8:53 p.m.
On 6/25/18 12:22 AM, Niels van Dijk wrote:
Hi all,
On 22-06-18 16:30, Heather Flanagan wrote:
Well, yes and no (unless you think IPR means something other than
copyright, patents, and trademarks). My understanding of the GitHub ToS
say that the license file in the repository applies to the contributions
in that repository. The Apache 2 license file in the pySAML2
repositories cover copyright and patent licensing. The SUNET and
NORDUnet license files only touches on copyright ownership (with the
owner being SUNET and an individual).
If GEANT posted it's own license and copyright on code submitted to
pySAML2 and Satosa, I think they went against the GitHub ToS.
And, as always, IANAL.
-Heather
Hi all,
One of the individuals I contacted when I was reaching out about the
possibility of a [C]CLA pointed out the following from the GitHub
Terms of Service:
---
6. Contributions Under Repository License
Whenever you make a contribution to a repository containing notice of
a license, you license your contribution under the same terms, and you
agree that you have the right to license your contribution under those
terms. If you have a separate agreement to license your contributions
under different terms, such as a contributor license agreement, that
agreement will supersede.
Isn't this just how it works already? Yep. This is widely accepted as
the norm in the open-source community; it's commonly referred to by
the shorthand "inbound=outbound". We're just making it explicit.
(https://help.github.com/articles/github-terms-of-service/)
---
I've also reviewed the licenses listed under each of the Identity
Python projects:
* pySAML2 = Apache 2.0
* SaToSa = Apache 2.0
* pyXMLSecurity = NORDUnet (2 clause BSD)
* pyFF = SUNET (2 clause BSD)
* pyeleven = SUNET (2 clause BSD)
My reading of this suggests that a CLA doesn't actually offer us any
assurances we don't already have by a) using GitHub (and therefore
agreeing to the ToS) and b) posting the licenses in the repos (which
must be inherited by anyone posting in those repos, again thanks to
the GitHub ToS).
The Github TOS as I read them does indeed help a lot when it comes to
the license. I see no reason not to use that. perhaps we should make it
a bit more explicit by e.g. adding a line pointing to this in each
README.md?
The TOS doe not however concern the IPR I think?
For e.g. pyXMLSecurity several have contributed as part of NORDUnet, but
I do not think that is the case for all (e.g. Ian). Furthermore, some of
the work was done under the GEANT project, which, in line with the
project agreement also needs to be reflected in the copyright statement(s).
Niels