On 3 July 2011 16:50, Andy Seaborne <[email protected]> wrote: > (mentors, mainly) > > Suppose a JIRA has patch but it's a link to a file on a non-ASF machine from > someone who has not signed a xCLA. The "Apache can use it" check box is > checked. > > Can this be accepted as-is, or should/must the contents be placed on the > JIRA?
My answer is not authoritative on this one. If you want to get an autoratative answer you need to ask on [email protected] My answer is what I *think* they will say (but this is legal and thus full of surprises). I would say that no this is not acceptable. The problem, as I see it, is that there can be no way of verifying that the person who submitted the issue is the same person that uploaded the code to the third party site. Consequently we cannot assume that they have the necessary permissions to offer the code to the ASF. Naturally it can be argued that an upload to JIRA doesn't provide proof, but it does provide evidence that did everything we can reasonably be expected to do in order to ensure the legitimacy of the code. In other words, I agree with your observations below. Ross > The 2 issues I see are > > 1/ that the link does not provide a proper record of the contents of the > file (the contents may change or disappear) > > 2/ it's not so clear the submitter has the rights to contribute (could be a > link to someone's content; it's hard to verify the ownership of link > content) > > When this happened to me, I asked the contributor to attach the patch, which > they kindly did (more a question to driving JIRA), but to be prepared for > next time, I wanted to check the situation. > > Unless there established practice, I'd not accept linked contributions > because of 1 and 2 not leaving a trail in JIRA. The only exception might be > very large contributions - but if it's that large, then a software grant > would be clearer anyway. > > Andy > -- Ross Gardler (@rgardler) Programme Leader (Open Development) OpenDirective http://opendirective.com
