trinity-devel@lists.pearsoncomputing.net

Message: previous - next
Month: October 2014

Re: [trinity-devel] Contributor License Agreements

From: "Timothy Pearson" <kb9vqf@...>
Date: Thu, 16 Oct 2014 14:27:49 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA224

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA224
>
>> I have a question:
>>
>> I often process patches from François, making adjustments as needed, and
>> then
>> commit. For such posts will be listed as an author François and as
>> Signed-off
>> will be mine. Is this the correct procedure?
>
> Actually he needs to sign off on them.  It gets a bit confusing because
> there are actually three authorship fields in GIT that we are interested
> in: author, signed-off-by, and committer.  In this case his name goes into
> author and signed-off-by, and your name goes into committer.  So when you
> process the patches, if he provided a signed-off-by line for that patch in
> Bugzilla then you copy that into the commit message on the last line of
> the commit message, separated by a blank line.
>
> As I am still phasing the CLA system in, and I trust the core team not to
> sue, include copyrighted code, etc., if he has not provided a
> signed-off-by line for the patches go ahead and commit them without a
> signed-off-by line.
>
> For developers with GIT accounts you can commit and sign off all in one
> step by passing the -s flag to git commit.  Just be aware that you are
> stating you have the legal right to license the commit when you do this;
> philosophically this is the same as before but the procedure is a bit more
> formal now.
>
>> Or contributions should be Signed-off at the same time by François? If
>> so,
>> how
>> should it be implemented technically?
>
> When he submits patches he should provide a signed-off-by line for that
> patch in the bugtracker.  If anyone outside of the core team submits a
> patch without a signed-off-by line for that patch in the bug report we
> need to request that they provide one--the patch itself does not have to
> be resubmitted, but the submitter needs to add a comment stating they are
> signing off on that patch and appending the appropriate signed-off-by line
> to that comment.
>
>> Similarly, in cases of occasional contributors who do not have commit
>> access?
>> For example, during the integration of the translations.
>
> Same as above; if patch is submitted via Email then the Email should
> contain the signed-off-by line.  It's always OK to reply to a patch
> submission and request that a signed-off-by line be provided.
>
> Does this make sense?  Basically we're just fixing the bookkeeping end of
> the project so that we know who authored, who owns, who released, and who
> committed anything and can thereby better avoid any potential legal
> issues.
>
> Tim

I need to be clearer about one thing: If an author has not provided a
signed-off-by line, do NOT add it for him under any circumstances. 
Especially in the United States and the UK the author may or may not have
the legal right to license his or her work to anyone, so the signed-off-by
line should not always be populated with the author's information.

In the special case of open source patches from other projects, the person
that pulls the patch from that project and submits it to us should sign
off on it.  In this case the patch handler is asserting, via the license
granted to him or her, that he or she has the right to relicense the patch
to us.  If this is not possible then there must be no signed-off-by line
in the GIT commit message, and the patch needs to be reviewed by the core
development team to verify its origin and license compatibility before
committing.

Tim
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iFYEARELAAYFAlRAHDQACgkQLaxZSoRZrGFVOQDgv8cR8izWnNCcdFmGGXU1vrHH
sLthyw5KkIHN1wDghwNLadNzqIf5U/IUMfz6gn8fBdGk3qGDPgdfcQ==
=uNaL
-----END PGP SIGNATURE-----