Fedora website, Red Hat, copyright notices and FPCA

Adam Williamson awilliam at redhat.com
Tue Jun 28 17:50:52 UTC 2011 

On Tue, 2011-06-28 at 00:17 -0700, Toshio Kuratomi wrote:

> If you're tlaking about patches that are being checked into the Fedora
> package repository then my experience is that you're wrong in the majority
> of cases.  All of those patches are currently being committed by people who
> have signed the FPCA exactly once (they may have signed both the CLA and the
> FPCA so in that respect you could consider that they've signed things
> exactly twice).  OTOH, if you take away the FPCA and then demand that they
> put an explicit license on all of their patches, then you're expecting them
> to do the work of generating the license boilerplate for every single patch
> that they create and check in.

Just to cheerfully derail this for a bit - I doubt the usual case is
that the people checking in the patches are also the ones who created
them. I know that I more often check in a patch from somewhere else -
usually upstream - than ones I wrote.

Now, the FPCA sort of covers this - "If You are not the copyright holder
of a given Contribution that You wish to Submit to Fedora (for example,
if Your employer or university holds copyright in it), it is Your
responsibility to first obtain authorization from the copyright holder
to Submit the Contribution under the terms of this FPCA on behalf of, or
otherwise with the permission of, that copyright holder.  One form of
such authorization is for the copyright holder to place, or permit You
to place, an Acceptable License For Fedora on the Contribution." - but
there's probably still a lot of seat-of-the-pants flying going on here,
from a strict legal perspective. If the patch in question is in a VCS
there's a fighting chance that it's 'formally' licensed somehow or
other, but I doubt many of us properly comply with the terms of the
license when isolating a patch and throwing it into a Fedora package (I
know I never add a license header to such patches or anything like
that). If the patch came from, say, an upstream mailing list, it's
probably never been formally licensed at all.

So, is the FPCA really giving us much in this context, which may be the
most common context for patch contributions? Or are we still more or
less just relying on everyone doing the decent thing?
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net

More information about the advisory-board mailing list