11:13 a.m.
Totally agree !
On 26 Jun 2018, at 11:11, Niels van Dijk
<niels.vandijk at surfnet.nl> wrote:
Hi all,
On 25-06-18 21:54, Roland Hedberg wrote:
I am not suggesting to have GEANT claim ownership etc. That is not needed. While the
GEANT project has its own licence, the GEANT project accepts an acceptable prior license,
and the Apache2 license is one of these, so that is just fine. As Roland says, we knew
this and we made sure we designed it in this way.
The only thing needed is attribution. The line would probably something like:
"Contributions to this work are part of a project that has received funding from the
European Union’s Horizon 2020 research and innovation programme under Grant Agreement No.
691567 (GN4-1)."
SUNET and NORDUnet, by joining the GEANT project and by allowing e.g. Roland and UMA
University to work on these tools as part of that project, have agreed to a number of
things, among them this kind of attribution. For the funding agency (the EU) it is
critically important to see they are being acknowledged, and so that make it also
critically important for the project.
Cheers,
Niels
--
Niels van Dijk Technical Product Manager Trust & Security
Mob: +31 651347657 | Skype: cdr-80 | PGP Key ID: 0xDE7BB2F5
SURFnet BV | PO.Box 19035 | NL-3501 DA Utrecht | The Netherlands
www.surfnet.nl <http://www.surfnet.nl/>
www.openconext.org <http://www.openconext.org/>
— Roland
The higher up you go, the more mistakes you are allowed. Right at the top, if you make
enough of them, it's considered to be your style.
-Fred Astaire, dancer, actor, singer, musician, and choreographer (10 May 1899-1987)
On 25 Jun 2018, at 20:53, Heather Flanagan
<hlflanagan at sphericalcowgroup.com <mailto:hlflanagan at
sphericalcowgroup.com>> wrote:
On 6/25/18 12:22 AM, Niels van Dijk wrote:
Didn’t happen, at least regarding pySAML2 and it was by design.
Hi all,
On 22-06-18 16:30, Heather Flanagan wrote:
> Hi all,
>
> One of the individuals I contacted when I was reaching out about the
> possibility of a [C]CLA pointed out the following from the GitHub
> Terms of Service:
>
> ---
> 6. Contributions Under Repository License
>
> Whenever you make a contribution to a repository containing notice of
> a license, you license your contribution under the same terms, and you
> agree that you have the right to license your contribution under those
> terms. If you have a separate agreement to license your contributions
> under different terms, such as a contributor license agreement, that
> agreement will supersede.
>
> Isn't this just how it works already? Yep. This is widely accepted as
> the norm in the open-source community; it's commonly referred to by
> the shorthand "inbound=outbound". We're just making it explicit.
>
> (https://help.github.com/articles/github-terms-of-service/
<https://help.github.com/articles/github-terms-of-service/>)
> ---
>
> I've also reviewed the licenses listed under each of the Identity
> Python projects:
>
> * pySAML2 = Apache 2.0
> * SaToSa = Apache 2.0
> * pyXMLSecurity = NORDUnet (2 clause BSD)
> * pyFF = SUNET (2 clause BSD)
> * pyeleven = SUNET (2 clause BSD)
>
> My reading of this suggests that a CLA doesn't actually offer us any
> assurances we don't already have by a) using GitHub (and therefore
> agreeing to the ToS) and b) posting the licenses in the repos (which
> must be inherited by anyone posting in those repos, again thanks to
> the GitHub ToS).
>
>
The Github TOS as I read them does indeed help a lot when it comes to
the license. I see no reason not to use that. perhaps we should make it
a bit more explicit by e.g. adding a line pointing to this in each
README.md?
The TOS doe not however concern the IPR I think?
For e.g. pyXMLSecurity several have contributed as part of NORDUnet, but
I do not think that is the case for all (e.g. Ian). Furthermore, some of
the work was done under the GEANT project, which, in line with the
project agreement also needs to be reflected in the copyright statement(s).
Well, yes and no (unless you think IPR means something other than copyright, patents, and
trademarks). My understanding of the GitHub ToS say that the license file in the
repository applies to the contributions in that repository. The Apache 2 license file in
the pySAML2 repositories cover copyright and patent licensing. The SUNET and NORDUnet
license files only touches on copyright ownership (with the owner being SUNET and an
individual).
If GEANT posted it's own license and copyright on code submitted to pySAML2 and
Satosa, I think they went against the GitHub ToS.