On 8/9/16, 1:46 PM, "shaposh...@gmail.com on behalf of Roman Shaposhnik" <shaposh...@gmail.com on behalf of ro...@shaposhnik.org> wrote:
>On Tue, Aug 9, 2016 at 1:39 PM, Alex Harui <aha...@adobe.com> wrote: >> >> >> On 8/9/16, 1:27 PM, "shaposh...@gmail.com on behalf of Roman Shaposhnik" >> <shaposh...@gmail.com on behalf of ro...@shaposhnik.org> wrote: >> >>>On Mon, Aug 8, 2016 at 8:27 PM, Justin Mclean <jus...@classsoftware.com> >>>wrote: >>>> Hi, >>>> >>>>> This is why we're relying a great deal on RAT's exclusion file to >>>>>mark >>>>> the files that came from PG even though their license headers could >>>>>look weir enough. >>>> >>>> Would’t be better to fix/add the headers? >>> >>>For things where we diverged from the upstream with producing sizable >>>changes >>>to the existing code -- absolutely and some of your findings may as >>>well fit in that >>>category. For the code that is kept pristine, I'd like to avoid >>>modifying the headers. >> >> Did the code owners (original authors of these files) actually sign an >>SGA >> to donate these files to Apache? > >No. I though it was implicit in my original email, but thanks for >calling attention to it. AIUI, if it is 3rd party and otherwise unmodified, modification of the headers is not an option. > >> If not, these files are technically not >> part of a code donation and should be treated as you would any 3rd party >> code. AIUI, you can't grant code you don't own, even if it was >> accidentally included in an SGA. > >Correct for the pristine, unmodified sources. For source originally >coming from PG >where Pivotal (and companies prior to it) added/modified to it the >line get blurry. > >Personally, I feel like those types of files definitely need to be >included in the SGA. >After all, Pivotal did own the modifications on top of the pristine PG >source and it is >important for the company to explicitly signal donation of that code. AIUI, files containing IP owned by the SGA signors should be listed in the SGA. It is helpful to have clear documentation in the files and LICENSE as to what is under ASF control and what is 3rd party. I think some folks use two headers (ASF then original), but I haven't seen that as required. Sure, non-standard headers makes RAT checking harder, but IMO if the LICENSE provides sufficient warning that you might find 3rd party code in certain locations that should be good enough. -Alex
