How to make a Pagure Pull Request and How it is licensed by default for contributors outside of 'packagers' group ?
11:23 a.m.
Hello,
I'm trying to answer this question:
"Under which license are the contributions done to Fedora Project,
unless license is specified - and how make this clear to the
contributors (or whether we make this clear enough)".
The answer is _probably_ FPCA [1].
But I've run into practical questions of how contributions can be made
to the Fedora Project in the first place. Let's start with
contributions to Fedora Linux.
--
The first Google result for "Fedora pull request" query points to [2].
On the first glance it looks fine, but it has two major issues.
1/ The instructions won't work and are holey
2/ It is a page under a "Fedora CI" project.
1/
Nowadays, we have a way for contributors outside of the 'packager'
group to make pull requests. It is a git push via HTTPS [3].
Neither [2] nor [3] describes that you need to have a FAS account
first, since without it you can't log in the pagure to fork a project
(otherwise there's nowhere you can push to).
I wanted to propose an update, but ...
2/
... this leads to a belief that such an important piece of
documentation should be probably placed outside of the "Fedora CI"
project, as it can be generalized to any project.
What could be this better location for a new documentation page to
which other pieces of documentation would point to?
And this HTTPS workflow leads back to my original question - since FAS
users outside of 'packager' group AFAIK don't need to sign FPCA [1],
but can contribute a code - under which license or agreement it is
contributed ? If it is FPCA - are such contributors aware ?
3/ Are there any other ways to contribute to either Fedora Linux or
the Fedora Project, which face the similar issue ?
[1] https://fedoraproject.org/wiki/Legal:Fedora_Project_Contributor_Agreement
[2] https://docs.fedoraproject.org/en-US/ci/pull-requests/
[3] https://fedoraproject.org/wiki/Infrastructure/HTTPS-commits
--
Michal Schorm
Software Engineer
Core Services - Databases Team
Red Hat
--
12:55 p.m.
New subject: How to make a Pagure Pull Request and How it is licensed by
default for contributors outside of 'packagers' group ?
On 22. 03. 22 17:23, Michal Schorm wrote:
And this HTTPS workflow leads back to my original question - since
FAS
users outside of 'packager' group AFAIK don't need to sign FPCA [1],
but can contribute a code - under which license or agreement it is
contributed ? If it is FPCA - are such contributors aware ?
I believe the intention is that users without FPCA agreement should not be able
to open pull requests at src.fedoraproject.org. Whether or not this is in fact
working that way, I don't know.
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
1:06 p.m.
New subject: [Fedora-legal-list] How to make a Pagure Pull Request and How it
is licensed by default for contributors outside of 'packagers' group ?
On Tue, Mar 22, 2022 at 12:25 PM Michal Schorm <mschorm(a)redhat.com> wrote:
Hello,
I'm trying to answer this question:
"Under which license are the contributions done to Fedora Project,
unless license is specified - and how make this clear to the
contributors (or whether we make this clear enough)".
The answer is _probably_ FPCA [1].
The FPCA basically says that there's a particular default license that
applies in cases where the contribution is not "covered by explicit
licensing terms that are conspicuous and readily discernible to
recipients." This does not spell out what "explicit",
"conspicuous"
and "readily discernible" actually mean, much as you haven't explained
what you mean by "specified". I would assert that the "unlicensed
contribution" scenario contemplated by the FPCA is actually going to
be fairly rare apart from the special case of spec files, which the
FPCA was particularly aimed at. In the typical case, a Fedora-related
project makes clear what the applicable license of a repository (or of
files within a repository) is/are, and under the "inbound=outbound"
convention, that will be understood to be the license of the
contribution.
I'm not aware of any reason to make anything clearer that it currently
is. I think at this point the FPCA is sort of a historical curiosity
that lives on because of inertia (other than as an indirect statement
of licensing policy around certain special things like spec files but
those could be addressed in a different way).
And this HTTPS workflow leads back to my original question - since
FAS
users outside of 'packager' group AFAIK don't need to sign FPCA [1],
but can contribute a code - under which license or agreement it is
contributed ? If it is FPCA - are such contributors aware ?
If contributors haven't signed the FPCA, the FPCA doesn't apply to
their contributions. But this is most likely unproblematic, for much
the same reason that Fedora could abandon use of the FPCA altogether
without causing any significant problem.
Richard
[1]
https://fedoraproject.org/wiki/Legal:Fedora_Project_Contributor_Agreement
[2] https://docs.fedoraproject.org/en-US/ci/pull-requests/
[3] https://fedoraproject.org/wiki/Infrastructure/HTTPS-commits
--
Michal Schorm
Software Engineer
Core Services - Databases Team
Red Hat
--
_______________________________________________
legal mailing list -- legal(a)lists.fedoraproject.org
To unsubscribe send an email to legal-leave(a)lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
1:18 p.m.
New subject: [Fedora-legal-list] How to make a Pagure Pull Request and How it
is licensed by default for contributors outside of 'packagers' group ?
On Tue, Mar 22, 2022 at 7:06 PM Richard Fontana <rfontana(a)redhat.com> wrote:
I would assert that the "unlicensed
contribution" scenario contemplated by the FPCA is actually going to
be fairly rare apart from the special case of spec files, which the
FPCA was particularly aimed at. In the typical case, a Fedora-related
project makes clear what the applicable license of a repository (or of
files within a repository) is/are, and under the "inbound=outbound"
convention, that will be understood to be the license of the
contribution.
I've never heard about "inbound=outbound convention".
I understand your answer as that:
it is irrelevant whether the contributor specified the license (e.g.
text "I submit this under GPL-2.0 license" in the pull request
comment) or whether none was specified, or whether the FPCA was
accepted by the contributor; since every contributor to a code (let's
say a single package repository) is always legally assumed to be under
the license othe code of that package has, unless specified
differently by the contributor.
Is my understanding correct ?
Michal
--
Michal Schorm
Software Engineer
Core Services - Databases Team
Red Hat
--
On Tue, Mar 22, 2022 at 7:06 PM Richard Fontana <rfontana(a)redhat.com> wrote:
On Tue, Mar 22, 2022 at 12:25 PM Michal Schorm <mschorm(a)redhat.com> wrote:
>
> Hello,
>
> I'm trying to answer this question:
> "Under which license are the contributions done to Fedora Project,
> unless license is specified - and how make this clear to the
> contributors (or whether we make this clear enough)".
> The answer is _probably_ FPCA [1].
The FPCA basically says that there's a particular default license that
applies in cases where the contribution is not "covered by explicit
licensing terms that are conspicuous and readily discernible to
recipients." This does not spell out what "explicit",
"conspicuous"
and "readily discernible" actually mean, much as you haven't explained
what you mean by "specified". I would assert that the "unlicensed
contribution" scenario contemplated by the FPCA is actually going to
be fairly rare apart from the special case of spec files, which the
FPCA was particularly aimed at. In the typical case, a Fedora-related
project makes clear what the applicable license of a repository (or of
files within a repository) is/are, and under the "inbound=outbound"
convention, that will be understood to be the license of the
contribution.
I'm not aware of any reason to make anything clearer that it currently
is. I think at this point the FPCA is sort of a historical curiosity
that lives on because of inertia (other than as an indirect statement
of licensing policy around certain special things like spec files but
those could be addressed in a different way).
> And this HTTPS workflow leads back to my original question - since FAS
> users outside of 'packager' group AFAIK don't need to sign FPCA [1],
> but can contribute a code - under which license or agreement it is
> contributed ? If it is FPCA - are such contributors aware ?
If contributors haven't signed the FPCA, the FPCA doesn't apply to
their contributions. But this is most likely unproblematic, for much
the same reason that Fedora could abandon use of the FPCA altogether
without causing any significant problem.
Richard
> [1] https://fedoraproject.org/wiki/Legal:Fedora_Project_Contributor_Agreement
> [2] https://docs.fedoraproject.org/en-US/ci/pull-requests/
> [3] https://fedoraproject.org/wiki/Infrastructure/HTTPS-commits
>
> --
>
> Michal Schorm
> Software Engineer
> Core Services - Databases Team
> Red Hat
>
> --
> _______________________________________________
> legal mailing list -- legal(a)lists.fedoraproject.org
> To unsubscribe send an email to legal-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
3:35 a.m.
New subject: [Fedora-legal-list] How to make a Pagure Pull Request and How it
is licensed by default for contributors outside of 'packagers' group ?
Dne 22. 03. 22 v 19:18 Michal Schorm napsal(a):
On Tue, Mar 22, 2022 at 7:06 PM Richard Fontana
<rfontana(a)redhat.com> wrote:
> I would assert that the "unlicensed
> contribution" scenario contemplated by the FPCA is actually going to
> be fairly rare apart from the special case of spec files, which the
> FPCA was particularly aimed at. In the typical case, a Fedora-related
> project makes clear what the applicable license of a repository (or of
> files within a repository) is/are, and under the "inbound=outbound"
> convention, that will be understood to be the license of the
> contribution.
I've never heard about "inbound=outbound convention".
I think you can get more information about this concept in Richard's
article:
https://opensource.com/article/19/2/cla-problems
I understand your answer as that:
it is irrelevant whether the contributor specified the license (e.g.
text "I submit this under GPL-2.0 license" in the pull request
comment)
If somebody states license of the contribution, then it has to be
respected. Otherwise it is assumed that the contribution has similar
licensing conditions as the target project.
Vít
or whether none was specified, or whether the FPCA was
accepted by the contributor; since every contributor to a code (let's
say a single package repository) is always legally assumed to be under
the license othe code of that package has, unless specified
differently by the contributor.
Is my understanding correct ?
Michal
--
Michal Schorm
Software Engineer
Core Services - Databases Team
Red Hat
--
On Tue, Mar 22, 2022 at 7:06 PM Richard Fontana <rfontana(a)redhat.com> wrote:
> On Tue, Mar 22, 2022 at 12:25 PM Michal Schorm <mschorm(a)redhat.com> wrote:
>> Hello,
>>
>> I'm trying to answer this question:
>> "Under which license are the contributions done to Fedora Project,
>> unless license is specified - and how make this clear to the
>> contributors (or whether we make this clear enough)".
>> The answer is _probably_ FPCA [1].
> The FPCA basically says that there's a particular default license that
> applies in cases where the contribution is not "covered by explicit
> licensing terms that are conspicuous and readily discernible to
> recipients." This does not spell out what "explicit",
"conspicuous"
> and "readily discernible" actually mean, much as you haven't
explained
> what you mean by "specified". I would assert that the "unlicensed
> contribution" scenario contemplated by the FPCA is actually going to
> be fairly rare apart from the special case of spec files, which the
> FPCA was particularly aimed at. In the typical case, a Fedora-related
> project makes clear what the applicable license of a repository (or of
> files within a repository) is/are, and under the "inbound=outbound"
> convention, that will be understood to be the license of the
> contribution.
>
> I'm not aware of any reason to make anything clearer that it currently
> is. I think at this point the FPCA is sort of a historical curiosity
> that lives on because of inertia (other than as an indirect statement
> of licensing policy around certain special things like spec files but
> those could be addressed in a different way).
>
>> And this HTTPS workflow leads back to my original question - since FAS
>> users outside of 'packager' group AFAIK don't need to sign FPCA
[1],
>> but can contribute a code - under which license or agreement it is
>> contributed ? If it is FPCA - are such contributors aware ?
> If contributors haven't signed the FPCA, the FPCA doesn't apply to
> their contributions. But this is most likely unproblematic, for much
> the same reason that Fedora could abandon use of the FPCA altogether
> without causing any significant problem.
>
> Richard
>
>
>> [1] https://fedoraproject.org/wiki/Legal:Fedora_Project_Contributor_Agreement
>> [2] https://docs.fedoraproject.org/en-US/ci/pull-requests/
>> [3] https://fedoraproject.org/wiki/Infrastructure/HTTPS-commits
>>
>> --
>>
>> Michal Schorm
>> Software Engineer
>> Core Services - Databases Team
>> Red Hat
>>
>> --
>> _______________________________________________
>> legal mailing list -- legal(a)lists.fedoraproject.org
>> To unsubscribe send an email to legal-leave(a)lists.fedoraproject.org
>> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org
>> Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
_______________________________________________
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
5:58 a.m.
New subject: [Fedora-legal-list] How to make a Pagure Pull Request and How it
is licensed by default for contributors outside of 'packagers' group ?
On 23. 03. 22 9:35, Vít Ondruch wrote:
>
> I understand your answer as that:
> it is irrelevant whether the contributor specified the license (e.g.
> text "I submit this under GPL-2.0 license" in the pull request
> comment)
If somebody states license of the contribution, then it has to be respected.
Otherwise it is assumed that the contribution has similar licensing conditions
as the target project.
If that's the case, can we please stop enforcing the signed-off-by thing in
Fedora projects (such as various Fedora projects on Pagure or Bodhi on GitHub)?
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
9:54 a.m.
New subject: [Fedora-legal-list] How to make a Pagure Pull Request and How
it is licensed by default for contributors outside of 'packagers' group ?
Miro Hrončok <mhroncok(a)redhat.com> writes:
If that's the case, can we please stop enforcing the
signed-off-by
thing in Fedora projects (such as various Fedora projects on Pagure or
Bodhi on GitHub)?
My understanding is that's about provenance, not licensing per se (not a
lawyer etc.). In any case it's up to the project maintainers.
Be well,
--Robbie
6:50 a.m.
New subject: [Fedora-legal-list] How to make a Pagure Pull Request and How it
is licensed by default for contributors outside of 'packagers' group ?
On Wed, Mar 23, 2022 at 9:36 AM Vít Ondruch <vondruch(a)redhat.com> wrote:
Dne 22. 03. 22 v 19:18 Michal Schorm napsal(a):
> On Tue, Mar 22, 2022 at 7:06 PM Richard Fontana <rfontana(a)redhat.com> wrote:
>> I would assert that the "unlicensed
>> contribution" scenario contemplated by the FPCA is actually going to
>> be fairly rare apart from the special case of spec files, which the
>> FPCA was particularly aimed at. In the typical case, a Fedora-related
>> project makes clear what the applicable license of a repository (or of
>> files within a repository) is/are, and under the "inbound=outbound"
>> convention, that will be understood to be the license of the
>> contribution.
> I've never heard about "inbound=outbound convention".
I think you can get more information about this concept in Richard's
article:
https://opensource.com/article/19/2/cla-problems
What a great article !
That answers it to me.
We don't need the contributors to sign the FPCA or any CLA.
Thanks.
Michal
--
Michal Schorm
Software Engineer
Core Services - Databases Team
Red Hat
--
On Wed, Mar 23, 2022 at 9:36 AM Vít Ondruch <vondruch(a)redhat.com> wrote:
Dne 22. 03. 22 v 19:18 Michal Schorm napsal(a):
> On Tue, Mar 22, 2022 at 7:06 PM Richard Fontana <rfontana(a)redhat.com> wrote:
>> I would assert that the "unlicensed
>> contribution" scenario contemplated by the FPCA is actually going to
>> be fairly rare apart from the special case of spec files, which the
>> FPCA was particularly aimed at. In the typical case, a Fedora-related
>> project makes clear what the applicable license of a repository (or of
>> files within a repository) is/are, and under the "inbound=outbound"
>> convention, that will be understood to be the license of the
>> contribution.
> I've never heard about "inbound=outbound convention".
I think you can get more information about this concept in Richard's
article:
https://opensource.com/article/19/2/cla-problems
>
> I understand your answer as that:
> it is irrelevant whether the contributor specified the license (e.g.
> text "I submit this under GPL-2.0 license" in the pull request
> comment)
If somebody states license of the contribution, then it has to be
respected. Otherwise it is assumed that the contribution has similar
licensing conditions as the target project.
Vít
> or whether none was specified, or whether the FPCA was
> accepted by the contributor; since every contributor to a code (let's
> say a single package repository) is always legally assumed to be under
> the license othe code of that package has, unless specified
> differently by the contributor.
>
> Is my understanding correct ?
>
> Michal
>
> --
>
> Michal Schorm
> Software Engineer
> Core Services - Databases Team
> Red Hat
>
> --
>
> On Tue, Mar 22, 2022 at 7:06 PM Richard Fontana <rfontana(a)redhat.com> wrote:
>> On Tue, Mar 22, 2022 at 12:25 PM Michal Schorm <mschorm(a)redhat.com>
wrote:
>>> Hello,
>>>
>>> I'm trying to answer this question:
>>> "Under which license are the contributions done to Fedora Project,
>>> unless license is specified - and how make this clear to the
>>> contributors (or whether we make this clear enough)".
>>> The answer is _probably_ FPCA [1].
>> The FPCA basically says that there's a particular default license that
>> applies in cases where the contribution is not "covered by explicit
>> licensing terms that are conspicuous and readily discernible to
>> recipients." This does not spell out what "explicit",
"conspicuous"
>> and "readily discernible" actually mean, much as you haven't
explained
>> what you mean by "specified". I would assert that the
"unlicensed
>> contribution" scenario contemplated by the FPCA is actually going to
>> be fairly rare apart from the special case of spec files, which the
>> FPCA was particularly aimed at. In the typical case, a Fedora-related
>> project makes clear what the applicable license of a repository (or of
>> files within a repository) is/are, and under the "inbound=outbound"
>> convention, that will be understood to be the license of the
>> contribution.
>>
>> I'm not aware of any reason to make anything clearer that it currently
>> is. I think at this point the FPCA is sort of a historical curiosity
>> that lives on because of inertia (other than as an indirect statement
>> of licensing policy around certain special things like spec files but
>> those could be addressed in a different way).
>>
>>> And this HTTPS workflow leads back to my original question - since FAS
>>> users outside of 'packager' group AFAIK don't need to sign FPCA
[1],
>>> but can contribute a code - under which license or agreement it is
>>> contributed ? If it is FPCA - are such contributors aware ?
>> If contributors haven't signed the FPCA, the FPCA doesn't apply to
>> their contributions. But this is most likely unproblematic, for much
>> the same reason that Fedora could abandon use of the FPCA altogether
>> without causing any significant problem.
>>
>> Richard
>>
>>
>>> [1]
https://fedoraproject.org/wiki/Legal:Fedora_Project_Contributor_Agreement
>>> [2] https://docs.fedoraproject.org/en-US/ci/pull-requests/
>>> [3] https://fedoraproject.org/wiki/Infrastructure/HTTPS-commits
>>>
>>> --
>>>
>>> Michal Schorm
>>> Software Engineer
>>> Core Services - Databases Team
>>> Red Hat
>>>
>>> --
>>> _______________________________________________
>>> legal mailing list -- legal(a)lists.fedoraproject.org
>>> To unsubscribe send an email to legal-leave(a)lists.fedoraproject.org
>>> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>>> List Archives:
https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org
>>> Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
> _______________________________________________
> devel mailing list -- devel(a)lists.fedoraproject.org
> To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
_______________________________________________
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
4:15 p.m.
New subject: How to make a Pagure Pull Request and How it is licensed by
default for contributors outside of 'packagers' group ?
Michal Schorm kirjoitti 22.3.2022 klo 18.23:
Hello,
I'm trying to answer this question:
"Under which license are the contributions done to Fedora Project,
unless license is specified - and how make this clear to the
contributors (or whether we make this clear enough)".
The answer is _probably_ FPCA [1].
But I've run into practical questions of how contributions can be made
to the Fedora Project in the first place. Let's start with
contributions to Fedora Linux.
--
The first Google result for "Fedora pull request" query points to [2].
On the first glance it looks fine, but it has two major issues.
1/ The instructions won't work and are holey
2/ It is a page under a "Fedora CI" project.
1/
Nowadays, we have a way for contributors outside of the 'packager'
group to make pull requests. It is a git push via HTTPS [3].
Neither [2] nor [3] describes that you need to have a FAS account
first, since without it you can't log in the pagure to fork a project
(otherwise there's nowhere you can push to).
I wanted to propose an update, but ...
2/
... this leads to a belief that such an important piece of
documentation should be probably placed outside of the "Fedora CI"
project, as it can be generalized to any project.
What could be this better location for a new documentation page to
which other pieces of documentation would point to?
The CI docs page does not seem to explain doing pull requests to the CI
project, but to Package Sources at src.fedoraproject.org. I suppose the
CI project documents the process, because some of the CI is supposed to
run on pull requests. (But I am not sure if any useful CI actually runs
— I personally have not ever seen any useful CI results for pull
requests to packages.)
A better place for that information would be the Package Maintainer
Docs. Current coverage is very thin [1]. A ticket about making it better
was opened recently [2]. Contributions are welcome!
[1]:
https://docs.fedoraproject.org/en-US/package-maintainers/Package_Maintena...
[2]: https://pagure.io/fedora-docs/package-maintainer-docs/issue/66
790
days inactive
791
days old
8 comments
6 participants
participants (6)
-
Michal Schorm -
Miro Hrončok -
Otto Urpelainen -
Richard Fontana -
Robbie Harwood -
Vít Ondruch