Dilvish wrote:Although it may look a bit imposing, it seems far from watertight to me.
As I said, I'm not a lawyer. I probably know as much about all the legal stuff as my mother does about programming...
Not the point anyway. What I wanted to say is, if we are going to do such a thing (CLAs/DCOs/whatever), we should do it properly (whatever "properly" turns out to be in the end), otherwise it's just a big waste of time.
The barn door of paragraph (b) regarding authorship they probably intentionally accepted as essentially unavoidable for an open source project, but something that looks just plain sloppy to me is these repeated dangling references to "the file"
Well, like you surmised, I guess that DCO might have to be used within a proper context or maybe it's just a template where you need to replace "the file" with something more specific.
If we want to go down that road, we need to come up with something suitable for FO anyway. And according to the article you linked, apparently we don't need to come up with some complicated, water-tight legal statements covering pages, so something simple and straightforward would probably be sufficient.
However, I wonder who we could task with drafting such a document?
I have a suitable background for the task, if we decide to take that path.
Excellent.
Should we actually need it, consider yourself appointed.
Interesting read, sounds pretty reasonable to me too (which probably doesn't mean much in my case, because, you know, no lawyer, see above
).
The main point of the article seems to be about not to go overboard with the CLA though, but to keep things as simple as possible, to avoid bogging down an open source project with needless legal stuff. Although I still think it might be reasonable at least to ask for a statement where the contributor confirms that their contribution meets the requirements of the licenses in use by the project, and didn't knowingly infringe any copyrights/patents/whatever - if that really isn't necessary, then just leave that out.
It was only after reading that DCO apparently used by Linux that I got the idea of including such statements. The reason why I like Marcels suggestion is that I've been thinking about something similar myself already. The problem (if you can call it a problem) is, currently the license statements of our contributors are kind of scattered. Before we migrated to git and github, every new contributor had been asked for their license statement (unless the contribution had been so minor that this had been deemed unnecessary), usually directly in the thread where they posted their first contribution(s). Which means, all those license statements are scattered over countless thread, covering more than a decade by now.
With the migration to git/github the situation actually got worse (IMO). Because now, if someone starts contributing by providing PRs, we can (apparently safely) assume that by doing so they implicitely release their contribution under the applicable project licenses. Their "license statement" is given by providing the PR, so to speak. Unless they provide their contribution on the forum, then we still need to ask for a license statement.
Now add to that the possibility that someone who has already been contributing code for a while (which is GPL2 and later licensed), suddenly makes an art contribution on the forum (which is CC BY-SA 3.0 licensed). In this case we'd have to ask for their license statement for their art contributions at that point, which could easily be overseen because that person has been around for al while already.
I often wondered what we would do (or have to do) if ever the case actually came up where we'd need to defend the project against some kind of allegations (whatever that might be), and had do provide a proper license statement of a certain contributor. We'd had to determine when the person in question started contributing, so we'd know where and what kind of license statement we'd have to start looking for.
What if there has been a major forum crash in the meantime, and a big part (or all) of the forum posts up to the time of the crash have been lost (I mean, it has happened before, in the founding days of FO)?
Which is why I thought collecting those statements as plain text files, "signed" in a way be the contributor so it's reasonably clear it has actually be issued by that contributor, might be a good idea. A text file containing nothing more than a license statement as it has been given on the forums before might be sufficient, provided via PR by the contributor (so it's clear the commit containing the license statement has been authored by them), could meet these requirements.
Or provide a formal license statement convering all cases in a text file, add it to the repo, and have every commit message contain a line with a link to that file at the end (something like: "Contribution released to the project according to the license statement in this file <link to license statement file>").
Or whatever idea might be the most feasible.