Gary, Thanks for posting your thoughts and questions. Sorry for not responding sooner.
I agree that signing paper docs is a bit archaic, but the legal world moves very slowly. If we ever needed to "audit" the contributor agreements, claiming that someone clicked something agreeing to it is dubious. We'd have to adopt/build some real infrastructure to have something like this be believable. I also feel like we should follow the lead of other bodies that have worked in this space much longer and more broadly than we have. Both the Apache Foundation and the Free Software Foundation still recommend and use actual signed documents. We have talked about adding legal notices to things like JIRA and Confluence regarding patches. Since we will still want to accept patches from people who are not committers (and who are not necessarily interested in attaining committer status), we still want to accept these patches, but we will want them to be clear on the broader terms under which they are submitting them. Doing something in this area is still on my "to do" list for licensing. I agree we want to avoid signed agreements for patch submissions. The licensing policy does not necessarily need to apply to projects that are in a "sandbox" state, but any project that wants to graduate from incubation and be considered a Jasig sponsored project will need to comply with the policy to reach that state. As long as projects were originally managed at Jasig under the New BSD license (like uPortal and CAS), going forward we can release them under the Apache License and don't have to make prior contributors do anything. There are a lot of notes on this in the policy writeup. We think of Jasig much more like Apache than Sourceforge. We aren't just hosting infrastructure for any project that wants it. Sourceforge and Google Code are already fine options for that. Apache does require signed contributor agreements for all of its sponsored projects, and we have modeled our policy closely after theirs. I hope that addresses your concerns. Thanks! John Gary Weaver wrote: > Cris said that this might be a more appropriate place to send my > comments below. > > Thanks! > Gary > > -------- Original Message -------- > Subject: Re: [uportal-dev] Jasig/uPortal Licensing Policy Update > Date: Wed, 29 Jul 2009 09:50:48 -0400 > From: Gary Weaver <[email protected]> > Reply-To: [email protected] > To: [email protected] > References: <c695348c.2555b%[email protected]> > <[email protected]> <[email protected]> > > > > BTW- I noticed that JASIG was actually using Apache's process which > involves signing this: http://www.apache.org/licenses/icla.txt - I guess > maybe the committers have needed to sign actual forms, but that those > submitting patches didn't. But, I think don't completely understand why > a signed document is needed vs. agreement via submitting form on the > web. Handsigning and faxing seems pretty old-school, and I think is > mostly there as a deterrent to involvement by developers, which I don't > think JASIG needs imo. > > > Gary Weaver wrote: > >> Something else I thought of if it helps is that Sourceforge, Apache >> (although it was several years ago and my patch was integrated by >> someone else), and Atlassian community projects that I've contributed to >> have not required actual hand-signed statements/contracts (that I >> remember at least- RPI was the only one that required a signed agreement >> for Bedework iirc). >> >> Couldn't there just be an online form to submit a request for access to >> contribute that doesn't require printing/signing/faxing or mailing? I'm >> pretty sure that I had to agree to something when signing up with >> sourceforge. Then whenever changes came about, they've just sent an >> email to state the changes to the agreement (and maybe how to contact >> them or opt-out if they disagree) iirc. >> >> License changes for uPortal and other top-level JASIG projects could >> then just be handled by an email out to the group stating that >> everything under the JASIG umbrella in the code had a proposed license >> change and it could be voted on like any other changes. >> >> Thanks! >> Gary >> >> >> Gary Weaver wrote: >> >> >>> Curious- will this also apply to all portlets contributed to sandbox? >>> >>> How feasible is all of this if there is some code here and there (not >>> sure if there is, but if there is) that was contributed under a >>> different license? >>> >>> In open source projects before, I've never been asked to change the >>> license by the person hosting the source control repository (it has >>> usually just been an initiative by the developers on the project >>> itself), so am just curious. >>> >>> Thanks! >>> Gary >>> >>> -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/uportal-dev
