On Dec 8, 2009, at 10:36 AM, Josh Thompson wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> How does it work (legally) for someone in the community to submit a patch?  
> I've always viewed the process for someone to become a committer to be that 
> they must first submit some code indirectly (meaning, an existing committer 
> vets it and then checks it in to source control).  After a few rounds of 
> submitting code that way, the person can be approved by the community as a 
> new committer (at which point they submit a CLA and gain write access to 
> source control).

Hi Josh,
Different projects can have different ground rules for what they look for in 
new committers. Typically, a community will look for contributions from an 
individual, before considering to invite them to become a committer.

You can submit a CLA to the ASF at anytime. You don't have to be invited to 
become a committer first. 

> 
> However, how do we know that the code they submit indirectly is clear of 
> copyright and license restrictions?  Is it up to the committer that actually 
> checks it in to verify it is clear?  If so, how do we go about verifying 
> that?

Patches submitted by a contributor should grant the ASF permission to apply the 
Apache License to their work. Contributors should only do this if they created 
the patch and they hold the copyright to the code. Having a CLA on file is also 
helpful in clarifying this...

There's a radio button on "Attach Files" in Jira for this very purpose:

"Grant license to ASF for inclusion in ASF works (as per the Apache License) 
Contributions intended for inclusion in ASF products (eg. patches, code) must 
be licensed to ASF under the terms of the Apache License. Other attachments 
(eg. log dumps, test cases) need not be."

In general, the expectation is on the contributor. If the committer suspects 
there is a problem (e.g. the contributor does not hold the copyright or that 
the code may have license restrictions), then this is something that the 
committer (and other project members) should investigate.

--kevan

Reply via email to