on clear intent sufficient to accept contributions

[Andrew Petro <ap...@gmail.com>]

Hi,

I participate in another software community that's trying to "do what
Apache does" wrt Contributor License Agreements vis a vis code
contributions.

Someone tried to tell me that we can't accept GitHub Pull Requests where
the requestors had not (physically) signed Individual Contributor License
Agreements.

As I understand, this is a well-worn, asked-and-answered matter, and that
the answer is that only Committers are required to sign Contributor License
Agreements, that contributions can be accepted so long as the intent to
contribute under the Apache license terms is clear.

And now this well-worn matter is answered one more time:

http://apetro.ghost.io/apache-contributors-no-cla/

I write sharing that link in the hope that:

1. That post may be of some use to someone in explaining this matter in the
future, and
2. Kind experts will disabuse me of any misunderstandings I may have.

Kind regards,

Andrew

Re: on clear intent sufficient to accept contributions

[Craig Russell <cr...@oracle.com>]

As I understand it, there is a practical reason for PMCs to request (require) an explicit ICLA before accepting a clever or large contribution.

If we accept the contribution, and later there is some issue (e.g. lawsuit) over whether the contributor actually intended or had legal rights to contribute, the project would be required to remove the offending code and either reimplement or disable the functionality.

So the issue comes down to risk. For trivial contributions, reimplementing is an easy option. For clever or large contributions, there is much more work to do in the event of a contested contribution.

To avoid the risk associated with clever or large contributions, most PMCs request a formal ICLA to be filed.

Craig

> On Aug 13, 2016, at 5:36 PM, Henri Yandell <ba...@apache.org> wrote:
> 
> 
> It sounds like a request for legal advice - which this list isn't for. i.e. I don't see that there's a 'canonical position' that can exist. There's how we do things, but that's just a policy we've chosen for our development.
> 
> ---
> 
> Stating my understanding of the Apache policy - Apache requires ICLAs of its committers, uses ICLAs or a software license (https://www.apache.org/licenses/software-grant.txt <https://www.apache.org/licenses/software-grant.txt>) for exceptional contributions from contributors and generally relies on clause 5 of the Apache License 2.0 for other contributions from contributors. 
> 
> Hen
> 
> 
> On Fri, Jul 29, 2016 at 8:01 AM, Andrew Petro <apetro.lists@gmail.com <ma...@gmail.com>> wrote:
> Hi again,
> 
> There's a desire to secure a "canonical position" from Apache <https://groups.google.com/a/apereo.org/d/msg/licensing-discuss/c1puG3RKZcA/t0OG_DdAAwAJ> wrt the necessity of securing ICLAs from contributors rather than only from committers, beyond my amateur analysis, this legal-discuss@ list thread, and LEGAL-156 <https://issues.apache.org/jira/browse/LEGAL-156?focusedCommentId=13554864&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13554864>.
> 
> Is there a viable path to such a canonical position? Ought I to open a LEGAL JIRA issue requesting this?
> 
> Kind regards,
> 
> Andrew
> 
> 
> On Wed, Jun 29, 2016 at 11:18 PM, Henri Yandell <bayard@apache.org <ma...@apache.org>> wrote:
> 
> 
> On Wed, Jun 29, 2016 at 8:52 AM, Stian Soiland-Reyes <stain@apache.org <ma...@apache.org>> wrote:
> On 29 June 2016 at 16:32, Ted Dunning <ted.dunning@gmail.com <ma...@gmail.com>> wrote:
> >
> > As a practical matter, I think that you should use some judgement about how significant the pull request is.  If it is large enough or clever enough to be hard to replicate you should probably ask for a more formal record of agreement to the license.
> 
> Agree on "large" or "clever" being triggers.
> 
> Also an ICLA is good to clarify if it could be unclear if the
> contribution is the sole work of the contributor (and that she has the
> right to contribute it) or is code imported from "somewhere" (e.g.
> obvious code style differences).
> 
> With a signed ICLA/CCLA we have the legal backing that the named
> contributor claimed to have the rights to contribute under the Apache
> License - a semi-anonymous GitHub user "coder42" is a bit more dubious
> if questions are later raised about Intellectual Property rights.
> 
> So as a rough guide, a typical small patch/pull request is easy,
> someone adding a couple of brand new classes/files should raise
> warning signs and new modules/folders should be require ICLA. If the
> code looks like a mixed ragbag, ask for further provenance, an ICLA
> and code style cleanup :).
> 
> Noting, as it relates to the subject, clause 5 of Apache License 2.0:
> 
> 5. Submission of Contributions <>. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
> 
> 
> Hen
> 
> 

Craig L Russell
clr@apache.org

Re: on clear intent sufficient to accept contributions

[Henri Yandell <ba...@apache.org>]

It sounds like a request for legal advice - which this list isn't for. i.e.
I don't see that there's a 'canonical position' that can exist. There's how
we do things, but that's just a policy we've chosen for our development.

---

Stating my understanding of the Apache policy - Apache requires ICLAs of
its committers, uses ICLAs or a software license (
https://www.apache.org/licenses/software-grant.txt) for exceptional
contributions from contributors and generally relies on clause 5 of the
Apache License 2.0 for other contributions from contributors.

Hen


On Fri, Jul 29, 2016 at 8:01 AM, Andrew Petro <ap...@gmail.com>
wrote:

> Hi again,
>
> There's a desire to secure a "canonical position" from Apache
> <https://groups.google.com/a/apereo.org/d/msg/licensing-discuss/c1puG3RKZcA/t0OG_DdAAwAJ>
> wrt the necessity of securing ICLAs from contributors rather than only from
> committers, beyond my amateur analysis, this legal-discuss@ list thread,
> and LEGAL-156
> <https://issues.apache.org/jira/browse/LEGAL-156?focusedCommentId=13554864&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13554864>
> .
>
> Is there a viable path to such a canonical position? Ought I to open a
> LEGAL JIRA issue requesting this?
>
> Kind regards,
>
> Andrew
>
>
> On Wed, Jun 29, 2016 at 11:18 PM, Henri Yandell <ba...@apache.org> wrote:
>
>>
>>
>> On Wed, Jun 29, 2016 at 8:52 AM, Stian Soiland-Reyes <st...@apache.org>
>> wrote:
>>
>>> On 29 June 2016 at 16:32, Ted Dunning <te...@gmail.com> wrote:
>>> >
>>> > As a practical matter, I think that you should use some judgement
>>> about how significant the pull request is.  If it is large enough or clever
>>> enough to be hard to replicate you should probably ask for a more formal
>>> record of agreement to the license.
>>>
>>> Agree on "large" or "clever" being triggers.
>>>
>>> Also an ICLA is good to clarify if it could be unclear if the
>>> contribution is the sole work of the contributor (and that she has the
>>> right to contribute it) or is code imported from "somewhere" (e.g.
>>> obvious code style differences).
>>>
>>> With a signed ICLA/CCLA we have the legal backing that the named
>>> contributor claimed to have the rights to contribute under the Apache
>>> License - a semi-anonymous GitHub user "coder42" is a bit more dubious
>>> if questions are later raised about Intellectual Property rights.
>>>
>>> So as a rough guide, a typical small patch/pull request is easy,
>>> someone adding a couple of brand new classes/files should raise
>>> warning signs and new modules/folders should be require ICLA. If the
>>> code looks like a mixed ragbag, ask for further provenance, an ICLA
>>> and code style cleanup :).
>>>
>>
>> Noting, as it relates to the subject, clause 5 of Apache License 2.0:
>>
>> *5. Submission of Contributions*. Unless You explicitly state otherwise,
>> any Contribution intentionally submitted for inclusion in the Work by You
>> to the Licensor shall be under the terms and conditions of this License,
>> without any additional terms or conditions. Notwithstanding the above,
>> nothing herein shall supersede or modify the terms of any separate license
>> agreement you may have executed with Licensor regarding such Contributions.
>>
>> Hen
>>
>
>

Re: on clear intent sufficient to accept contributions

[Andrew Petro <ap...@gmail.com>]

Hi again,

There's a desire to secure a "canonical position" from Apache
<https://groups.google.com/a/apereo.org/d/msg/licensing-discuss/c1puG3RKZcA/t0OG_DdAAwAJ>
wrt the necessity of securing ICLAs from contributors rather than only from
committers, beyond my amateur analysis, this legal-discuss@ list thread,
and LEGAL-156
<https://issues.apache.org/jira/browse/LEGAL-156?focusedCommentId=13554864&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13554864>
.

Is there a viable path to such a canonical position? Ought I to open a
LEGAL JIRA issue requesting this?

Kind regards,

Andrew


On Wed, Jun 29, 2016 at 11:18 PM, Henri Yandell <ba...@apache.org> wrote:

>
>
> On Wed, Jun 29, 2016 at 8:52 AM, Stian Soiland-Reyes <st...@apache.org>
> wrote:
>
>> On 29 June 2016 at 16:32, Ted Dunning <te...@gmail.com> wrote:
>> >
>> > As a practical matter, I think that you should use some judgement about
>> how significant the pull request is.  If it is large enough or clever
>> enough to be hard to replicate you should probably ask for a more formal
>> record of agreement to the license.
>>
>> Agree on "large" or "clever" being triggers.
>>
>> Also an ICLA is good to clarify if it could be unclear if the
>> contribution is the sole work of the contributor (and that she has the
>> right to contribute it) or is code imported from "somewhere" (e.g.
>> obvious code style differences).
>>
>> With a signed ICLA/CCLA we have the legal backing that the named
>> contributor claimed to have the rights to contribute under the Apache
>> License - a semi-anonymous GitHub user "coder42" is a bit more dubious
>> if questions are later raised about Intellectual Property rights.
>>
>> So as a rough guide, a typical small patch/pull request is easy,
>> someone adding a couple of brand new classes/files should raise
>> warning signs and new modules/folders should be require ICLA. If the
>> code looks like a mixed ragbag, ask for further provenance, an ICLA
>> and code style cleanup :).
>>
>
> Noting, as it relates to the subject, clause 5 of Apache License 2.0:
>
> *5. Submission of Contributions*. Unless You explicitly state otherwise,
> any Contribution intentionally submitted for inclusion in the Work by You
> to the Licensor shall be under the terms and conditions of this License,
> without any additional terms or conditions. Notwithstanding the above,
> nothing herein shall supersede or modify the terms of any separate license
> agreement you may have executed with Licensor regarding such Contributions.
>
> Hen
>

Re: on clear intent sufficient to accept contributions

[Henri Yandell <ba...@apache.org>]

On Wed, Jun 29, 2016 at 8:52 AM, Stian Soiland-Reyes <st...@apache.org>
wrote:

> On 29 June 2016 at 16:32, Ted Dunning <te...@gmail.com> wrote:
> >
> > As a practical matter, I think that you should use some judgement about
> how significant the pull request is.  If it is large enough or clever
> enough to be hard to replicate you should probably ask for a more formal
> record of agreement to the license.
>
> Agree on "large" or "clever" being triggers.
>
> Also an ICLA is good to clarify if it could be unclear if the
> contribution is the sole work of the contributor (and that she has the
> right to contribute it) or is code imported from "somewhere" (e.g.
> obvious code style differences).
>
> With a signed ICLA/CCLA we have the legal backing that the named
> contributor claimed to have the rights to contribute under the Apache
> License - a semi-anonymous GitHub user "coder42" is a bit more dubious
> if questions are later raised about Intellectual Property rights.
>
> So as a rough guide, a typical small patch/pull request is easy,
> someone adding a couple of brand new classes/files should raise
> warning signs and new modules/folders should be require ICLA. If the
> code looks like a mixed ragbag, ask for further provenance, an ICLA
> and code style cleanup :).
>

Noting, as it relates to the subject, clause 5 of Apache License 2.0:

*5. Submission of Contributions*. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work by You
to the Licensor shall be under the terms and conditions of this License,
without any additional terms or conditions. Notwithstanding the above,
nothing herein shall supersede or modify the terms of any separate license
agreement you may have executed with Licensor regarding such Contributions.

Hen

Re: on clear intent sufficient to accept contributions

[Stian Soiland-Reyes <st...@apache.org>]

On 29 June 2016 at 16:32, Ted Dunning <te...@gmail.com> wrote:
>
> As a practical matter, I think that you should use some judgement about how significant the pull request is.  If it is large enough or clever enough to be hard to replicate you should probably ask for a more formal record of agreement to the license.

Agree on "large" or "clever" being triggers.

Also an ICLA is good to clarify if it could be unclear if the
contribution is the sole work of the contributor (and that she has the
right to contribute it) or is code imported from "somewhere" (e.g.
obvious code style differences).

With a signed ICLA/CCLA we have the legal backing that the named
contributor claimed to have the rights to contribute under the Apache
License - a semi-anonymous GitHub user "coder42" is a bit more dubious
if questions are later raised about Intellectual Property rights.

So as a rough guide, a typical small patch/pull request is easy,
someone adding a couple of brand new classes/files should raise
warning signs and new modules/folders should be require ICLA. If the
code looks like a mixed ragbag, ask for further provenance, an ICLA
and code style cleanup :).

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

Re: on clear intent sufficient to accept contributions

[Ted Dunning <te...@gmail.com>]

As a practical matter, I think that you should use some judgement about how significant the pull request is.  If it is large enough or clever enough to be hard to replicate you should probably ask for a more formal record of agreement to the license. 

Sent from my iPhone

> On Jun 29, 2016, at 8:24, Andrew Petro <ap...@gmail.com> wrote:
> 
> As I understand, this is a well-worn, asked-and-answered matter, and that the answer is that only Committers are required to sign Contributor License Agreements, that contributions can be accepted so long as the intent to contribute under the Apache license terms is clear.

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org