You are viewing a plain text version of this content. The canonical link for it is here.
Posted to legal-discuss@apache.org by "Henri Yandell (Jira)" <ji...@apache.org> on 2019/10/21 17:19:00 UTC
[jira] [Commented] (LEGAL-481) IP-CLEARANCE clarification and
generic question
[ https://issues.apache.org/jira/browse/LEGAL-481?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16956302#comment-16956302 ]
Henri Yandell commented on LEGAL-481:
-------------------------------------
Answering the questions:
> 1) How to be sure of true provenance of a code ? is tooling available for that ? [did a contributor steal code?]
A solution here isn't very feasible. The code that is most damaging to be stolen is code that is kept confidential. While tooling does exist, it is only typically, at best, able to identify that some piece of public code is included in the contributed code.
Any time you see anything that might concern you on the provenance of a contribution, you should be very diligent in raising that concern.
> 2) Is it possible to ask donator for software grant retroactively and do IP clearance process retroactively ? What if not, code must be removed, release should be removed ?
Yes, it's possible to ask for the grant/ICLA retroactively. It would depend on the concern in question, but typically I wouldn't expect that we would be removing code/releases until we've made a reasonable effort to resolve the concern.
> 3) How to check in a formal legal compatible way, that "nickname1" and "nickname2" is the same person?
I suspect we'd need more context for this question. It probably depends on the situation.
> 4) How to check that a company is a real legal company versus just a name that we never will get response from? What to do if no response at all
Again, this probably depends on the situation.
---
On the concrete cases:
Case 1: [ecosytem-netbeans contribution]
It looks reasonable to me to believe the two identities are the same person. If you wanted to confirm, I would look to see if the email address used in the original code is showing in the contribution conversation. If not, and if something felt odd about the contribution, you could mail that address to get them to confirm.
Case 2: [dukescript-presenters contribution]
We're operating on our community trust in monacotoni; which is the same any company does with their employees. If anything smells odd; for example if the dukescript-presenters code had 10 copyright statements and monacotoni was only one, or it had both their copyright and their employer's copyright, then it's something to raise as a concern. Or if there were lots of commits from other folk.
I wouldn't generally be concerned if someone was saying a github account with a different account name to their apache account was there's.
Hope that helps - please reopen if I missed something or was too vague/confusing in an answer :)
> IP-CLEARANCE clarification and generic question
> -----------------------------------------------
>
> Key: LEGAL-481
> URL: https://issues.apache.org/jira/browse/LEGAL-481
> Project: Legal Discuss
> Issue Type: Question
> Reporter: Eric Barboni
> Priority: Major
>
> Hi Legal,
> IANAL so I may not use correct words.
> I have some question on IP Clearance. We may have issue because we accepted some code with no IP clearance.
> Exceptional workflow:
> It's also possible to recieve code from people stealing others and relicensing with no more history and propose donation. (very not nice guy)
> 1) How to be sure of true provenance of a code ? is tooling available for that ?
>
> Work common workflow
> People being Apache commiter,PMC, may provide source, but they develop on their company repository with licence header linked to their company.
> We accept this source because we see not real issue. But as company is in the header should have done software grant to be OK.
> 2) Is it possible to ask donator for software grant retroactivly and do IP clearance process retroactilvy ? What if not, code must be removed, release should be removed ?
>
> 3) How to check in a formal legal compatible way, that "nickname1" and "nickname2" is the same person?
> 4) How to check that a company is a real legal company versus just a name that we never will get response from? What to do if no response at all
>
> #################
> Concrete case 1:
> Code of payara /ecosytem-netbeans was merged after relicensing.
> Previous header exemple :[https://github.com/payara/ecosystem-netbeans-plugin/blob/master/payara.micro/src/org/netbeans/modules/fish/payara/micro/Constants.java]
>
> We should have it IP cleared, with software grant from payara.
> author is Gaurav Gupta <ga...@payara.fish>, as jgauravgupta commit that I understand that it's the same person. How to be legaly sure ?
> #################
> Concrete case 2:
> We start donation for dukescript-presenters.
> dukescript githubname is in fact also monacotoni at apache but how to make it formal.
>
> Thanks be advance. If I'm not clear I'm also on asf slack where I can reformulate and later edit here. PM me.
> Best Regards
> Eric skygo
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org