Re: [tsc-devel] Signing-off commits on legal questions

Luiji Maryo | Mon, 02 Feb 2015 04:07:02 UTC

I have the general fear that including any component without a strict
license release from the author is extremely dangerous. This is
*especially* problematic when we are releasing the components under such
unrestrictive licenses, essentially giving people perpetual distribution
and modification rights to a component. Even if we were legally safe, I
worry there's a moral problem to be had in the case we ever, through
miscommunication, encounter this situation with someone who didn't
understand the nature of the licensing their work would have to be under to
be included in the project.

The copyrights and licensing around the original SMC codebase seem
ambiguous enough. I fear making this worse.

On Sun, Feb 1, 2015 at 4:13 PM, Quintus <…s@q…> wrote:

> Hi everyone,
>
> as the need recently occured with the Bugsbane graphics that missed any
> license, but were clearly directed towards inclusion into the TSC
> project, I have added a section to the conventions document describing
> the signoff procedure to employ for such edge cases in commit
> 8d6aaeef0ad7d358f0e48165bfcf0be9f24f6847. I’d like to have feedback from
> you, espacially I’d like to have feedback from Luiji (if you find the
> time), because it refers to you as the assistant lead.
>
> The problem that this strives to solve is the case that you would like
> to add some kind of contribution to the repository but don’t know
> whether it’s legally acceptable to do that. I acknowledge that by my
> position as the project leader it’s on me to make the final decision
> whether to include such questionable content or not (unless we
> mystically get a lawyer into our team). By signing off the contribution,
> I acknowledge that to best of my knowledge it is legally OK. This lifts
> the burden of responsibility for inclusion of such a contribution from
> you while I take it on me. A “signoff” is a part of metadata in a Git
> commit with the meaning of “the person who signed this off has affirmed
> something”, as opposed to the bare author metadata that identifies the
> person who created the content of the commit; thus the signoff
> information would be superfluous if “author” and “signoff” refer to the
> same person. By the definition in the conventions document I added with
> the above commit, for our project a “signoff” now means that the
> contribution is legally acceptable from the point of view of the
> maintainer who signs off. All signoffs I do have a ditial signature of
> my GPG key (B1FE 958E D5E8 468E AA20  8F4B F1D8 799F BCC8 BC4F) attached
> to verify their integrity.
>
> I do hope that we will not get much of these edge cases like with
> Bugsbane. But it’s better to be prepared rather than having to deal with
> the problem when it arises.
>
> Valete,
> Quintus
>
> --
> Blog: http://www.quintilianus.eu
>
> I will reject HTML emails.     | Ich akzeptiere keine HTML-Nachrichten.
>                                |
> Use GnuPG for mail encryption: | GnuPG für Mail-Verschlüsselung:
> http://www.gnupg.org           | http://gnupg.org/index.de.html
>
>


-- 
When Linus Torvalds dies, Linux is going to be forked.