[OSGeoLive] Revisiting requirements for contributor agreements

Ben Caradoc-Davies ben at transient.nz
Mon Sep 24 15:03:06 PDT 2018

I think that OSGeoLive should require all current and new contributors, 
who have not already done so, to sign an OSGeo contributor agreement, 
except in the case of tiny contributions that are mixed in with existing 
works. AFAIK, OSGeo contributor agreements cover contributions to any 
OSGeo project, so if you have signed one for another project, you should 
be covered.

Contributor agreements that either assign copyright or grant an 
irrevocable licence with a right to sublicense protect projects from 
contributors who revoke or threaten to revoke the right to use their 
contribution. The OSGeo contributor agreement grants an irrevocable 
licence with a right to sublicense.

In the last few weeks, the vulnerability of projects that fail to either 
assign copyright or grant an irrevocable licence with a right to 
sublicense has been a topic of great interest in the Linux community, 
after the adoption of a new Code of Conduct, an allegation of misconduct 
against a core developer, and threats to rescind the licence of 
Tim Pool reads through an older version of the LULZ article:

Regardless of the merits of any code of conduct or allegations of a 
breach, copyright assignment or something like the OSGeo contributor 
agreement (which is based on the Apache contributor agreement) would 
have prevented this threat to the viability of the Linux project.

Ideally, we would go back and obtain contributor agreements from all 
past contributors, but obtaining contributor agreements from current 
active and new contributors would in my view provide sufficient 
protection going forward. Small contributions are lower risk and by 
turning a blind eye we lower barrier to entry but it would be nice to 
set a rule of thumb as to what is small.

Kind regards,

On 24/09/2018 22:26, Cameron Shorter wrote:
> OSGeo Incubation committee,
> At the OSGeoLive project, we have been debating how we address contributor
> agreements.
> It is coming to a head because we have made it easier to contribute
> translations and docs (which could be as simple as fixing a spelling
> mistake).
> To date, we have been specifically asking software developers to send an
> email to our public email list saying something like:
> "I want to contribute XXX to OSGeoLive. I acknowledge that my contributions
> will be in line with OSGeoLive's Open licenses ..."
> We have conflicting opinions on the legal value gained by such statements,
> versus the overhead involved.
> We'd be interested to hear thoughts on whether such legal protections are
> still warranted in today's open source and business environment.
> Cheers,
> Cameron Shorter, one of the OSGeoLive committee members.
> On 18/09/2018 12:25 AM, Nicolas Roelandt wrote:
> Hi Cameron, all,
> Thanks for your concerns.
> I agree with you we should acknowledge and thank our contributors.
> I checked (quickly, but as any new contributor) some OSGeo projects which
> some of our members are involved in (MapBender, MapServer, PyWPS,
> GeoServer) so they can correct me if I'm wrong.
> Not all of them required to send a mail for licensing agreement. I noticed
> the case of GeoServer where small  and bigger contributions are treated
> differently. [1]
> Maybe we can copy that and only ask a mail for big contributions.
> I think the prominent statement should be in our translation page of
> course, but more importantly in a CONTRIBUTING.md file in the root folder
> of our repositories like many other projects. [1][2][3][4]
> I produce a basic one so we can start to work on it, see PR #433 [5]
> And in that file, propose to people to add themselves into
> contributors.csv, and explain that a mail address will be appreciated.
> We should say that, by default, by any kind of contribution (code PR,
> documentation improvement, translations) you agree with our licensing terms
> and that your OK that we will use it for OSGeoLive.
> Best,
> Nicolas
> [1] https://github.com/geoserver/geoserver/blob/master/CONTRIBUTING.md
> [2] https://github.com/mapserver/mapserver/blob/branch-7-2/CONTRIBUTING.md
> [3]
> https://github.com/mapbender/mapbender-starter/blob/release/3.0.6/CONTRIBUTING.md
> [4] https://github.com/geopython/pywps/blob/master/CONTRIBUTING.rst
> [5] https://github.com/OSGeo/OSGeoLive-doc/pull/433
> Le ven. 14 sept. 2018 à 23:04, Cameron Shorter <cameron.shorter at gmail.com>
> a écrit :
>> Nicholas,
>> There are a number of points here:
>> 1. One of the OSGeo incubation criteria is that we ensure that all
>> contributions to OSGeo are available via our Open Licenses. We achieve that
>> by ensuring that every person who contributes to OSGeo writes a public
>> statement saying they agree with our open license, as per:
>> https://trac.osgeo.org/osgeolive/wiki/Source_code
>> If we are to comply with our OSGeo Incubation obligations, then we will
>> need to extend this to Translations.
>> How can we ensure that anyone contributing to Transifex is ok with our
>> open license? Can we get them to send the same email before we give them
>> access? (I think we are ok if people use an alias or git id instead of
>> their real name. One of our contributors is called wildintellect, and I
>> don't know what his/her real name is).
>> The importance of ensuring license compliance is because lack of license
>> compliance can become a barrier to entry for corporations who are scared of
>> being sued if they use Open Source.
>> 2. If someone contributes to our project, it is the right thing for us to
>> acknowledge them.
>> 3. A good measure of OSGeoLive's success is to quote the number of people
>> who have contributed. Ie, it is good for us to track number of contributors.
>> So I suggest:
>> * Update to note that to contribute, we will be expecting to have your
>> permission if we are to use your translations. You can see email
>> conversation last time we were retrospectively chasing down agreements from
>> people for their Open Source contributions here:
>> https://lists.osgeo.org/pipermail/osgeolive/2011-July/thread.html . In
>> particular:
>> https://lists.osgeo.org/pipermail/osgeolive/2011-July/003686.html
>> * We could be creative in the way that we confirm commitment to Open
>> licenses.
>> ** Maybe insert a prominent statement in our translation page (ideally
>> next to the [submit] button) saying "by submitting are are agreeing to make
>> your content available via our open license policy" and link to our open
>> policy page.
>> ** Request people add their name to our list of contributors page (not
>> sure how we do that, but we can work out details later)
>> Cheers, Cameron
>> On 15/9/18 3:25 am, Vicky Vergara wrote:
>> Thanks for moving the discussion to the OSGeoLive mailing list.
>> Regards
>> On Fri, Sep 14, 2018 at 12:33 AM Nicolas Roelandt <roelandtn.pro at gmail.com>
>> wrote:
>>> Hi all,
>>> I asked for a review of an announcement [1] for our contributors and
>>> translators regarding the new European General Data Protection Regulation
>>> (GDPR) [2].
>>> It was not straightforward as I thought and it became a debate.
>>> My mistake was not to publish the link to the draft here, as I wanted to
>>> avoid mails here about "Fix that, add this, ..."
>>> I was wrong, so please next time, tell me to bring it to the public
>>> mailing list.
>>> The debate is not settled and was already bring it there. We just
>>> released 12.0 so I think we can discuss it now and have clear policies.
>>> Best,
>>> Nicolas
>>> [1] https://mensuel.framapad.org/p/osgeolive_contributor_consent_message
>>> [2] https://ec.europa.eu/info/law/law-topic/data-protection_en
>>> _______________________________________________
>>> osgeolive mailing list
>>> osgeolive at lists.osgeo.org
>>> https://lists.osgeo.org/mailman/listinfo/osgeolive
>> --
> Cameron Shorter
> Technology Demystifier
> Open Technologies and Geospatial Consultant
> M +61 (0) 419 142 254
> _______________________________________________
> osgeolive mailing list
> osgeolive at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/osgeolive

Ben Caradoc-Davies <ben at transient.nz>
Transient Software Limited <https://transient.nz/>
New Zealand

More information about the osgeolive mailing list