[Zope-dev] [Checkins] SVN: zc.buildout/ Moved to github

Jens Vagelpohl jens at dataflake.org
Sun Aug 19 08:30:03 UTC 2012


On Aug 19, 2012, at 10:17 , Lennart Regebro <regebro at gmail.com> wrote:

>> And since it becomes ever easier to accept code from unknown sources (e.g. pull requests) legal code ownership becomes an issue again.
> 
> And that returns me to my first question: Is it really legally
> different for a contributor to accept a pull request from a
> non-contributor compared with a contributor merging a patch from a
> non-contributor?

Legally, both are disallowed unless there's some proof (written statement etc) from the code author that he assigns ownership of the patch or the contents of that pull request to the contributor who is doing the checkin.

In the past we haven't done a good job of enforcing this clear ownership assignment chain. There are always code patches from non-contributors in the bug tracker that may make it into the code base with the help of a contributor. There's a grey area: Is the act of submitting a patch into the Zope bug tracker enough to signal "I am giving you ownership of this code"? I am not sure.

GitHub makes this pulling in of "outside" code even easier. I'm afraid it will become even harder to really maintain this chain of custody.

jens




More information about the Zope-Dev mailing list