-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA224
Am Donnerstag, 16. Oktober 2014 schrieb Timothy Pearson:
I have a question:
I often process patches from François, making adjustments as needed,
and
then commit. For such posts will be listed as an author François and as Signed-off will be mine. Is this the correct procedure?
Actually he needs to sign off on them. It gets a bit confusing because there are actually three authorship fields in GIT that we are interested in: author, signed-off-by, and committer. In this case his name goes into author and signed-off-by, and your name goes into committer. So when you process the patches, if he provided a signed-off-by line for that patch in Bugzilla then you copy that into the commit message on the last line of the commit message, separated by a blank line.
As I am still phasing the CLA system in, and I trust the core team not to sue, include copyrighted code, etc., if he has not provided a signed-off-by line for the patches go ahead and commit them without a signed-off-by line.
For developers with GIT accounts you can commit and sign off all in one step by passing the -s flag to git commit. Just be aware that you are stating you have the legal right to license the commit when you do this; philosophically this is the same as before but the procedure is a bit more formal now.
Or contributions should be Signed-off at the same time by François? If
so,
how should it be implemented technically?
When he submits patches he should provide a signed-off-by line for that patch in the bugtracker. If anyone outside of the core team submits a patch without a signed-off-by line for that patch in the bug report we need to request that they provide one--the patch itself does not have to be resubmitted, but the submitter needs to add a comment stating they are signing off on that patch and appending the appropriate signed-off-by line to that comment.
Similarly, in cases of occasional contributors who do not have commit access? For example, during the integration of the translations.
Same as above; if patch is submitted via Email then the Email should contain the signed-off-by line. It's always OK to reply to a patch submission and request that a signed-off-by line be provided.
Does this make sense? Basically we're just fixing the bookkeeping end of the project so that we know who authored, who owns, who released, and who committed anything and can thereby better avoid any potential legal issues.
Tim
"How do you call it when a bus full of lawers goes over the cliffs?" "A good beginning!"
Heh. :-)
What about just demanding form every contributor for his/her patches/bugreports to be accepted the patches/report must comply to GPL v2/v3/BSD ... ? Place it in the bugtracker, place it on the list, be done.
The problem (explained below) boils down to at least in the USA/UK (unsure of elsewhere) a person may not actually have the legal rights to release their work under the GPL. If the true rights holder comes after me, which do you think will shorten the legal trouble: "I had a notice on the website so I thought they read and followed it..." or "this person was in breach of contract with me, here's the paperwork they read, signed, and violated!". I vote for the latter, as does every major open source project I know of: http://en.wikipedia.org/wiki/Contributor_License_Agreement
If somebody wants to sue you, he/she will do despite whaterver contract was signed - especally in the "free" US. In the rest of the world that signed CLA will most likely not be valid at all (in most cases it's sufficent to claim you have not comprehended the text in its full extent, 'cause it's not written in your tongue)
While I understand fully what you are saying, in all honesty I am not concerned about problems from contributors outside of the USA/UK. I think most of the free world understands what contributing to open source means; it's just our two countries (and maybe one or two others, not sure) where people seem to want to have their cake and eat it too.
This whole CLA thing kicked off many months ago because I have someone who lives in the USA and works for a USA-based engineering firm; basically in this situation the person's employer de facto owns all works created by the employee even in their off time unless the company explicitly releases those rights. Previously we had no mechanism by which the employee could ask the company to do that, and therefore no way for that person to ever contribute to TDE; now we have a mechanism in place.
Tim