On Mon, Jan 26, 2009 at 07:36:29AM -0800, Dave CROCKER wrote: > Andrew Sullivan wrote: >> Wha the work-around appears to me to provide is a way for >> contributors to say, "But maybe I don't have them all." From my point >> of view, that's less good than releasing the contributor from needing >> to make such claims in the first place, but it's an improvement. > ... > > What's unusual in this case is that every contributor, >> by virtue of having to assert that he or she has obtained the relevant >> permssions, is _also_ subject to those lawsuits. > > +1. > > This nicely highlights the underlying problem with the approach has so > far been taken: It expects far too much from people who are, in actual > fact, acting as agents of the IETF. The fundamental problem is that RFC 5378 conflates two separate things. (1) People who make contributions (normally authored by themselves) to the mailing list, and (2) people who take contributions/suggestions made on the mailing list, in face-to-face meetings, et. al., and put them together as an author/editor of an I-D. Both are defined as "Contributors" in RFC 3978, because "contributions" are defined as both as offerings of text to the mailing list and collation/editing of these offerrings to form an I-D. In both cases, to quote RFC 5378... The Contributor is further deemed to have agreed that he/she has obtained the necessary permissions to enter into such an agreement from any party that the Contributor reasonably and personally knows may have rights in the Contribution, including, but not limited to, the Contributor's sponsor or employer. The problem is the level of due care necessary such that he/she can warrant that permissions has been "obtained" is not defined. Is the reliance on RFC 5378 sufficient to deem that permissions has been "obtained". For example, if Fred Flintstone submits text to the maliing list, can I presume that he/she has received a copy of the Note Well and has therefore has given permission for his text to be used in the I-D? If he didn't, will I be liable for his failing to adhere to RFC 5378 if I submit an I-D containing Fred's text? And am I as the I-D author/editor required to provide proof that I have obtained the necessary permissions? If so, and if I will be held legally liable, then I had better keep the I-D under source code management, and reference each message ID from the mailing list whenever I take contributions and put them in the I-D. - Ted _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf