Update for Community Specification 1.0 license #679
Conversation
Signed-off-by: Steve Winslow <[email protected]>
swinslow
added
profile: licensing
|
This PR is intended to implement the Community Spec 1.0 license for contributions / contributors going forward, while retaining CC-BY-3.0 for prior copyright holders who haven't contributed under the new license, as discussed in https://github.com/spdx/governance. cc @jlovejoy @pmadick @goneall @kestewart @tsteenbe for review. |
|
We'll want to add something similar to the 3.0 spec repo(s), but probably makes sense to get alignment on it for 2.3 first. |
| @@ -3,6 +3,10 @@ | |||
| The SPDX specification is maintained by the SPDX [legal][spdx-legal] and [tech][spdx-tech] teams. | |||
| Design and planning is primarily done via the team [mailing][spdx-legal-list] [lists][spdx-tech-list] and meetings. | |||
|
|
|||
| ## Contribution License Agreement | |||
|
|
|||
| Contributions to this repo are made pursuant to the [SPDX Community Specification Contributor License Agreement 1.0][cla]. You do not need to submit a signed copy of the contributor license agreement; by making a contribution to this repo, you agree to the terms set forth in that agreement. | |||
There was a problem hiding this comment.
Propose to change" by making a contribution to this repo," -> "by making a contribution to this repo with signed-off commits",
There was a problem hiding this comment.
My understanding of the way the Community Specifications model works is that it is intended to cover any contributions to the repo -- not only commits, but also discussions on conversation threads, etc.
As a reference point, this is comparable to the text of the Apache-2.0 license, emphasis added:
"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work . . .
There was a problem hiding this comment.
(so to clarify, no, I don't think this should be changed.)
There was a problem hiding this comment.
See my comment below Community-Spec-1.0 does not require DCO but our SPDX Community Specification CLA does.
| ## Contribution License Agreement | ||
|
|
||
| Contributions to this repo are made pursuant to the [SPDX Community Specification Contributor License Agreement 1.0][cla]. You do not need to submit a signed copy of the contributor license agreement; by making a contribution to this repo, you agree to the terms set forth in that agreement. | ||
|
|
There was a problem hiding this comment.
Propose under the CLA section we add an example how contributor can sign off their commits similar to https://github.com/backstage/backstage/blob/master/CONTRIBUTING.md#developer-certificate-of-origin
There was a problem hiding this comment.
I'm fine with adding language describing how to submit a DCO sign-off, but I don't think it should be under this section. As noted above, the DCO sign-off isn't needed in order for a contribution to be submitted and subject to the CLA.
There was a problem hiding this comment.
Personally, I would also be in favour of including a point about using Signed-off-by - it's surely better to have explicit consent than having it implicitly from the license. However, I don't think it necessarily needs to be in this PR 😃
There was a problem hiding this comment.
agree with @swinslow here - we can add that info somewhere, but we should not reply that the inclusion of "Signed-off-by" or lack thereof makes any difference as to the license under which contributions are made.
as to the wording, personally, I'd lead with the "By making by a contribution to this repo. . ." and move the "you don't have to sign it" to the end as that is more clarifying/explanatory
There was a problem hiding this comment.
Sign off is not required by Community-Spec-1.0 but from my understanding of the SPDX Community Specification CLA it is - " including my sign-off".
The section "In addition, for source code contributions, I certify that: ... these agreements on behalf of that employer." is slightly modified version of https://developercertificate.org/ so from a community perspective I expect to have to sign off my contributions.
We always signed off contribution for spdx-spec repository and even have DCO check running for all pull requests.
setup.py
Outdated
| @@ -15,7 +15,7 @@ def read(fname): | |||
| author = "Linux Foundation and SPDX Contributors", | |||
| author_email = "[email protected]", | |||
There was a problem hiding this comment.
Off-topic in this PR but should we change author_email from my personal email to SPDX tech mailing list?
There was a problem hiding this comment.
Yes, please change this to spdx-tech email rather than a specific person. @swinslow can you update?
|
|
||
| **License** |
There was a problem hiding this comment.
Propose we add an introduction section to provide some context for each licenses - seen a lot of people confused which license applies to SPDX
- Community-Spec-1.0 - License applicable to specification
- CC-BY-3.0 - License applicable to specification for all version before 2.3
- CC-1.0 - License applicable to SPDX license list including license identifiers
There was a problem hiding this comment.
I think this is addressed as to Community-Spec-1.0 and CC-BY-3.0 in the edits I've proposed to both the LICENSE file in the repo, as well as the lead-in in the chapters/index.md file for what will be populated in the spec itself. CC0-1.0 is not the license for the SPDX license list or identifiers.
Signed-off-by: Steve Winslow <[email protected]>
|
Thanks all, I've updated the author_email field in the setup.py file. I think that takes care of the necessary changes here. |
|
Gary: suggest that we move this to next release, and move this to 3.0 discussion. |
|
@swinslow - Can you retarget any needed changes to the SPDX 3.0 branch? |
This commit implements details for the change to the Community-Spec-1.0 license for the v3.0 branch. It reflects similar changes as previously submitted in spdx#679, with some conforming edits reflecting the move of license texts out of annexes and into a separate licenses folder. Signed-off-by: Steve Winslow <[email protected]>
This commit implements details for the change to the Community-Spec-1.0 license for the v3.0 branch. It reflects similar changes as previously submitted in spdx#679, with some conforming edits reflecting the move of license texts out of annexes and into a separate licenses folder. Signed-off-by: Steve Winslow <[email protected]>
This commit implements details for the change to the Community-Spec-1.0 license for the v3.0 branch. It reflects similar changes as previously submitted in #679, with some conforming edits reflecting the move of license texts out of annexes and into a separate licenses folder. Signed-off-by: Steve Winslow <[email protected]>
This commit implements details for the change to the Community-Spec-1.0 license for the v3.0 branch. It reflects similar changes as previously submitted in spdx#679, with some conforming edits reflecting the move of license texts out of annexes and into a separate licenses folder. Signed-off-by: Steve Winslow <[email protected]>
Fixes #657
Signed-off-by: Steve Winslow [email protected]