| 1 |
>>>>> On Thu, 31 May 2018, Ulrich Mueller wrote: |
| 2 |
|
| 3 |
> (hoping that he hasn't snipped too much of the context) |
| 4 |
|
| 5 |
Presumably I have. So find Greg's two messages below, in full (which |
| 6 |
had gentoo-project in CC). |
| 7 |
|
| 8 |
Ulrich |
| 9 |
|
| 10 |
|
| 11 |
>>>>> On Wed, 30 May 2018, Greg KH wrote: |
| 12 |
|
| 13 |
> On Wed, May 30, 2018 at 04:36:09PM +0200, Ulrich Mueller wrote: |
| 14 |
>> A while back I requested information on past copyright assignments [1]. |
| 15 |
>> Since then, we have located some 30 of the assignment forms, signed by |
| 16 |
>> developers (most of them retired by now) in 2004. |
| 17 |
>> |
| 18 |
>> Here is the second part of the exercise. The current draft of the new |
| 19 |
>> Gentoo copyright policy [2] arranges for two procedures: |
| 20 |
>> |
| 21 |
>> 1. Certifying agreement to a "Gentoo Developer's Certificate of Origin" |
| 22 |
>> by including a "Signed-off-by" line with every commit. This would |
| 23 |
>> be virtually identical to the procedure used for the Linux kernel, |
| 24 |
>> and would be mandatory. A draft of the Gentoo DCO can be seen at [3]. |
| 25 |
|
| 26 |
> Please please please do not "fork" the DCO. It was specifically |
| 27 |
> designed so that any project can use it, as-is, with no changes needed. |
| 28 |
> Yes, some foolish projects have gone off and rewritten it, but that was |
| 29 |
> crazy, and they now wish they did not, as it requires corporate lawyers |
| 30 |
> to manually have to go review the "new" document to ensure that it |
| 31 |
> really is doing what it thinks it is doing. |
| 32 |
|
| 33 |
> Again, please just use the DCO. It's at it's own web site, and is good |
| 34 |
> to be used that way: |
| 35 |
> https://developercertificate.org/ |
| 36 |
|
| 37 |
> Also, note, that if you do decide to copy it, I personally am going to |
| 38 |
> get upset as it is a blatent copyright violation. So there is that |
| 39 |
> issue... |
| 40 |
> Hint doing a s/open/free/ on the original text does not mean that you |
| 41 |
> suddenly have created a brand new document with no requirement to abide |
| 42 |
> by the original document's copyright. I see you claim that it was |
| 43 |
> published in 2005 with a CC-BY-SA-2.5 License? Do you have any |
| 44 |
> reference for that, I know I spent a lot of time working on this in the |
| 45 |
> past and I do not remember that... |
| 46 |
|
| 47 |
> Again, just use the DCO, please. |
| 48 |
|
| 49 |
>> 2. In addition, according to the current policy draft, developers would |
| 50 |
>> be encouraged to sign a "Gentoo Contributor License Agreement (CLA)". |
| 51 |
>> Its current draft version is at [4]. However, this would be |
| 52 |
>> completely voluntary and *not* be required. The exact workflow |
| 53 |
>> hasn't been drafted yet, but PGP signing of the form would be one |
| 54 |
>> possibility. (Also note that the form includes fields for real name |
| 55 |
>> and postal address.) |
| 56 |
>> |
| 57 |
>> The goals of the second item is to "make compliance with this policy |
| 58 |
>> easier (fewer copyright holders to list), and allow the Foundation to |
| 59 |
>> enforce copyrights and re-license content if appropriate" [2]. |
| 60 |
>> Apparently, we will only be able to achieve these goals if a |
| 61 |
>> significant fraction of contributors will sign the CLA. |
| 62 |
>> |
| 63 |
>> So, before I pursue more work on the CLA I would like to ask all |
| 64 |
>> developers and contributors: |
| 65 |
>> |
| 66 |
>> - Would you sign a "Gentoo Contributor License Agreement", similar to |
| 67 |
>> the current draft in [4]? |
| 68 |
|
| 69 |
> No, I personally will not sign any CLAs, sorry. |
| 70 |
|
| 71 |
> Sent publically as the DCO thing should be discussed in public. |
| 72 |
|
| 73 |
> thanks, |
| 74 |
|
| 75 |
> greg k-h |
| 76 |
|
| 77 |
|
| 78 |
>>>>> On Thu, 31 May 2018, Greg KH wrote: |
| 79 |
|
| 80 |
> On Wed, May 30, 2018 at 11:44:34PM +0200, Ulrich Mueller wrote: |
| 81 |
>> >>>>> On Wed, 30 May 2018, Greg KH wrote: |
| 82 |
>> |
| 83 |
>> > Please please please do not "fork" the DCO. It was specifically |
| 84 |
>> > designed so that any project can use it, as-is, with no changes |
| 85 |
>> > needed. |
| 86 |
>> |
| 87 |
>> We simply cannot. We have files in the Gentoo repository that are not |
| 88 |
>> under a free software license, and for these we need an extra clause. |
| 89 |
|
| 90 |
> Your "extra clause" is pretty odd. You took out the c) clause of the |
| 91 |
> original DCO for some unknown reason as well, which is going to cause |
| 92 |
> you big problems. |
| 93 |
|
| 94 |
> Was this vetted by a lawyer? Again, this is going to cause companies |
| 95 |
> to have to spend lots of time and money to be able to get anyone to use |
| 96 |
> this, do not change things lightly. |
| 97 |
|
| 98 |
>> Otherwise we would have to specify in the policy that certain commits |
| 99 |
>> are excepted from the requirement of a Signed-off-by line, and IMHO |
| 100 |
>> that would be a much worse solution. |
| 101 |
>> |
| 102 |
>> Addition of the extra clause for licenses and similar files resulted |
| 103 |
>> from a long discussion on 2018-01-25 in the #gentoo-council channel, |
| 104 |
>> which included three council members and a trustee. |
| 105 |
|
| 106 |
> No license lawyers? |
| 107 |
|
| 108 |
> Are you _sure_ you need this change? |
| 109 |
|
| 110 |
>> > Yes, some foolish projects have gone off and rewritten it, but that |
| 111 |
>> > was crazy, and they now wish they did not, as it requires corporate |
| 112 |
>> > lawyers to manually have to go review the "new" document to ensure |
| 113 |
>> > that it really is doing what it thinks it is doing. |
| 114 |
>> |
| 115 |
>> > Again, please just use the DCO. It's at it's own web site, and is |
| 116 |
>> > good to be used that way: |
| 117 |
>> > https://developercertificate.org/ |
| 118 |
>> |
| 119 |
>> > Also, note, that if you do decide to copy it, I personally am going |
| 120 |
>> > to get upset as it is a blatent copyright violation. So there is |
| 121 |
>> > that issue... |
| 122 |
>> |
| 123 |
>> How is it a copyright violation? We create a modified version of |
| 124 |
>> a document that was released under a Creative Commons Attribution- |
| 125 |
>> ShareAlike 2.5 License. Distribution of modified versions is allowed |
| 126 |
>> under this license, and I believe that we include proper attribution. |
| 127 |
>> Also section 4b of CC-BY-SA-2.5 explicitly allows distribution of a |
| 128 |
>> modified work under CC-BY-SA-3.0. |
| 129 |
|
| 130 |
> Fair enough, but please be sure to run the fact that you are changing |
| 131 |
> something is obviously copyrighted by someone else with a declaration |
| 132 |
> that it can not be changed, by relying on the wayback machine to make |
| 133 |
> that change past a copyright lawyer. There is a reason that the DCO is |
| 134 |
> not under such a license anymore, as this "respin" proves it :) |
| 135 |
|
| 136 |
>> > Again, just use the DCO, please. |
| 137 |
>> |
| 138 |
>> See above, the simple reason is that we need an exception for license |
| 139 |
>> files. |
| 140 |
>> |
| 141 |
>> Then again, Linux might profit from such a clause too. See for example |
| 142 |
>> the following commit: |
| 143 |
>> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/LICENSES/preferred/GPL-2.0?id=255247c2770ada6edace04173b35307869b47d99 |
| 144 |
>> |
| 145 |
>> The commit message carries two Signed-off-by lines (and a Reviewed-by |
| 146 |
>> by yourself). But let's look what the document says about its license: |
| 147 |
>> |
| 148 |
>> + Everyone is permitted to copy and distribute verbatim copies |
| 149 |
>> + of this license document, but changing it is not allowed. |
| 150 |
>> |
| 151 |
>> Clearly, this isn't an open source license, because it doesn't allow |
| 152 |
>> modifications. So I wonder how the committer could certify agreement |
| 153 |
>> to the DCO 1.1 there? |
| 154 |
|
| 155 |
> Section b) should cover this nicely. If your lawyers somehow feel it |
| 156 |
> does not, I will be glad to consult with the LF lawyers about this and |
| 157 |
> have them discuss the matter. |
| 158 |
|
| 159 |
> Also note that I really doubt that the fact that you can include |
| 160 |
> verbatim copies of a license in a repo is going to make anyone upset at |
| 161 |
> all, unless you modify that license text. So you might all be worried |
| 162 |
> about nothing "real" at all here. License files are not code, just like |
| 163 |
> documentation is not code, and almost all open source licenses do not |
| 164 |
> cover either of them well, if at all. |
| 165 |
|
| 166 |
> As an armchair thought experiment of this, how would the overall license |
| 167 |
> of a GNU project's tarball release such as bash, which is GPLv3, cover |
| 168 |
> the license file of the GPLv3 text that is included in the tarball? |
| 169 |
> Would the inclusion of a file in the tarball that is obviously not under |
| 170 |
> a free software license cause that project's license to somehow not be |
| 171 |
> "free software"? |
| 172 |
|
| 173 |
> It's a fun rabit hole to go down, but one that I think you will have to |
| 174 |
> do on your own :) |
| 175 |
|
| 176 |
>> > No, I personally will not sign any CLAs, sorry. |
| 177 |
>> |
| 178 |
>> This is interesting, since you had previously signed the copyright |
| 179 |
>> assignment form to Gentoo Technologies, Inc. (To be precise, you PGP |
| 180 |
>> signed it and sent it to recruiters@g.o on 2004-03-08.) |
| 181 |
|
| 182 |
> That was because I was forced to do so in order to become a Gentoo |
| 183 |
> developer at the time, and my employer at the time also insisted on it, |
| 184 |
> as they were the owners of all of the work that I did on Gentoo, not me. |
| 185 |
> I had no say in the matter at all, just like almost all other people |
| 186 |
> employed in the US due to the standard employment contract used. So to |
| 187 |
> be clear, that was not _me_ giving up any copyrights, it was my |
| 188 |
> employer. |
| 189 |
|
| 190 |
> My position has changed on how best to handle copyrights in the 14 years |
| 191 |
> since then, and I currently am employed by someone who allows me to keep |
| 192 |
> my personal copyright (while also giving them a copy) so I guess I |
| 193 |
> should figure out how to somehow retroactively not-sign it :) |
| 194 |
|
| 195 |
> Any hints as to how to do that? |
| 196 |
|
| 197 |
> Anyway, my strongest suggestion as to why not to change to use your |
| 198 |
> custom license is the fact that you will now require all Gentoo |
| 199 |
> developers who work for companies that allow their employers to |
| 200 |
> contribute to Gentoo, to now have to have their lawyers read over this |
| 201 |
> new license and come to an understanding of it before those people are |
| 202 |
> allowed to contribute. That's a huge waste of time and money and will |
| 203 |
> make those companies, and developers, grumpy. |
| 204 |
|
| 205 |
> And if developers ignore the fact that they should have run this change |
| 206 |
> by their employers, that could get them into big trouble later on. |
| 207 |
|
| 208 |
> thanks, |
| 209 |
|
| 210 |
> greg k-h |
Archives