contribute new things to it under the terms of the license. The license has very specific language: if you take code from us, and then send us a contribution (email, JIRA, github PR, carrier pigeon) that is a derivative of what you took, you are granting the code to the Foundation. That doesn't help with the initial import of a project from github or bitbucket or Jupiter or Mars; none of those contributions met the criteria in the license of sending a contribution back to the Foundation, because the code wasn't here in the first place. > > > >> Note that copyright still stays with them; they are granting >> a license, but we also require that code that 'moves into' Apache some >> with some expression of positive intent on the part of the >> author/copyright owner. >> >> >> > >> > On Saturday, January 31, 2015, Benson Margulies <[email protected]> >> > wrote: >> > >> >> On Sat, Jan 31, 2015 at 8:44 AM, James Carman >> >> <[email protected] <javascript:;>> wrote: >> >> > Is there a "standard" within the incubator about how we go about >> >> > getting the appropriate forms filled out when we want to incubate a >> >> > project from GitHub? GitHub fosters a sort of fly-by contribution >> >> > model (and that's a good thing), but it makes donating the code a bit >> >> > troublesome, because we need to make sure that all (to a certain >> >> > degree?) of the contributors do, in fact want to donate the code they >> >> > contributed to the foundation. >> >> >> >> Simple answer: no. It is up to you to get ICLA/CCLA/SGA as appropriate >> >> for all contributors based on the usual considerations of contribution >> >> size, copyright ownership, and provenance clarity. if you have some >> >> stray commits that you can't cover, you can either reimplement, or >> >> make an argument that are below the threshold of concern. The github >> >> metadata helps a bit, but since you have no guarantee that the >> >> committer is the author, there's no possible way to see this as >> >> automated. The fact that code is published under the AL does _not_ >> >> make it automatically code that you can pull in no matter what else. >> >> We require a positive intent to contribute the code to the foundation. >> >> >> >> > >> >> > Note that this problem isn't necessarily unique to GitHub, but Git >> >> > itself somewhat highlights the issue because contributions from >> >> > outside parties (pull requests) do maintain metadata about their >> >> > original authors. With SVN, typically someone with "karma" has to do >> >> > the commit and it gets tagged with their identity, so the audit trail >> >> > goes cold (comments can contain attributions, but that's hard to >> >> > report on). >> >> > >> >> > Anyway, just looking for some guidance here. We are trying to move >> >> > TinkerPop forward and how exactly we go about getting the forms filled >> >> > out properly is somewhat of a blocker. >> >> > >> >> > Thanks, >> >> > >> >> > James Carman, Assistant Secretary >> >> > Apache Software Foundation >> >> > >> >> > --------------------------------------------------------------------- >> >> > To unsubscribe, e-mail: [email protected] >> >> <javascript:;> >> >> > For additional commands, e-mail: [email protected] >> >> <javascript:;> >> >> > >> >> >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: [email protected] >> >> <javascript:;> >> >> For additional commands, e-mail: [email protected] >> >> <javascript:;> >> >> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
