[ZF] Repository choice: Please indicate your preference until Sunday 9/23

Chris McDonough chrism at plope.com
Tue Sep 18 23:46:04 UTC 2012 

On Wed, 2012-09-19 at 01:29 +0200, Hanno Schlichting wrote:
> On Wed, Sep 19, 2012 at 12:14 AM, Chris McDonough <chrism at plope.com> wrote:
> > On 09/18/2012 12:03 PM, Martijn Faassen wrote:
> >> So are we going to require anyone who offers a pull request has signed
> >> the contributor agreement before it is merged?
> 
> Of course we will. We need to get the copyright for any code, no
> matter in which way it is contributed.
> 
> >> If so, how are people
> >> easily going to find out that someone offering a pull request has
> >> signed said agreement?
> 
> You will be able to go to https://github.com/zopefoundation/ and look
> at the list of organization members.
> 
> > I don't think this really changes anything.  Legal documents have never
> > required every person who has supplied a patch to sign a contributor
> > agreement in the past.
> 
> That's because patches usually don't contain any sufficiently creative
> work that's actually enough to trigger copyright law. The Plone
> Foundation adopted a policy on this stuff that errs on the side of
> safety: https://plone.org/foundation/materials/foundation-resolutions/patch-policy-052011
> In short: You cannot merge anything unless the author of any code has
> signed the agreement. Only the release manager can grant exceptions
> for this. As there's no release manager for all of ZF code, it might
> make sense to have the ZF board approve any deviation from this rule.
> 
> Any individual contributor can also make the call on a case-by-case
> basis if something is a copyrightable work, but that means the legal
> risk lies with that individual for such a case. That's what we've done
> so far in accepting patches sent by mail, attached to issues or sent
> our way in some other form.

The contributor agreement Zope Foundation currently has no explicit
policy like Plone's, however.  It currently asserts "Committer
represents and warrants that the Committed Code does not violate the
rights of any person or entity, and that the Committer has legal
authority to enter into this Agreement and legal authority over
Contributed Code.  Further, Committer indemnifies Zope Foundation
against violations."  So it is, and has always been the committer's
responsibility to judge whether all code he commits he has "legal
authority" over.  Whatever that means.

- C

More information about the foundation mailing list