-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 30/05/14 23:12, zerotacg wrote: > I see, so basically you state somewhere that we can agree to the > license by adding the "magic words" "Signed off ..." in the commit > log kind of Yes. The nice thing is that that way the agreement is directly in the git repository. > btw when cloning the repo we also clone the copyright/license > notice and rehost it on github. wouldn't that make the clone also > the same license? Obviously. When you clone it, it's the same code after all. > I mean if we fork and don't explicitly delete the license the fork > has a note stating it is under license xyz? Once you modify the clone, the things get blurry. I am not a lawyer, but MIT is not "viral" like GPL, so the modification is not necessarily licensed under MIT. Once you share it though, it may be that the license in the header applies. It would require an IP lawyer to confirm that and even then it's probably a grey zone with no much precedent. Anyway, we are not trying to create a bullet-proof system here. That would require each contributor to visit a notary to tie their real-world identity to their online identity and public key, cryptographically signing the patches etc. What we are rather trying to achieve here is to make people honestly think about whether the patch is OK from IP point of view. For example: 1. If the patch was written on your employer's time, does the employer own the copyright? Is he OK with publishing the patch under MIT? 2. Have you taken pieces of code from elsewhere? Were they published with a MIT-compatible license? Etc. So, in the end, all you need is a check box saying "the patch is OK from the IP point of view". Currently it's just people saying "I am submitting the patch under MIT license". We may change that to git commit -s though if everyone is happy with that. Martin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTiV7CAAoJENTpVjxCNN9Y5e4H/1oxk4+jErL+3xu9jNY4PaIo sh05vZZPrBVnrwVXlffM/yczeAkjvh/bswflXdknnOVN8r7C5d3DVOZHE2x5hwUG wx/VzmLdbW5GiwVTLwKMZRMvf/KHRhM9K3wyZ+DaNL+iUwA+74hm4/oBXJ3zAVT8 tH1htf2Iq4y/DJhFAVSIDpFaqvcS4j3hMOnNoZYw0Iz9aLxaMpWUasew99cpSIuw 4NpxY2lgB9x17+gQRyn4YWnqJZXoUtpoRouk8tC349+9TFtZF/smyMVxmSqIkwCd Y3D+wlUKYQUoE9KVHhbBYRIwDlJbolP7l4vWwSk4mkHmXa7zx/IF7z2ZSo0dS08= =4Hz9 -----END PGP SIGNATURE-----