5:32 p.m.
On 6/22/18 8:06 AM, Ivan Kanakarakis wrote:
On Fri, 22 Jun 2018 at 17:30, Heather Flanagan
<hlflanagan at sphericalcowgroup.com> wrote:
This text was finalized in 2017. See:
https://blog.github.com/2017-02-28-new-github-terms-of-service-are-in-effec…
Or, if you want to go directly to the diff:
https://gist.github.com/nsqe/f961486a7167a9d93d3beeba0b5b4b04/revisions
That said, if a user did not agree to the new ToS, they are expected to
take their toys and go home.
For the Identity Python repositories that existed before February 2017:
SATOSA - updated its license two years ago to an Apache 2.0 license
(repository appears to have started three years ago)
pyeleven - updated its license five months ago to a 2-clause BSD license
(repository appears to have started four years ago)
pyXMLSec - started with a 2-clause BSD license six years ago
pyFF - updated its license to a 2-clause BSD license five months ago;
not sure what it did when it started six years ago
pySAML2 - has had an Apache2 license since at least three years ago;
license file was updated (renamed) a few days ago
-Heather
Hi all,
One of the individuals I contacted when I was reaching out about the
possibility of a [C]CLA pointed out the following from the GitHub Terms
of Service:
---
6. Contributions Under Repository License
Whenever you make a contribution to a repository containing notice of a
license, you license your contribution under the same terms, and you
agree that you have the right to license your contribution under those
terms. If you have a separate agreement to license your contributions
under different terms, such as a contributor license agreement, that
agreement will supersede.
Isn't this just how it works already? Yep. This is widely accepted as
the norm in the open-source community; it's commonly referred to by the
shorthand "inbound=outbound". We're just making it explicit.
(https://help.github.com/articles/github-terms-of-service/)
---
I've also reviewed the licenses listed under each of the Identity Python
projects:
* pySAML2 = Apache 2.0
* SaToSa = Apache 2.0
* pyXMLSecurity = NORDUnet (2 clause BSD)
* pyFF = SUNET (2 clause BSD)
* pyeleven = SUNET (2 clause BSD)
My reading of this suggests that a CLA doesn't actually offer us any
assurances we don't already have by a) using GitHub (and therefore
agreeing to the ToS) and b) posting the licenses in the repos (which
must be inherited by anyone posting in those repos, again thanks to the
GitHub ToS).
Thoughts or concerns?
I am very happy if this can be resolved that way :) I did not know of
that section in the GitHub TOS and it's good it is there. I expect
things to work that way by default -IMO, this should be the mentality
when working with open source- though, I understand that the legal
system does not work the way things are arranged in my head. If this
covers the legal aspects of (re)licensing that is a big time saver. I
suppose though, that we may have to look into _when_ this was
introduced to the Github TOS and make sure it stands for contributions
made before that date.
I had briefly looked over how other organisations handle this, and I
think (from what I understand) that MPL (by Mozilla) is interesting,
as it seems to "combine" the CLA into the license:
https://en.wikipedia.org/wiki/Mozilla_Public_License
https://opensource.stackexchange.com/questions/4310/can-mozilla-public-lice…
Re-lisencing is not free, but by contributing one agrees with the
license terms and copyright "transfer".
btw, GitHub itself used to have a CLA:
https://web.archive.org/web/20160329164819/https://cla.github.com/
https://web.archive.org/web/20161026203954/https://cla.github.com/agreement
I guess they do not need it anymore with the updated TOS.
Cheers,
--
Ivan c00kiemon5ter Kanakarakis >:3