Stephen Hahn wrote:
> * Garrett D'Amore <gdamore at opensolaris.org> [2008-06-19 20:03]:
>
>> Stephen Hahn wrote:
>>
>>> * Garrett D'Amore <gdamore at opensolaris.org> [2008-06-19 16:56]:
>>>
>>>
>>>> John Plocher wrote:
>>>>
>>>>
>>>>> [multiple replies in one message...]
>>>>>
>>>>>
>>>>> Bonnie Corwin wrote:
>>>>> > John Plocher wrote:
>>>>> >> From the OGB's perspective, all we are defining are three governance
>>>>> >> related roles:
>>>>> >>
>>>>> >> Participant - Someone who is interacting with our community
>>>>> >> Contributer - Someone who has contributed something significant
>>>>> >> to our community and has filed a contributer
>>>>> agreement
>>>>> >
>>>>> > Do you all literally mean this?
>>>>> > Only non-Sun community members file SCAs so that's a problem.
>>>>>
>>>>> Duh! It needs to include both, obviously. Or drop the requirement
>>>>> for a SCA (though, if we are indeed drawing a line around current
>>>>> practice,
>>>>> that practice does require the agreement...)
>>>>>
>>>>>
>>>> As I previously stated, this is false. There are contributions that have
>>>> come in the form of other licensing arrangements, such as BSD licensed
>>>> code. (See afe/mxfe for an example.) I can well imagine the same
>>>> might apply for Creative Commons licensed contributions as well.
>>>>
>>>> I would suggest dropping the SCA requirement.
>>>>
>>>>
>>> Since BSD licensed code has no provision for patent licensing (SCA#3)
>>> and lacks an affidavit of original work (SCA#5), I would prefer to
>>> keep the SCA as required, in the interest in having a uniform and
>>> understood set of properties around contributions. That is, I would
>>> like to preserve the possibility of giving a foundation the cleanest
>>> set of copyright/patent/etc. information about the source that we can.
>>>
>>>
>> Too late. There is already a ton of useful code that is in Solaris that is
>> not covered under SCA or CDDL, and has no such guarantees. For example,
>> pretty much all of the desktop environment (X11, Gnome, Mozilla),
>> significant portions of the infrastructure (Apache, OpenSSL, Sendmail),
>> etc.
>>
>
> All of these components either went through the open source review
> process, or individual assessments prior to the introduction of that
> process. The exposure of at least one product assembler using those
> components is reasonably well characterized. (Moreover, your examples
> are, in fact, removable components.)
>
<speaking not as a sun employee, but as an individual contributor>
Does an SCA combined with CDDL mean that the OSR process is elided? I
hope not. I know that there have been cases in the past where
copyrights have been omitted -- either willfully or accidentally -- and
reliance on the judgment of individual contributors who may not be
familiar with IP law and may be completely unaware of patent issues
seems a bit risky at best.
Having an agreement on file for contributions with some neutral 3rd
party makes sense. I'm not asking that the requirement be dropped. I'm
allowing though, that in some cases it might be waived (as it was for my
afe/mxfe.)
I'm suggesting rather that I don't think we should build our foundation
around it. The purposes that SCA serve are orthogonal, IMO, to the
question about whether someone can be viewed as a contributor to
OpenSolaris.
Having a neutral third party, such as some kind of OpenSolaris
Foundation, administer the SCA's and own the IP, would, IMO be
preferable to naming Sun directly. If only because it reduces the risk
(or more importantly, the perception of risk) that Sun could "take their
toys and go home".
To be entirely clear here, I think Sun requires the SCA because they
want the freedom to do whatever they like with the code -- including
using it or derived bits of it for closed source bits like Solaris 10.
If the real concern was patent grants and legal assertion of original
authorship, I doubt I would have ever gotten my own afe/mxfe drivers
integrated. (Recall the OSR for those bits was done using the BSD
license *before* I joined the company, even while I had signed the SCA
and had offered to relicense them under CDDL if it turned out to be a
requirement for integration.)
Anyway, I don't need to beat this dead horse anymore. Just please leave
the SCA requirement out of any formal governance rules.
-- Garrett
