From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gnu.wildebeest.org (wildebeest.demon.nl [212.238.236.112]) by sourceware.org (Postfix) with ESMTPS id 8BF973857C65 for ; Wed, 30 Jun 2021 22:21:34 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 8BF973857C65 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=klomp.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org Received: from reform (deer0x00.wildebeest.org [172.31.17.130]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gnu.wildebeest.org (Postfix) with ESMTPSA id E67F43001553 for ; Thu, 1 Jul 2021 00:21:32 +0200 (CEST) Received: by reform (Postfix, from userid 1000) id 7B5A82E8014C; Thu, 1 Jul 2021 00:21:32 +0200 (CEST) Date: Thu, 1 Jul 2021 00:21:32 +0200 From: Mark Wielaard To: libc-alpha@sourceware.org Subject: Re: Seeking input from developers: glibc copyright assignment policy. Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00, JMQ_SPF_NEUTRAL, KAM_DMARC_STATUS, KAM_SHORT, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jun 2021 22:21:36 -0000 Hi, On Mon, Jun 14, 2021 at 02:52:03PM -0400, Carlos O'Donell wrote: > glibc was created as part of the GNU Project but has grown to operate as > an autonomous project. As part of the GNU Toolchain the glibc stewards > support the gcc project policy changes presented here: > https://gcc.gnu.org/pipermail/gcc/2021-June/236182.html > > The glibc stewards are seeking input from developers to decide if the project > should relax the requirement to assign copyright for all changes to the > Free Software Foundation as follows: > > Contributors who have an FSF Copyright Assignment wouldn't need to > change anything. Contributors who wish to utilize the Developer Certificate > of Origin[1] would add a Signed-off-by message to their commit messages. > > The changes to accept patches with or without FSF copyright assignment > would be effective on August 2nd, and would apply to all open branches. I talked to some of you already off-list but realized I hadn't responded publicly. I don't really like this proposal because it is vague on details and policy. And it doesn't mention any specific goal for this policy change. This makes it so that the discussion is somewhat random IMHO because people are just inserting their own goals and assume this proposal is for or against those. I noticed that the proposal is signed by just a subset of the stewards. What is the opinion of the other stewards? And I would really like to know the opinion of FSF legal on this proposal. Personally I contribute to glibc and some other GNU projects because we are all equal participants (when it comes to the rights we have to the project code) and have the FSF as legal guardian to fall back on and who we can use to look out for the users, so they will always have the possibility to get the full corresponding source code of our work to use and modify as they want. And I know that the FSF will be reasonable and fair about it: https://www.fsf.org/licensing/enforcement-principles The above is possible because of the copyright assignments and maybe even more importantly the company disclaimers we provide to the FSF. I appreciate that those assignments are sometimes a bit of work, but recently having done several personal copyright assignments myself it is a fairly smooth process, taking just a couple of days. Of course if you also need a company disclaimer because your employer makes claims on your work and doesn't have one on file with the FSF might take a bit more work. But having done that it mostly is figuring out who can sign the disclaimer. And it makes sure it is not just you who can freely assign those right to the FSF, but also that the general public will permanently and irrevocably get those rights. I don't feel the proposed developer certificate of origin provides those same guarantees. Especially if we also won't require a company disclaimer anymore. I fear it will lead to unclear copyright ownership which might make compliance impossible leading to users not having a clear contact point when they are looking for the sources to our works. Or the opposite where a company acquires a substantial amount of copyright in our work and starts to randomly enforce it and/or scare their customers/users to "buy" compliance. There are also practical issues where it will be more difficult to share code with other GNU projects and/or change the version or exception statements used in the code. Especially with the current proposed text of the linux kernel DCO. It would be good to at least use a text that is tailored to the GNU project. And as people have pointed out just requiring the "signed-off-by" line without requiring people explain why or how they are complying with the DCO (who is the copyright holder? which clause of the DCO are you complying with?) makes it really hard to track the legal status of the code. I can certainly see how a DCO could be helpful with occasional drive by contributions without creating full chaos as I describe above if the text was more clear and the processes around it more specific of how they comply with the DCO and which copyright holder they represent. But I hope we will still require people making sustainable contributions (and who want to become maintainers with commit rights) to assign their copyright and where necessary (because the contributor doesn't own the work they want to contribute) require company disclaimers. Cheers, Mark