1 |
>>>>> On Thu, 31 May 2018, Ulrich Mueller wrote: |
2 |
|
3 |
> (hoping that he hasn't snipped too much of the context) |
4 |
|
5 |
Presumably I have. So find Greg's two messages below, in full (which |
6 |
had gentoo-project in CC). |
7 |
|
8 |
Ulrich |
9 |
|
10 |
|
11 |
>>>>> On Wed, 30 May 2018, Greg KH wrote: |
12 |
|
13 |
> On Wed, May 30, 2018 at 04:36:09PM +0200, Ulrich Mueller wrote: |
14 |
>> A while back I requested information on past copyright assignments [1]. |
15 |
>> Since then, we have located some 30 of the assignment forms, signed by |
16 |
>> developers (most of them retired by now) in 2004. |
17 |
>> |
18 |
>> Here is the second part of the exercise. The current draft of the new |
19 |
>> Gentoo copyright policy [2] arranges for two procedures: |
20 |
>> |
21 |
>> 1. Certifying agreement to a "Gentoo Developer's Certificate of Origin" |
22 |
>> by including a "Signed-off-by" line with every commit. This would |
23 |
>> be virtually identical to the procedure used for the Linux kernel, |
24 |
>> and would be mandatory. A draft of the Gentoo DCO can be seen at [3]. |
25 |
|
26 |
> Please please please do not "fork" the DCO. It was specifically |
27 |
> designed so that any project can use it, as-is, with no changes needed. |
28 |
> Yes, some foolish projects have gone off and rewritten it, but that was |
29 |
> crazy, and they now wish they did not, as it requires corporate lawyers |
30 |
> to manually have to go review the "new" document to ensure that it |
31 |
> really is doing what it thinks it is doing. |
32 |
|
33 |
> Again, please just use the DCO. It's at it's own web site, and is good |
34 |
> to be used that way: |
35 |
> https://developercertificate.org/ |
36 |
|
37 |
> Also, note, that if you do decide to copy it, I personally am going to |
38 |
> get upset as it is a blatent copyright violation. So there is that |
39 |
> issue... |
40 |
> Hint doing a s/open/free/ on the original text does not mean that you |
41 |
> suddenly have created a brand new document with no requirement to abide |
42 |
> by the original document's copyright. I see you claim that it was |
43 |
> published in 2005 with a CC-BY-SA-2.5 License? Do you have any |
44 |
> reference for that, I know I spent a lot of time working on this in the |
45 |
> past and I do not remember that... |
46 |
|
47 |
> Again, just use the DCO, please. |
48 |
|
49 |
>> 2. In addition, according to the current policy draft, developers would |
50 |
>> be encouraged to sign a "Gentoo Contributor License Agreement (CLA)". |
51 |
>> Its current draft version is at [4]. However, this would be |
52 |
>> completely voluntary and *not* be required. The exact workflow |
53 |
>> hasn't been drafted yet, but PGP signing of the form would be one |
54 |
>> possibility. (Also note that the form includes fields for real name |
55 |
>> and postal address.) |
56 |
>> |
57 |
>> The goals of the second item is to "make compliance with this policy |
58 |
>> easier (fewer copyright holders to list), and allow the Foundation to |
59 |
>> enforce copyrights and re-license content if appropriate" [2]. |
60 |
>> Apparently, we will only be able to achieve these goals if a |
61 |
>> significant fraction of contributors will sign the CLA. |
62 |
>> |
63 |
>> So, before I pursue more work on the CLA I would like to ask all |
64 |
>> developers and contributors: |
65 |
>> |
66 |
>> - Would you sign a "Gentoo Contributor License Agreement", similar to |
67 |
>> the current draft in [4]? |
68 |
|
69 |
> No, I personally will not sign any CLAs, sorry. |
70 |
|
71 |
> Sent publically as the DCO thing should be discussed in public. |
72 |
|
73 |
> thanks, |
74 |
|
75 |
> greg k-h |
76 |
|
77 |
|
78 |
>>>>> On Thu, 31 May 2018, Greg KH wrote: |
79 |
|
80 |
> On Wed, May 30, 2018 at 11:44:34PM +0200, Ulrich Mueller wrote: |
81 |
>> >>>>> On Wed, 30 May 2018, Greg KH wrote: |
82 |
>> |
83 |
>> > Please please please do not "fork" the DCO. It was specifically |
84 |
>> > designed so that any project can use it, as-is, with no changes |
85 |
>> > needed. |
86 |
>> |
87 |
>> We simply cannot. We have files in the Gentoo repository that are not |
88 |
>> under a free software license, and for these we need an extra clause. |
89 |
|
90 |
> Your "extra clause" is pretty odd. You took out the c) clause of the |
91 |
> original DCO for some unknown reason as well, which is going to cause |
92 |
> you big problems. |
93 |
|
94 |
> Was this vetted by a lawyer? Again, this is going to cause companies |
95 |
> to have to spend lots of time and money to be able to get anyone to use |
96 |
> this, do not change things lightly. |
97 |
|
98 |
>> Otherwise we would have to specify in the policy that certain commits |
99 |
>> are excepted from the requirement of a Signed-off-by line, and IMHO |
100 |
>> that would be a much worse solution. |
101 |
>> |
102 |
>> Addition of the extra clause for licenses and similar files resulted |
103 |
>> from a long discussion on 2018-01-25 in the #gentoo-council channel, |
104 |
>> which included three council members and a trustee. |
105 |
|
106 |
> No license lawyers? |
107 |
|
108 |
> Are you _sure_ you need this change? |
109 |
|
110 |
>> > Yes, some foolish projects have gone off and rewritten it, but that |
111 |
>> > was crazy, and they now wish they did not, as it requires corporate |
112 |
>> > lawyers to manually have to go review the "new" document to ensure |
113 |
>> > that it really is doing what it thinks it is doing. |
114 |
>> |
115 |
>> > Again, please just use the DCO. It's at it's own web site, and is |
116 |
>> > good to be used that way: |
117 |
>> > https://developercertificate.org/ |
118 |
>> |
119 |
>> > Also, note, that if you do decide to copy it, I personally am going |
120 |
>> > to get upset as it is a blatent copyright violation. So there is |
121 |
>> > that issue... |
122 |
>> |
123 |
>> How is it a copyright violation? We create a modified version of |
124 |
>> a document that was released under a Creative Commons Attribution- |
125 |
>> ShareAlike 2.5 License. Distribution of modified versions is allowed |
126 |
>> under this license, and I believe that we include proper attribution. |
127 |
>> Also section 4b of CC-BY-SA-2.5 explicitly allows distribution of a |
128 |
>> modified work under CC-BY-SA-3.0. |
129 |
|
130 |
> Fair enough, but please be sure to run the fact that you are changing |
131 |
> something is obviously copyrighted by someone else with a declaration |
132 |
> that it can not be changed, by relying on the wayback machine to make |
133 |
> that change past a copyright lawyer. There is a reason that the DCO is |
134 |
> not under such a license anymore, as this "respin" proves it :) |
135 |
|
136 |
>> > Again, just use the DCO, please. |
137 |
>> |
138 |
>> See above, the simple reason is that we need an exception for license |
139 |
>> files. |
140 |
>> |
141 |
>> Then again, Linux might profit from such a clause too. See for example |
142 |
>> the following commit: |
143 |
>> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/LICENSES/preferred/GPL-2.0?id=255247c2770ada6edace04173b35307869b47d99 |
144 |
>> |
145 |
>> The commit message carries two Signed-off-by lines (and a Reviewed-by |
146 |
>> by yourself). But let's look what the document says about its license: |
147 |
>> |
148 |
>> + Everyone is permitted to copy and distribute verbatim copies |
149 |
>> + of this license document, but changing it is not allowed. |
150 |
>> |
151 |
>> Clearly, this isn't an open source license, because it doesn't allow |
152 |
>> modifications. So I wonder how the committer could certify agreement |
153 |
>> to the DCO 1.1 there? |
154 |
|
155 |
> Section b) should cover this nicely. If your lawyers somehow feel it |
156 |
> does not, I will be glad to consult with the LF lawyers about this and |
157 |
> have them discuss the matter. |
158 |
|
159 |
> Also note that I really doubt that the fact that you can include |
160 |
> verbatim copies of a license in a repo is going to make anyone upset at |
161 |
> all, unless you modify that license text. So you might all be worried |
162 |
> about nothing "real" at all here. License files are not code, just like |
163 |
> documentation is not code, and almost all open source licenses do not |
164 |
> cover either of them well, if at all. |
165 |
|
166 |
> As an armchair thought experiment of this, how would the overall license |
167 |
> of a GNU project's tarball release such as bash, which is GPLv3, cover |
168 |
> the license file of the GPLv3 text that is included in the tarball? |
169 |
> Would the inclusion of a file in the tarball that is obviously not under |
170 |
> a free software license cause that project's license to somehow not be |
171 |
> "free software"? |
172 |
|
173 |
> It's a fun rabit hole to go down, but one that I think you will have to |
174 |
> do on your own :) |
175 |
|
176 |
>> > No, I personally will not sign any CLAs, sorry. |
177 |
>> |
178 |
>> This is interesting, since you had previously signed the copyright |
179 |
>> assignment form to Gentoo Technologies, Inc. (To be precise, you PGP |
180 |
>> signed it and sent it to recruiters@g.o on 2004-03-08.) |
181 |
|
182 |
> That was because I was forced to do so in order to become a Gentoo |
183 |
> developer at the time, and my employer at the time also insisted on it, |
184 |
> as they were the owners of all of the work that I did on Gentoo, not me. |
185 |
> I had no say in the matter at all, just like almost all other people |
186 |
> employed in the US due to the standard employment contract used. So to |
187 |
> be clear, that was not _me_ giving up any copyrights, it was my |
188 |
> employer. |
189 |
|
190 |
> My position has changed on how best to handle copyrights in the 14 years |
191 |
> since then, and I currently am employed by someone who allows me to keep |
192 |
> my personal copyright (while also giving them a copy) so I guess I |
193 |
> should figure out how to somehow retroactively not-sign it :) |
194 |
|
195 |
> Any hints as to how to do that? |
196 |
|
197 |
> Anyway, my strongest suggestion as to why not to change to use your |
198 |
> custom license is the fact that you will now require all Gentoo |
199 |
> developers who work for companies that allow their employers to |
200 |
> contribute to Gentoo, to now have to have their lawyers read over this |
201 |
> new license and come to an understanding of it before those people are |
202 |
> allowed to contribute. That's a huge waste of time and money and will |
203 |
> make those companies, and developers, grumpy. |
204 |
|
205 |
> And if developers ignore the fact that they should have run this change |
206 |
> by their employers, that could get them into big trouble later on. |
207 |
|
208 |
> thanks, |
209 |
|
210 |
> greg k-h |