[Python-Dev] Introducing Electronic Contributor Agreements
Terry Reedy
tjreedy at udel.edu
Wed Mar 6 23:43:15 CET 2013
On 3/6/2013 3:06 PM, Steven D'Aprano wrote:
> On 05/03/13 09:08, Brett Cannon wrote:
>
>> Depends on your paranoia. If you're worried about accidentally lifting IP
>> merely by reading someone's source code, then you wouldn't want to touch
>> code without the CLA signed.
>>
>> Now I'm not that paranoid, but I'm still not about to commit someone's
>> code
>> now without the CLA signed to make sure we are legally covered for the
>> patch. If someone chooses not to contribute because of the CLA that's
>> fine,
>> but since we have already told at least Anatoly that we won't accept
>> patches from him until he signs the CLA I'm not going to start acting
>> differently towards others. I view legally covering our ass by having
>> someone fill in a form is worth the potential loss of some
>> contribution in
>> the grand scheme of things.
>
> Pardon my ignorance, but how does a CLA protect us in the event of an IP
> violation?
The penalty for willful copyright violation (possible punitive damages)
is higher than for inadvertent violation (typically, remove the
offending code). In the CLA, contributors affirm that they will only
contribute code they have a legal right to contribute. This makes it
clear that PSF only wants legal code. We do not grab 3rd party code
without author participation even if the license would seem to make it
legal to do so.
Good repository software, including svn and hg, can trace every line to
a specific commit. Commit messages typically have an issue number and
credit (blame) any patch author other than the one making the commit. So
any line should be traceable to a specific person and we should have a
CLA for that person.
--
Terry Jan Reedy
More information about the Python-Dev
mailing list