On Aug 19, 2012, at 10:17 , Lennart Regebro <rege...@gmail.com> wrote:

>> And since it becomes ever easier to accept code from unknown sources (e.g. 
>> pull requests) legal code ownership becomes an issue again.
> And that returns me to my first question: Is it really legally
> different for a contributor to accept a pull request from a
> non-contributor compared with a contributor merging a patch from a
> non-contributor?

Legally, both are disallowed unless there's some proof (written statement etc) 
from the code author that he assigns ownership of the patch or the contents of 
that pull request to the contributor who is doing the checkin.

In the past we haven't done a good job of enforcing this clear ownership 
assignment chain. There are always code patches from non-contributors in the 
bug tracker that may make it into the code base with the help of a contributor. 
There's a grey area: Is the act of submitting a patch into the Zope bug tracker 
enough to signal "I am giving you ownership of this code"? I am not sure.

GitHub makes this pulling in of "outside" code even easier. I'm afraid it will 
become even harder to really maintain this chain of custody.


Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists -
 https://mail.zope.org/mailman/listinfo/zope )

Reply via email to