11:09 p.m.
Hi all,
The email went out giving code contributors a heads' up re: the need for
a CLA or CCLA for code committed to Identity Python projects. As
expected, we have some bounces, and some addresses were never valid to
begin with.
Bounces:
<Andy.Richter at brige-way.com>
<hans.horberg at umu.se>
<hossain at newscred.com>
<ikakavas at noc.grnet.gr>
<matt at netki.com>
<rebecka.gulliksson at umu.se>
<yo at launchkey.com>
Invalid addresses:
<DasAllFolks at users.noreply.github.com>
<haho0032 at its-admins-MacBook-Pro.local>
<ludwigkraatz at users.noreply.github.com>
<rebeckag at users.noreply.github.com>
<rhoerbe at users.noreply.github.com>
<z38 at z38.invalid>
I'm not too worried about the uma.se ones, as we we have other contacts
there. I'm also not worried about rhoerbe - we know where to find Rainer.
Thoughts on how to contact or verify what code was submitted for those
people and/or organizations I can't reach?
-Heather
11:59 p.m.
a quick look around:
<Andy.Richter at brige-way.com>
?
<hans.horberg at umu.se>
https://github.com/HaToHo
<hossain at newscred.com>
https://github.com/russel1237
<ikakavas at noc.grnet.gr>
he's on this list, I think as ikakavas at protonmail.com
<matt at netki.com>
Matt David from netki.com
https://twitter.com/theycallmemgd
we can also try opensource at netki.com
From
https://webcache.googleusercontent.com/search?q=cache:CmRIMbok4QEJ:https://…
Some possible email formats for Matt David are MDavid at netki.com, Matt.David at
netki.com, Matt at netki.com, and Matt_David at netki.com.
<rebecka.gulliksson at umu.se>
This is rebecka, part of its-dirg ( https://github.com/its-dirg )
<yo at launchkey.com>
I found Adam Englander is adam at launchkey.com
Maybe we can ask him if he knows what yo@ is?
launchkey.com is now https://www.iovation.com/launchkey
<DasAllFolks at users.noreply.github.com>
https://github.com/DasAllFolks
<haho0032 at its-admins-MacBook-Pro.local>
same as <hans.horberg at umu.se>
https://github.com/HaToHo
<ludwigkraatz at users.noreply.github.com>
https://github.com/ludwigkraatz
<rebeckag at users.noreply.github.com>
same as <rebecka.gulliksson at umu.se>
used to be https://github.com/rebeckag
<rhoerbe at users.noreply.github.com>
https://github.com/rhoerbe
<z38 at z38.invalid>
https://github.com/z38
--
Ivan c00kiemon5ter Kanakarakis >:3
3:58 p.m.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On April 4, 2018 12:59 AM, Ivan Kanakarakis <ivan.kanak at gmail.com> wrote:
Correct.
I have contributed code as part of my employment with GRNET S.A. but I am not currently
involved with that company in any capacity. Have you had similar situations or
have you considered how this can work with regards to the CLA/CCLA ?
//Ioannis
ikakavas at noc.grnet.gr
he's on this list, I think asikakavas at protonmail.com
9:32 p.m.
For Matt David @ netki.com, yo @ launchkey, and possibly others as I
work my way through the list, is there an easy way to figure out what
they actually contributed? I'm thinking if I reach out to their company,
the question will be what, exactly, did these folks do for the project.
Thanks,
Heather
On 4/3/18 2:59 PM, Ivan Kanakarakis wrote:
a quick look around:
<Andy.Richter at brige-way.com>
?
<hans.horberg at umu.se>
https://github.com/HaToHo
<hossain at newscred.com>
https://github.com/russel1237
<ikakavas at noc.grnet.gr>
he's on this list, I think as ikakavas at protonmail.com
<matt at netki.com>
Matt David from netki.com
https://twitter.com/theycallmemgd
we can also try opensource at netki.com
From
https://webcache.googleusercontent.com/search?q=cache:CmRIMbok4QEJ:https://…
Some possible email formats for Matt David are MDavid at netki.com, Matt.David at
netki.com, Matt at netki.com, and Matt_David at netki.com.
<rebecka.gulliksson at umu.se>
This is rebecka, part of its-dirg ( https://github.com/its-dirg )
<yo at launchkey.com>
I found Adam Englander is adam at launchkey.com
Maybe we can ask him if he knows what yo@ is?
launchkey.com is now https://www.iovation.com/launchkey
<DasAllFolks at users.noreply.github.com>
https://github.com/DasAllFolks
<haho0032 at its-admins-MacBook-Pro.local>
same as <hans.horberg at umu.se>
https://github.com/HaToHo
<ludwigkraatz at users.noreply.github.com>
https://github.com/ludwigkraatz
<rebeckag at users.noreply.github.com>
same as <rebecka.gulliksson at umu.se>
used to be https://github.com/rebeckag
<rhoerbe at users.noreply.github.com>
https://github.com/rhoerbe
<z38 at z38.invalid>
https://github.com/z38
11:13 a.m.
On 4 April 2018 at 22:32, Heather Flanagan
<hlflanagan at sphericalcowgroup.com> wrote:
For Matt David @ netki.com, yo @ launchkey, and
possibly others as I work my
way through the list, is there an easy way to figure out what they actually
contributed? I'm thinking if I reach out to their company, the question will
be what, exactly, did these folks do for the project.
Contributions by: Yo Sub Kwon <yo at launchkey.com>
https://github.com/IdentityPython/pysaml2/commit/79fe8a9c7e5d8db964ead5f29d…
Contributions by: Matt David <matt at netki.com>
https://github.com/IdentityPython/pyjwkest/commit/927a6f2c687ade3e533c167da…
https://github.com/IdentityPython/pyjwkest/commit/312aa45f87335f4dc4fff26e4…
https://github.com/IdentityPython/pyjwkest/commit/e7e99c9c4ac23cf623e10c382…
https://github.com/IdentityPython/pyjwkest/commit/e6dab17bb0f7756c973a8c56b…
--
Ivan c00kiemon5ter Kanakarakis >:3
11:46 a.m.
maybe we should have a conversation about the current approach given the
feedback from PeterS. I'm not 100% sure we're on the right track...
Cheers Leif
3:21 p.m.
9 apr. 2018 kl. 11:46 skrev Leif Johansson <leifj
at sunet.se>:
maybe we should have a conversation about the current approach given the
feedback from PeterS.
What feedback would that be ?
I'm not 100% sure we're on the right track...
Cheers Leif
_______________________________________________
Idpy-discuss mailing list
Idpy-discuss at lists.sunet.se
https://lists.sunet.se/listinfo/idpy-discuss
12:51 a.m.
On 4/9/18 6:21 AM, Roland Hedberg wrote:
Peter's concerns, which he sent directly to me (and I roped in Leif)
after receiving one of the "CLAs are coming" messages, are along these
lines:
1. For people contributing in a mix of work on their own time and work
done to the benefit of their employer, especially in the small
departments that are part of a much larger institution, getting the
employer to sign a CCLA is going to be very hard and almost certainly
limit who contributes to the project. There is no reasonable way for the
employer to know whether the coder has violated any copyright or patents.
2. Inbound=outbound agreements should suffice (see Bradley M. Kuhn's
explanation here:
https://sfconservancy.org/blog/2014/jun/09/do-not-need-cla/ ) and GitHub
already accepts that (see
https://help.github.com/articles/github-terms-of-service/#6-contributions-u…)
Leif, did I miss any major point here?
-Heather
9 apr. 2018 kl. 11:46 skrev Leif Johansson
<leifj at sunet.se>:
maybe we should have a conversation about the current approach given the
feedback from PeterS.
What feedback would that be ? 
3:54 a.m.
On 4/9/18 6:51 PM, Heather Flanagan wrote:
1. For people contributing in a mix of work on their
own time and work
done to the benefit of their employer, especially in the small
departments that are part of a much larger institution, getting the
employer to sign a CCLA is going to be very hard and almost certainly
limit who contributes to the project.
Enough R&E institutions have signed CLAs that I think we can start to
use the peer pressure model here. Yes it's work, but it's a known path.
There is no reasonable way for the employer to know
whether the coder
has violated any copyright or patents.
This is a bit of a red herring. It's up to the employee to behave within
the code of the conduct of the employer, and that presumably says "don't
violate copyright etc". So there's a reasonable default presumption that
the employee is behaving correctly, unless otherwise demonstrated.
2. Inbound=outbound agreements should suffice (see
Bradley M. Kuhn's
explanation here:
https://sfconservancy.org/blog/2014/jun/09/do-not-need-cla/ ) and GitHub
already accepts that (see
https://help.github.com/articles/github-terms-of-service/#6-contributions-u…)
Inbound=outbound (and the license assent mechanism) presumes you will
never need to change the license of the code. While it's unlikely
projects will need to re-license, it does happen from time to time, and
if you don't have the CLAs in place you're screwed.
There's another red herring in the SFC blog post: "CLAs simply shift
legal blame for any patent infringement, copyright infringement, or
other bad acts from the project (or its legal entity) back onto its
contributors." That's true only if the contributor was not authorized to
make the contribution in the first place. A good IPR home exists to
defend the IPR in place of the contributor.
CLAs are also a formal way of the institution consenting to the code
contribution. A lot of the counterargument seems to be "CLAs are too
hard to get through legal", but without a CLA your contributions may or
may not have been authorized by your employer... I don't know, did you
ask them? Did they say yes you can contribute? How do we know that? What
if you didn't ask them, and _now_ they want the code withdrawn because
it's proprietary IPR or something?
Check out Q5 (and the rest) here: https://www.apereo.org/licensing
Thanks,
-Benn-
3:16 p.m.
To add to this thread, Benn, Leif, Roland (briefly), and I talked about
this at the end of the call we had with Michiel @ Commons Conservancy.
Here are notes from that discussion:
Can we find a way to collect the indication as to whether a person has
legally contributed code without a CLA?
Perhaps assemble a sample set of a small handful of institutions that we
expect we’d need to solve this with? Start with technical contacts to
get them to describe the roadblocks so we can clearly define the problem.
Design a low-touch solution, like a shrink-wrapped statement to the fact
that “by taking the next step, we assume that you have the authority to
contribute both historically and in the future” like the IETF Note Well.
If we start from the position that the employer owns the material, and
the employee may or may not have the authority the grant to use it or
even the ability to release it under the Apache license, what’s the
risk? Loss over IPR theft.
If Peter were to ask for confirmation that his interpretation that his
code contributions are ok, then it’s 50/50 as to whether it will be a
problem.
Roland is an example of having contributed code through three different
employers. His agreement was to basically agree to not talk about it so
that they could avoid get lawyers involved.
First next step, draft an IETF Note Well-like object (try to discuss @ I2GS)
Second step, need to ask Roland and Peter whether or not something like
the IETF Note Well would work for them.
Third step, take this back to the potential IPR home and see if they are
ok with this
3:23 p.m.
11 apr. 2018 kl. 15:16 skrev Heather Flanagan
<hlflanagan at sphericalcowgroup.com>:
To add to this thread, Benn, Leif, Roland (briefly), and I talked about this at the end
of the call we had with Michiel @ Commons Conservancy. Here are notes from that
discussion:
Can we find a way to collect the indication as to whether a person has legally
contributed code without a CLA?
Perhaps assemble a sample set of a small handful of institutions that we expect we’d need
to solve this with? Start with technical contacts to get them to describe the roadblocks
so we can clearly define the problem.
Design a low-touch solution, like a shrink-wrapped statement to the fact that “by taking
the next step, we assume that you have the authority to contribute both historically and
in the future” like the IETF Note Well.
If we start from the position that the employer owns the material, and the employee may
or may not have the authority the grant to use it or even the ability to release it under
the Apache license, what’s the risk? Loss over IPR theft.
If Peter were to ask for confirmation that his interpretation that his code contributions
are ok, then it’s 50/50 as to whether it will be a problem.
Roland is an example of having contributed code through three different employers. His
agreement was to basically agree to not talk about it so that they could avoid get lawyers
involved.
First next step, draft an IETF Note Well-like object (try to discuss @ I2GS)
Second step, need to ask Roland and Peter whether or not something like the IETF Note
Well would work for them.
Without having seen the IETF Note Well-like object; I’m fairly sure I will work for me!
Third step, take this back to the potential IPR home
and see if they are ok with this
_______________________________________________
Idpy-discuss mailing list
Idpy-discuss at lists.sunet.se
https://lists.sunet.se/listinfo/idpy-discuss
-- Roland
"Education is the path from cocky ignorance to miserable uncertainty.” - Mark Twain
2455
days inactive
2463
days old
10 comments
6 participants
participants (6)
-
benno@sphericalcowgroup.com -
hlflanagan@sphericalcowgroup.com -
ikakavas@protonmail.com -
ivan.kanak@gmail.com -
leifj@sunet.se -
roland@catalogix.se