On Tue, 2026-02-10 at 16:18 -0800, Stefan van der Walt via NumPy-
Discussion wrote:
> On Tue, Feb 10, 2026, at 15:12, Evgeni Burovski wrote:
> >
> > > 3. be careful not to breach any copyright or license terms (yes,
> > > we
> > > take those seriously!).
> > >
> >
> > For a contributor this recommendation is not easily actionable. "I
> > used a tool X and it gave me this code" --- how to make sure I
> > understand the code, this is clear yes I can do that; how am I
> > meant to carefully check for copyright?
>
> It's near impossible, so I suspect the only way to truly play it safe
> is to only provide code that cannot reasonably be copyrighted.
TL;DR: To "be careful not to break copyright" just states fact? How
scary that fact is depends a bit on how the viewpoint/how likely it is
agents violate copyright.
If there is guidance e.g. from some large OSS foundation, I would
prefer to link to that rather than try to figure it out ourselves...
---
Copyright violation is a problem. But I am not sure it is a huge one
for many contributions? I.e. just because they are very project
specific or small. [1]
However, I still think that this isn't new at all: By contributing, we
already agree to licensing the code with the projects license and that
means being sure we are allowed to license it that way.
And while we don't make you sign a CLA (contributors license agreement)
any project that has a bit of legalese around should already have more
scary sentences.
So yeah, the scariness of the sentence depends on the view-point, but
at its core, I think it just states a fact?
For myself, I don't really feel like discussing it too much without a
better foundation: it seems to me that books will be written or at
least some OSS foundation with more legal knowledge should make
guidelines that we can use as a basis of our own (or as a basis of
discussion).
Maybe those already exist? Is there an OOS foundation that e.g. says:
Please don't use these tools due to copyright issues (or a variation)?
You can argue we should inform contributors to err on the super safe
side... my gut feeling is we can't do much: Discouraging the careful
ones while the non-careful ones don't read this anyway seems not super
useful.
We could force people to "sign" a CLA now if we were more worried, but
do we really want that (nor do I doubt it will help a lot)? [2]
FWIW, if someone contributed a non-trivial/textbook algorithm or said
"implement X for/in Y", I think they clearly have to do due diligence.
(Of course best case, the original code is licensed in a way that
derived works -- with attribution -- are unproblematic.)
- Sebastian
[1] OK, I am not sure about things like "fair use" due to how small
something is, that again depends a lot on where you are on the planet
also...
[2] My limited understanding is we don't need this because we just
won't re-license our code (this is not a problem, becuase it's such a
free license).
I.e. there is now reason for us to "own" the code. But I also would be
surprised if there aren't legal counsels who would say that we need one
either way...
("sign" could just mean adding a "signed-off by" to the commit or even
putting it more in the PR template/contributors docs.)
>
> > So maybe it'd be helpful to have a link to some guide, however
> > rough, plus some reading material.
> > Or (am putting a maintainer hat on) maybe we want to ask the
> > contributor to show some analysis. As in, "this code is only a
> > refcounting fix where the origin traces straight to CPython docs"
> > vs "this code can be traced to this Stackoverflow answer" (BTW,
> > what's the copyright status of that?)
>
> CC-BY-SA
>
> https://stackoverflow.com/legal/terms-of-service/public
>
> > (I planned to stay out of this thread)
>
> 😉
>
> Stéfan
> _______________________________________________
> NumPy-Discussion mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> https://mail.python.org/mailman3//lists/numpy-discussion.python.org
> Member address: [email protected]
_______________________________________________
NumPy-Discussion mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3//lists/numpy-discussion.python.org
Member address: [email protected]
