GitHub contributors and the FPCA

Pierre-Yves Chibon pingou at
Wed Jun 24 09:10:20 UTC 2015

Good morning everyone,

Few weeks I asked spot about the status of the FPCA with regards to contributors
sending pull-requests via GitHub. Spot replied to me a couple of weeks ago with
the following answer which I thought I should share since we are several
managing projects on GitHub:

> * The second use-case I had a thought about was the github use-case. We have
>   more and more projects hosted on github, from a bunch of different teams.
>   People contributing to these projects via github do not have to sign the FPCA,
>   is this a problem?
>   I am always un-sure about this part, so it might be just me but when I
>   contribute to a project that is GPL/MIT/BSD/...-licensed my work is
>   automatically licensed under the license of the project, right?
>   If so, then I guess it's fine FPCA-wise :)

Well, there is nothing legally that makes your contributions magically
under a license, with the notable exception of Apache and derived
licenses. Richard Fontana argues (rather reasonably) that there is an
expectation that contributions to an upstream project, without a clear
and explicit licensing statement, are thus safe to interpret as being
under the same license as that upstream project. However, there is no
current legal framework to back that up. The risk is admittedly minimal
that a change will come in, we'll merge it, and later, that person will
claim it is under some odd non-free or incompatible license, but it is
not zero.

I would personally prefer it if we either confirmed that people
submitting changes to our projects were either signers of the FPCA or
provided explicit licensing information. This could be done by asking
them in the merge request something like "Please confirm that you give
us permission to use this change under the same license terms as the
rest of this code."

I went through the list of contributors on some of my projects and already found
3 persons who contributed without signing the FPCA (which is great: outside
contributors \รณ/, and less so: have now to ask them to confirm their
contributions is under the same code as the project).

With pagure gaining features, I am considering more and more moving some of my
projects there :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <>

More information about the infrastructure mailing list