[nanomsg] Re: MIT Licensing

  • From: "John D. Mitchell" <jdmitchell@xxxxxxxxx>
  • To: nanomsg@xxxxxxxxxxxxx
  • Date: Fri, 30 May 2014 13:22:13 -0700

Yeah, I'm also unclear if Martin means the "-s" (aka "signoff") or the "-S" 
(sign) feature or both?

Check out: http://mikegerwitz.com/papers/git-horror-story
for some discussion about these issues around trust.

From a legal standpoint, signoffs mean next to nothing since they too are 
spoofable (just like you can impersonate anybody in a commit message).

If people really care about provenance then, IMHO, we need:
* Signed contributor agreements
* Signed commits

IANAL but I've gone through a fair number of audits (from both sides of the 
table).

Hope this helps,
John


On May 30, 2014, at 13:04 , zerotacg <zero@xxxxxxxxxxxxxxxx> wrote:

> I'm relatively new to git, what does that actually mean?
> I see that it adds a "Signed off by ..." to the commit but how does that
> solve the need of the patch license?
> 
> Tobias
> 
> On 30.05.2014 18:33, Martin Sustrik wrote:
>> I quite like the linux kernel model. You have a developers' agreement
>> somewhere on the web and individual contributors sign the patches off
>> when committing to git:
>> 
>> git commit -s
>> 
>> Easy and efficient.
>> 
>> Would people on the list prefer this model?
>> 
>> Martin
>> 
>> On 30/05/14 18:24, John D. Mitchell wrote:
>>> That's pretty iffy. Much better to have explicit contributor
>>> agreements for each person.
>> 
>>> Cheers, John
>> 
>>> On May 30, 2014, at 07:33 , Garrett D'Amore <garrett@xxxxxxxxxx>
>>> wrote:
>> 
>>>> It doesn't.  But if the existing file is licensed under MIT and
>>>> no new notice is placed with the copyright addition then I think
>>>> the common convention is to assume that the new changes are
>>>> licensed under the same existing license.  Now changing the
>>>> license would be a different matter and in that case a new notice
>>>> in the file would be needed.
>>>> 
>>>> Sent from my iPhone
>>>> 
>>>>> On May 30, 2014, at 12:19 AM, Martin Sustrik
>>>>> <sustrik@xxxxxxxxxx> wrote:
>>>>> 
>>> Hi Garrett,
>> 
>>>>>>> Well, I'm not the package maintainers.  But for those
>>>>>>> packages that I do maintain (illumos, mangos, etc.) I ask
>>>>>>> that contributors update the copyright statements in the
>>>>>>> files that they are updating as part of their patch
>>>>>>> submission.
>> 
>>> Are you sure it works that way? I am not a lawyer, but my feeling
>>> is that claiming a copyright on the file doesn't necessarily mean
>>> you are providing your patched under the MIT license...
>> 
>>> Martin
>> 
>>>>> 
>>>> 
>> 
>> 
>> 
>> 
> 
>

Other related posts:

  1. Home
  2. nanomsg
  3. Archive
  4. 05-2014