Software Grants for GitHub Projects...
Is there a standard within the incubator about how we go about getting the appropriate forms filled out when we want to incubate a project from GitHub? GitHub fosters a sort of fly-by contribution model (and that's a good thing), but it makes donating the code a bit troublesome, because we need to make sure that all (to a certain degree?) of the contributors do, in fact want to donate the code they contributed to the foundation. Note that this problem isn't necessarily unique to GitHub, but Git itself somewhat highlights the issue because contributions from outside parties (pull requests) do maintain metadata about their original authors. With SVN, typically someone with karma has to do the commit and it gets tagged with their identity, so the audit trail goes cold (comments can contain attributions, but that's hard to report on). Anyway, just looking for some guidance here. We are trying to move TinkerPop forward and how exactly we go about getting the forms filled out properly is somewhat of a blocker. Thanks, James Carman, Assistant Secretary Apache Software Foundation - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: Software Grants for GitHub Projects...
Are there guidelines for these usual considerations? On Saturday, January 31, 2015, Benson Margulies bimargul...@gmail.com wrote: On Sat, Jan 31, 2015 at 8:44 AM, James Carman ja...@carmanconsulting.com javascript:; wrote: Is there a standard within the incubator about how we go about getting the appropriate forms filled out when we want to incubate a project from GitHub? GitHub fosters a sort of fly-by contribution model (and that's a good thing), but it makes donating the code a bit troublesome, because we need to make sure that all (to a certain degree?) of the contributors do, in fact want to donate the code they contributed to the foundation. Simple answer: no. It is up to you to get ICLA/CCLA/SGA as appropriate for all contributors based on the usual considerations of contribution size, copyright ownership, and provenance clarity. if you have some stray commits that you can't cover, you can either reimplement, or make an argument that are below the threshold of concern. The github metadata helps a bit, but since you have no guarantee that the committer is the author, there's no possible way to see this as automated. The fact that code is published under the AL does _not_ make it automatically code that you can pull in no matter what else. We require a positive intent to contribute the code to the foundation. Note that this problem isn't necessarily unique to GitHub, but Git itself somewhat highlights the issue because contributions from outside parties (pull requests) do maintain metadata about their original authors. With SVN, typically someone with karma has to do the commit and it gets tagged with their identity, so the audit trail goes cold (comments can contain attributions, but that's hard to report on). Anyway, just looking for some guidance here. We are trying to move TinkerPop forward and how exactly we go about getting the forms filled out properly is somewhat of a blocker. Thanks, James Carman, Assistant Secretary Apache Software Foundation - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org javascript:; For additional commands, e-mail: general-h...@incubator.apache.org javascript:; - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org javascript:; For additional commands, e-mail: general-h...@incubator.apache.org javascript:;
Re: Software Grants for GitHub Projects...
On Sat, Jan 31, 2015 at 10:55 AM, James Carman ja...@carmanconsulting.com wrote: Are there guidelines for these usual considerations? (Queue Marvin on the subject of documentation.) http://www.apache.org/licenses/ My understanding: when a significant body of code arrives all at once, the Foundation desires an SGA. That, however, assumes that one legal entity is granting the license to the whole thing. So, if you have a github repo whose contents are assembled of a uniform distribution of small contributions, there would be no point to an SGA. If, on the other hand, the histogram of contribution size versus copyright holder indicated that some copyright owners contributed 'significant' bodies of code, then SGAs from those entities might be called for. There is no established law that allows the Foundation to set hard criteria in terms of lines of code, so this has to be a judgement call, and people sometimes call upon the VP, Legal for assistance in making those judgement calls. For all the small stuff, the safe path is to get an ICLA from each committer, and an email message positively stating an intent to donate the code. Note that copyright still stays with them; they are granting a license, but we also require that code that 'moves into' Apache some with some expression of positive intent on the part of the author/copyright owner. On Saturday, January 31, 2015, Benson Margulies bimargul...@gmail.com wrote: On Sat, Jan 31, 2015 at 8:44 AM, James Carman ja...@carmanconsulting.com javascript:; wrote: Is there a standard within the incubator about how we go about getting the appropriate forms filled out when we want to incubate a project from GitHub? GitHub fosters a sort of fly-by contribution model (and that's a good thing), but it makes donating the code a bit troublesome, because we need to make sure that all (to a certain degree?) of the contributors do, in fact want to donate the code they contributed to the foundation. Simple answer: no. It is up to you to get ICLA/CCLA/SGA as appropriate for all contributors based on the usual considerations of contribution size, copyright ownership, and provenance clarity. if you have some stray commits that you can't cover, you can either reimplement, or make an argument that are below the threshold of concern. The github metadata helps a bit, but since you have no guarantee that the committer is the author, there's no possible way to see this as automated. The fact that code is published under the AL does _not_ make it automatically code that you can pull in no matter what else. We require a positive intent to contribute the code to the foundation. Note that this problem isn't necessarily unique to GitHub, but Git itself somewhat highlights the issue because contributions from outside parties (pull requests) do maintain metadata about their original authors. With SVN, typically someone with karma has to do the commit and it gets tagged with their identity, so the audit trail goes cold (comments can contain attributions, but that's hard to report on). Anyway, just looking for some guidance here. We are trying to move TinkerPop forward and how exactly we go about getting the forms filled out properly is somewhat of a blocker. Thanks, James Carman, Assistant Secretary Apache Software Foundation - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org javascript:; For additional commands, e-mail: general-h...@incubator.apache.org javascript:; - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org javascript:; For additional commands, e-mail: general-h...@incubator.apache.org javascript:; - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: Software Grants for GitHub Projects...
On Sat Jan 31 2015 at 11:22:15 AM Benson Margulies bimargul...@gmail.com wrote: On Sat, Jan 31, 2015 at 10:55 AM, James Carman ja...@carmanconsulting.com wrote: Are there guidelines for these usual considerations? (Queue Marvin on the subject of documentation.) http://www.apache.org/licenses/ My understanding: when a significant body of code arrives all at once, the Foundation desires an SGA. That, however, assumes that one legal entity is granting the license to the whole thing. So, if you have a github repo whose contents are assembled of a uniform distribution of small contributions, there would be no point to an SGA. If, on the other hand, the histogram of contribution size versus copyright holder indicated that some copyright owners contributed 'significant' bodies of code, then SGAs from those entities might be called for. There is no established law that allows the Foundation to set hard criteria in terms of lines of code, so this has to be a judgement call, and people sometimes call upon the VP, Legal for assistance in making those judgement calls. For all the small stuff, the safe path is to get an ICLA from each committer, and an email message positively stating an intent to donate the code. Yes, this is the safest approach; but, may not be necessary for changes that do not represent significant IP. For instance, our projects accept minor contributions through JIRA, without an ICLA. Note that copyright still stays with them; they are granting a license, but we also require that code that 'moves into' Apache some with some expression of positive intent on the part of the author/copyright owner. On Saturday, January 31, 2015, Benson Margulies bimargul...@gmail.com wrote: On Sat, Jan 31, 2015 at 8:44 AM, James Carman ja...@carmanconsulting.com javascript:; wrote: Is there a standard within the incubator about how we go about getting the appropriate forms filled out when we want to incubate a project from GitHub? GitHub fosters a sort of fly-by contribution model (and that's a good thing), but it makes donating the code a bit troublesome, because we need to make sure that all (to a certain degree?) of the contributors do, in fact want to donate the code they contributed to the foundation. Simple answer: no. It is up to you to get ICLA/CCLA/SGA as appropriate for all contributors based on the usual considerations of contribution size, copyright ownership, and provenance clarity. if you have some stray commits that you can't cover, you can either reimplement, or make an argument that are below the threshold of concern. The github metadata helps a bit, but since you have no guarantee that the committer is the author, there's no possible way to see this as automated. The fact that code is published under the AL does _not_ make it automatically code that you can pull in no matter what else. We require a positive intent to contribute the code to the foundation. Note that this problem isn't necessarily unique to GitHub, but Git itself somewhat highlights the issue because contributions from outside parties (pull requests) do maintain metadata about their original authors. With SVN, typically someone with karma has to do the commit and it gets tagged with their identity, so the audit trail goes cold (comments can contain attributions, but that's hard to report on). Anyway, just looking for some guidance here. We are trying to move TinkerPop forward and how exactly we go about getting the forms filled out properly is somewhat of a blocker. Thanks, James Carman, Assistant Secretary Apache Software Foundation - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org javascript:; For additional commands, e-mail: general-h...@incubator.apache.org javascript:; - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org javascript:; For additional commands, e-mail: general-h...@incubator.apache.org javascript:; - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: Software Grants for GitHub Projects...
On Sat, Jan 31, 2015 at 8:44 AM, James Carman ja...@carmanconsulting.com wrote: Is there a standard within the incubator about how we go about getting the appropriate forms filled out when we want to incubate a project from GitHub? GitHub fosters a sort of fly-by contribution model (and that's a good thing), but it makes donating the code a bit troublesome, because we need to make sure that all (to a certain degree?) of the contributors do, in fact want to donate the code they contributed to the foundation. Simple answer: no. It is up to you to get ICLA/CCLA/SGA as appropriate for all contributors based on the usual considerations of contribution size, copyright ownership, and provenance clarity. if you have some stray commits that you can't cover, you can either reimplement, or make an argument that are below the threshold of concern. The github metadata helps a bit, but since you have no guarantee that the committer is the author, there's no possible way to see this as automated. The fact that code is published under the AL does _not_ make it automatically code that you can pull in no matter what else. We require a positive intent to contribute the code to the foundation. Note that this problem isn't necessarily unique to GitHub, but Git itself somewhat highlights the issue because contributions from outside parties (pull requests) do maintain metadata about their original authors. With SVN, typically someone with karma has to do the commit and it gets tagged with their identity, so the audit trail goes cold (comments can contain attributions, but that's hard to report on). Anyway, just looking for some guidance here. We are trying to move TinkerPop forward and how exactly we go about getting the forms filled out properly is somewhat of a blocker. Thanks, James Carman, Assistant Secretary Apache Software Foundation - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: Software Grants for GitHub Projects...
On Sat, Jan 31, 2015 at 11:32 AM, Matt Franklin m.ben.frank...@gmail.com wrote: On Sat Jan 31 2015 at 11:22:15 AM Benson Margulies bimargul...@gmail.com wrote: On Sat, Jan 31, 2015 at 10:55 AM, James Carman ja...@carmanconsulting.com wrote: Are there guidelines for these usual considerations? (Queue Marvin on the subject of documentation.) http://www.apache.org/licenses/ My understanding: when a significant body of code arrives all at once, the Foundation desires an SGA. That, however, assumes that one legal entity is granting the license to the whole thing. So, if you have a github repo whose contents are assembled of a uniform distribution of small contributions, there would be no point to an SGA. If, on the other hand, the histogram of contribution size versus copyright holder indicated that some copyright owners contributed 'significant' bodies of code, then SGAs from those entities might be called for. There is no established law that allows the Foundation to set hard criteria in terms of lines of code, so this has to be a judgement call, and people sometimes call upon the VP, Legal for assistance in making those judgement calls. For all the small stuff, the safe path is to get an ICLA from each committer, and an email message positively stating an intent to donate the code. Yes, this is the safest approach; but, may not be necessary for changes that do not represent significant IP. For instance, our projects accept minor contributions through JIRA, without an ICLA. There's a critical distinction here. Once you have released a product under the Apache license, people can contribute new things to it under the terms of the license. The license has very specific language: if you take code from us, and then send us a contribution (email, JIRA, github PR, carrier pigeon) that is a derivative of what you took, you are granting the code to the Foundation. That doesn't help with the initial import of a project from github or bitbucket or Jupiter or Mars; none of those contributions met the criteria in the license of sending a contribution back to the Foundation, because the code wasn't here in the first place. Note that copyright still stays with them; they are granting a license, but we also require that code that 'moves into' Apache some with some expression of positive intent on the part of the author/copyright owner. On Saturday, January 31, 2015, Benson Margulies bimargul...@gmail.com wrote: On Sat, Jan 31, 2015 at 8:44 AM, James Carman ja...@carmanconsulting.com javascript:; wrote: Is there a standard within the incubator about how we go about getting the appropriate forms filled out when we want to incubate a project from GitHub? GitHub fosters a sort of fly-by contribution model (and that's a good thing), but it makes donating the code a bit troublesome, because we need to make sure that all (to a certain degree?) of the contributors do, in fact want to donate the code they contributed to the foundation. Simple answer: no. It is up to you to get ICLA/CCLA/SGA as appropriate for all contributors based on the usual considerations of contribution size, copyright ownership, and provenance clarity. if you have some stray commits that you can't cover, you can either reimplement, or make an argument that are below the threshold of concern. The github metadata helps a bit, but since you have no guarantee that the committer is the author, there's no possible way to see this as automated. The fact that code is published under the AL does _not_ make it automatically code that you can pull in no matter what else. We require a positive intent to contribute the code to the foundation. Note that this problem isn't necessarily unique to GitHub, but Git itself somewhat highlights the issue because contributions from outside parties (pull requests) do maintain metadata about their original authors. With SVN, typically someone with karma has to do the commit and it gets tagged with their identity, so the audit trail goes cold (comments can contain attributions, but that's hard to report on). Anyway, just looking for some guidance here. We are trying to move TinkerPop forward and how exactly we go about getting the forms filled out properly is somewhat of a blocker. Thanks, James Carman, Assistant Secretary Apache Software Foundation - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org javascript:; For additional commands, e-mail: general-h...@incubator.apache.org javascript:; - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org javascript:; For additional commands, e-mail: general-h...@incubator.apache.org javascript:;
Re: Software Grants for GitHub Projects...
On 1/31/15, 9:09 AM, Benson Margulies bimargul...@gmail.com wrote: On Sat, Jan 31, 2015 at 11:32 AM, Matt Franklin m.ben.frank...@gmail.com wrote: On Sat Jan 31 2015 at 11:22:15 AM Benson Margulies bimargul...@gmail.com wrote: On Sat, Jan 31, 2015 at 10:55 AM, James Carman ja...@carmanconsulting.com wrote: Are there guidelines for these usual considerations? For all the small stuff, the safe path is to get an ICLA from each committer, and an email message positively stating an intent to donate the code. Yes, this is the safest approach; but, may not be necessary for changes that do not represent significant IP. For instance, our projects accept minor contributions through JIRA, without an ICLA. There's a critical distinction here. Once you have released a product under the Apache license, people can contribute new things to it under the terms of the license. The license has very specific language: if you take code from us, and then send us a contribution (email, JIRA, github PR, carrier pigeon) that is a derivative of what you took, you are granting the code to the Foundation. That doesn't help with the initial import of a project from github or bitbucket or Jupiter or Mars; none of those contributions met the criteria in the license of sending a contribution back to the Foundation, because the code wasn't here in the first place. Just curious, what if the code was under AL but not at Apache? -Alex - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
