[Zope-dev] [Checkins] SVN: zc.buildout/ Moved to github

Ross Patterson me at rpatterson.net
Mon Aug 20 00:44:32 UTC 2012


Robert Niederreiter <rnix at squarewave.at> writes:

> On 19.08.2012 10:30, Jens Vagelpohl wrote:
>>
>> On Aug 19, 2012, at 10:17 , Lennart Regebro <regebro at gmail.com> wrote:
>>
>>>> And since it becomes ever easier to accept code from unknown
>>> sources (e.g. pull requests) legal code ownership becomes an issue
>>> again.
>>>
>>> And that returns me to my first question: Is it really legally
>>> different for a contributor to accept a pull request from a
>>> non-contributor compared with a contributor merging a patch from a
>>> non-contributor?
>>
>> Legally, both are disallowed unless there's some proof (written
>> statement etc) from the code author that he assigns ownership of the
>> patch or the contents of that pull request to the contributor who is
>> doing the checkin.
>>
>> In the past we haven't done a good job of enforcing this clear
>> ownership assignment chain. There are always code patches from
>> non-contributors in the bug tracker that may make it into the code
>> base with the help of a contributor. There's a grey area: Is the act
>> of submitting a patch into the Zope bug tracker enough to signal "I
>> am giving you ownership of this code"? I am not sure.
>>
>> GitHub makes this pulling in of "outside" code even easier. I'm
>> afraid it will become even harder to really maintain this chain of
>> custody.
>
> I just wonder why this works then for other projects like plone or
> pyramid which basically follows similar rules as the ZF with a signed
> contributor agreement required in order to make core contributions.
>
> http://plone.org/foundation/contributors-agreement/agreement.pdf/view
>
> https://github.com/Pylons/pyramid/blob/master/CONTRIBUTORS.txt
>
> btw - pyramid seem to have a very pragmatic approach for the signing
> process ;)
>
> Either way - SVN or GIT - it is just a question IF merging code from a
> non-contributor is done BY a contributor, not HOW.
>
> For me the discussion sounds a little like a general denial against
> github using the legal story as rationale.

+10.  I'm so glad others are saying the things I think need saying.

I *am* a signed ZF contributor and from experience, the likelihood of
such stop energy or other unpleasantness prevents me from contributing
to Zope projects nearly as much as I'd like or could.  This is a
sterling example.

To be clear, I'm not invalidating legal concerns, I'm only frustrated
that those representing those concerns are taking a hard line on only
one concern without seeming to accept multiple invitations to work the
problem from all represented concerns.  I'm grateful to the others for
trying so hard to kickstart a healthy level of participation in
zc.buildout development once again.

Ross



More information about the Zope-Dev mailing list