On 25 Jun 2018, at 20:53, Heather Flanagan
<hlflanagan at sphericalcowgroup.com> wrote:
On 6/25/18 12:22 AM, Niels van Dijk wrote:
Hi all,
On 22-06-18 16:30, Heather Flanagan wrote:
Hi all,
One of the individuals I contacted when I was reaching out about the
possibility of a [C]CLA pointed out the following from the GitHub
Terms of Service:
---
6. Contributions Under Repository License
Whenever you make a contribution to a repository containing notice of
a license, you license your contribution under the same terms, and you
agree that you have the right to license your contribution under those
terms. If you have a separate agreement to license your contributions
under different terms, such as a contributor license agreement, that
agreement will supersede.
Isn't this just how it works already? Yep. This is widely accepted as
the norm in the open-source community; it's commonly referred to by
the shorthand "inbound=outbound". We're just making it explicit.
(
https://help.github.com/articles/github-terms-of-service/)
---
I've also reviewed the licenses listed under each of the Identity
Python projects:
* pySAML2 = Apache 2.0
* SaToSa = Apache 2.0
* pyXMLSecurity = NORDUnet (2 clause BSD)
* pyFF = SUNET (2 clause BSD)
* pyeleven = SUNET (2 clause BSD)
My reading of this suggests that a CLA doesn't actually offer us any
assurances we don't already have by a) using GitHub (and therefore
agreeing to the ToS) and b) posting the licenses in the repos (which
must be inherited by anyone posting in those repos, again thanks to
the GitHub ToS).
The Github TOS as I read them does indeed help a lot when it comes to
the license. I see no reason not to use that. perhaps we should make it
a bit more explicit by e.g. adding a line pointing to this in each
README.md?
The TOS doe not however concern the IPR I think?
For e.g. pyXMLSecurity several have contributed as part of NORDUnet, but
I do not think that is the case for all (e.g. Ian). Furthermore, some of
the work was done under the GEANT project, which, in line with the
project agreement also needs to be reflected in the copyright statement(s).
Well, yes and no (unless you think IPR means something other than copyright, patents, and
trademarks). My understanding of the GitHub ToS say that the license file in the
repository applies to the contributions in that repository. The Apache 2 license file in
the pySAML2 repositories cover copyright and patent licensing. The SUNET and NORDUnet
license files only touches on copyright ownership (with the owner being SUNET and an
individual).
If GEANT posted it's own license and copyright on code submitted to pySAML2 and
Satosa, I think they went against the GitHub ToS.
Didn’t happen, at least regarding pySAML2 and it was by design.
And, as always, IANAL.
-Heather
Niels
_______________________________________________
Idpy-discuss mailing list
Idpy-discuss at lists.sunet.se <mailto:Idpy-discuss at lists.sunet.se>
https://lists.sunet.se/listinfo/idpy-discuss
<https://lists.sunet.se/listinfo/idpy-discuss>
— Roland
The higher up you go, the more mistakes you are allowed. Right at the top, if you make
enough of them, it's considered to be your style.
-Fred Astaire, dancer, actor, singer, musician, and choreographer (10 May 1899-1987)