[Zope-dev] We need to change how code ownership works.

Hanno Schlichting hanno at hannosch.eu
Sun Aug 19 11:38:38 UTC 2012


The Plone Foundation adopted a policy for this, see http://plone.org/foundation/materials/foundation-resolutions/patch-policy-052011

As we don't have any terms of service stating so for any of our issue trackers, we don't get any copyright assignments for reported bugs or proposed patches. Patches can be sent we private email, posted to bug trackers, on paste.org like services or sent via pull requests. All of those are legally the same and it's the responsibility of the person doing the checkin to validate the copyright situation. That said a lot of patches don't actually contain any creative work that falls under the copyright rules. This last point is the reason most projects aren't very strict about this issue.

Hanno

On 19.08.2012, at 13:01, Lennart Regebro <regebro at gmail.com> wrote:
> On Sun, Aug 19, 2012 at 10:30 AM, Jens Vagelpohl <jens at dataflake.org> wrote:
>> 
>> On Aug 19, 2012, at 10:17 , Lennart Regebro <regebro at gmail.com> wrote:
>> 
>>>> And since it becomes ever easier to accept code from unknown sources (e.g. pull requests) legal code ownership becomes an issue again.
>>> 
>>> And that returns me to my first question: Is it really legally
>>> different for a contributor to accept a pull request from a
>>> non-contributor compared with a contributor merging a patch from a
>>> non-contributor?
>> 
>> Legally, both are disallowed unless there's some proof (written statement etc) from the code author that he assigns ownership of the patch or the contents of that pull request to the contributor who is doing the checkin.
>> 
>> In the past we haven't done a good job of enforcing this clear ownership assignment chain. There are always code patches from non-contributors in the bug tracker that may make it into the code base with the help of a contributor. There's a grey area: Is the act of submitting a patch into the Zope bug tracker enough to signal "I am giving you ownership of this code"? I am not sure.
>> 
>> GitHub makes this pulling in of "outside" code even easier. I'm afraid it will become even harder to really maintain this chain of custody.
> 
> This is then, IMO a problem that we should fix. What you are in fact
> saying is that the current system are violating people's copyright
> everytime we merge a non-contributors patch. It is unfeasible to not
> merge peoples patches, and I think it is also a big problem that the
> way the ownership of the code works now inhibits the increased
> simplicity of making and merging fixes for non-core contributors.
> 
> In other words, we have had an ownership situation which is terrible,
> and nobody seems to have realized this until now. Well, now we know.
> 
> As such, the discussion must now shift from "don't do this" to "how do
> we do this". Poeple want to contribute and we should not say "don't do
> that", we have to figure out *how* to make it possible to do that, and
> pretty pronto as well.
> 
> //Lennart
> _______________________________________________
> Zope-Dev maillist  -  Zope-Dev at zope.org
> https://mail.zope.org/mailman/listinfo/zope-dev
> **  No cross posts or HTML encoding!  **
> (Related lists -
> https://mail.zope.org/mailman/listinfo/zope-announce
> https://mail.zope.org/mailman/listinfo/zope )


More information about the Zope-Dev mailing list