ipfs / community

Discussion and documentation on community practices
https://docs.ipfs.tech/community/
MIT License
417 stars 226 forks source link

Copyright Hygiene #331

Open mikeal opened 6 years ago

mikeal commented 6 years ago

Capturing an issue from a conversation I had with @jbenet at Lab Day.

We need to first document and then automate the compliance for our IP policies.

This includes:

I'd also add, we should use SPDX compliant license info in every file, and automate the compliance of that as well.

vmx commented 6 years ago

For commit signing there is already a script (https://github.com/ipfs/community/blob/master/dev/hooks/setup_commit_msg_hook.sh) mentioned at https://github.com/ipfs/community/blob/64d3c9b681ea85b6a4ce90e9ee248efe3b9338a7/CONTRIBUTING-2.md#a-license-and-a-signed-off-by-trailers-are-required.

Though there's a better way to do it. I started working on it based on https://github.com/prometheus/prometheus/wiki/DCO-signing. But I didn't finish it. My current state (which could be used as a basis) is this prepare-commit-msg hook:

#!/bin/sh

git interpret-trailers \
  --if-exists doNothing \
  --trailer "License: MIT" \
  --trailer "Signed-off-by: $(git config user.name) <$(git config user.email)>" \
  --in-place "$1"
mikeal commented 6 years ago

I don't think the license is necessary here. The way Node.js, and AFAIK the Linux Project, do it is just the signoff.

If you read the text of the DCO it notes that by signing off you are acknowledging the terms of the list "in the file". There's actually been some trepidation about projects that have failed to include license info in every file because of this.

lidel commented 6 years ago

Some unknowns come with translations contributed via crowdsourcing websites:

We want to consolidate translations in one place (Translation Project for IPFS GUIs: https://github.com/ipfs/ipfs-gui/issues/50). This means in near future community will submit a lot of translations that way. Current version of ipfs/community/docs/licensing-policy.md says:

All documentation and non-code resources should be licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) license.

Is it enough to state the above in README.md or CONTRIBUTING.md? Or should we ask translation contributors to sign-off CLA before they start translating?

[Click if we need CLA for translations] Transifex (one of crowdsourcing websites) [says](https://docs.transifex.com/guides/crowdsourcing-translations#contributor-license-agreement-(cla)): > A CLA is an agreement between your company and the volunteers in your community. Usually, it's about how the work done by the community may be used, and who has permission to use it. You can add your own CLA in your team settings, and only let people who accept the CLA to contribute. As legal things can be touchy and confusing, we recommend consulting your legal counsel. They provide a [simple UI for setting CLA](https://user-images.githubusercontent.com/157609/44925762-90503f80-ad4f-11e8-923a-fa404a6bc236.png) as well. If its needed, who should write it? PL legal team?

  cc https://github.com/ipfs/ipfs-gui/issues/50, https://github.com/ipfs/community/issues/139