Good morning everyone, Few weeks I asked spot about the status of the FPCA with regards to contributors sending pull-requests via GitHub. Spot replied to me a couple of weeks ago with the following answer which I thought I should share since we are several managing projects on GitHub: === > * The second use-case I had a thought about was the github use-case. We have > more and more projects hosted on github, from a bunch of different teams. > People contributing to these projects via github do not have to sign the FPCA, > is this a problem? > I am always un-sure about this part, so it might be just me but when I > contribute to a project that is GPL/MIT/BSD/...-licensed my work is > automatically licensed under the license of the project, right? > If so, then I guess it's fine FPCA-wise :) Well, there is nothing legally that makes your contributions magically under a license, with the notable exception of Apache and derived licenses. Richard Fontana argues (rather reasonably) that there is an expectation that contributions to an upstream project, without a clear and explicit licensing statement, are thus safe to interpret as being under the same license as that upstream project. However, there is no current legal framework to back that up. The risk is admittedly minimal that a change will come in, we'll merge it, and later, that person will claim it is under some odd non-free or incompatible license, but it is not zero. I would personally prefer it if we either confirmed that people submitting changes to our projects were either signers of the FPCA or provided explicit licensing information. This could be done by asking them in the merge request something like "Please confirm that you give us permission to use this change under the same license terms as the rest of this code." === I went through the list of contributors on some of my projects and already found 3 persons who contributed without signing the FPCA (which is great: outside contributors \ó/, and less so: have now to ask them to confirm their contributions is under the same code as the project). With pagure gaining features, I am considering more and more moving some of my projects there :) Pierre
Attachment:
pgpf5ieLaxnyD.pgp
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
