caniszczyk
commented
5 years ago @msohn this is decided per project atm, the board is considering having a foundation wide one though in the future
Closed msohn closed 1 year ago
caniszczyk
commented
5 years ago @msohn this is decided per project atm, the board is considering having a foundation wide one though in the future
caniszczyk
commented
5 years ago @danlopez00 my suggestion would be lifting the CNCF IP Policy in the charter as a starting discussion point
danlopez00
commented
5 years ago Here is the link to the CNCF IP Policy to consider:
https://github.com/cncf/foundation/blob/master/charter.md#11-ip-policy
with the text in DRAFT:
(a) Any project that is added to the CDF must have ownership of its trademark and logo assets transferred to the Linux Foundation.
(b) Each project shall determine whether it will require use of an approved CDF CLA. For projects that select to use a CLA, all code contributors will undertake the obligations set forth in the Apache contributor license agreement(s), altered only as necessary to identify CDF as the recipient of the contributions, and which shall be approved by the Governance Board. See CDF Contributor License Agreements available at https://github.com/cncf/cla. The process for managing contributions in accordance with this policy shall be subject to Governance Board approval.
(c) All new inbound code contributions to the CDF shall be (i) accompanied by a Developer Certificate of Origin sign-off (https://developercertificate.org) and (ii) made under the Apache License, Version 2.0 (available at https://www.apache.org/licenses/LICENSE-2.0), such license to be in addition to, and shall not supersede, obligations undertaken under the contribution license agreement(s) provided for in (b) above.
(d) All outbound code will be made available under the Apache License, Version 2.0.
(e) All projects evaluated for inclusion in the CDF shall be completely licensed under an OSI-approved open source license. If the license for a project included in CNCF is not Apache License, Version 2.0, approval of the Governing Board shall be required.
(f) All documentation will be received and made available by the CDF under the Creative Commons Attribution 4.0 International License.
(g) If an alternative inbound or outbound license is required for compliance with the license for a leveraged open source project or is otherwise required to achieve the CDF’s mission, the Governing Board may approve the use of an alternative license for inbound or outbound contributions on an exception basis.make sure you reach out to Mike Dolan before suggesting anything, there may be other approaches
On Thu, Sep 5, 2019 at 12:07 PM Dan Lopez notifications@github.com wrote:
Here is the link to the CNCF IP Policy to consider:
https://github.com/cncf/foundation/blob/master/charter.md#11-ip-policy
with the text in DRAFT:
(a) Any project that is added to the CDF must have ownership of its trademark and logo assets transferred to the Linux Foundation.
(b) Each project shall determine whether it will require use of an approved CDF CLA. For projects that select to use a CLA, all code contributors will undertake the obligations set forth in the Apache contributor license agreement(s), altered only as necessary to identify CDF as the recipient of the contributions, and which shall be approved by the Governance Board. See CDF Contributor License Agreements available at https://github.com/cncf/cla. The process for managing contributions in accordance with this policy shall be subject to Governance Board approval.
(c) All new inbound code contributions to the CDF shall be (i) accompanied by a Developer Certificate of Origin sign-off (https://developercertificate.org) and (ii) made under the Apache License, Version 2.0 (available at https://www.apache.org/licenses/LICENSE-2.0), such license to be in addition to, and shall not supersede, obligations undertaken under the contribution license agreement(s) provided for in (b) above.
(d) All outbound code will be made available under the Apache License, Version 2.0.
(e) All projects evaluated for inclusion in the CDF shall be completely licensed under an OSI-approved open source license. If the license for a project included in CNCF is not Apache License, Version 2.0, approval of the Governing Board shall be required.
(f) All documentation will be received and made available by the CDF under the Creative Commons Attribution 4.0 International License.
(g) If an alternative inbound or outbound license is required for compliance with the license for a leveraged open source project or is otherwise required to achieve the CDF’s mission, the Governing Board may approve the use of an alternative license for inbound or outbound contributions on an exception basis.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/cdfoundation/toc/issues/28?email_source=notifications&email_token=AAAPSINRLEI2KBZGLXECJPLQIE4GXA5CNFSM4IOCNNLKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD5763LQ#issuecomment-528477614, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAPSIJ4HKVLYYB3HQLDKBLQIE4GXANCNFSM4IOCNNLA .
-- Cheers,
Chris Aniszczyk http://aniszczyk.org +1 512 961 6719
rtyler
commented
5 years ago From the CNCF guideilnes, I haven't the slightest idea what inbound and outbound code actually mean, in any context :smile_cat:
My suggestion would be to ensure that CDF projects are using an OSI approved free/open source license with good IP provenance practices. Past that, flexibility makes sense to me. For example, the Jenkins project core code is under MIT, but we have plugins licensed a myriad of different ways, but retain our requirement that they be OSI-approved open source in order to host them in our GitHub organization and distribution through our Update Center
danlopez00
commented
5 years ago @caniszczyk I have pinged Mike Dolan for recommended approaches.
oleg-nenashev
commented
3 years ago I reviewed the CNCF requirements, and obviously they are not currently followed in the incubating and even the graduated projects. While we can agree on a de-facto state for repos that are already members, we definitely need to get it over the line. I consider it a blocker for #116
I will add it to the @cdfoundation/toc review queue. We definitely need to clarify this topic
oleg-nenashev
commented
3 years ago @tracymiranda to take a look
afrittoli
commented
1 year ago @fdegir it would be good to have an IP policy that clarifies:
I don't understand the inbound/outbound distinction in the CNCF policy either...
fdegir
commented
1 year ago @afrittoli we discussed this with the LF Legal and their response to this was that IP and License policies are set on project level so if projects determine the need of having IP/CLA/DCO requirements, they need to do that on project level. The license requirements are also handled on project level and if IP policy is not available, Licenses are used as fallback.
Please see this and this issue where we captured the summary of our conversation with LF Legal.
If the community identifies something that doesn't fall under a specific project like the work done by the SIGs, a CDF level IP policy can be created as a "catch all" but this still doesn't apply to projects.
/cc @micmarti85
afrittoli
commented
1 year ago Thanks @fdegir - I think the last bit required to complete this task would be to document some guidance for projects in the TOC repo:
The project lifecycle document [1] requires that incubation projects adhere to the foundation's IP policy. Where can I find this IP policy ?
[1] https://github.com/cdfoundation/toc/blob/master/PROJECT_LIFECYCLE.md#incubation-stage