[antlr-interest] pull requests at github
Terence Parr
parrt at cs.usfca.edu
Wed Jul 11 16:00:49 PDT 2012
So it looks like the intentions of the sign off line
Signed-off-by: Random J Developer <random at developer.example.org>
would go into the commit message so that it stays in the repository, as opposed to the pull request, right?
apparently then there is an assumption that random J developer agrees with the developer's certificate of origin, but I don't like that from a legal point of view. I prefer something like
Developer-certificate-of-origin: [link to contributors license]
Signed-off-by: Random J Developer <random at developer.example.org>
that way, there is no doubt that the signatory understood what they are swearing to.
Ter
On Jul 11, 2012, at 3:48 PM, Kyle Ferrio wrote:
> Ter & Kirby,
>
> I like simple [1], and when simple is not-so-simple I like to shift the
> burden off people like me because I know how attentive I am to bookkeeping
> when I'm in the flow.
>
> As I understand git's signoff feature [2], it applies a non-repudiatable
> stamp. That's a good feature and speaks to Ter's "contributor hashcode"
> concept. So if the signoff also -- and this is key -- includes or
> encapsulates (e.g. with a message digest) teh agreement or the
> version-number of the agreement [3] then I think we're golden.
>
> [1] hat-tip to Oliver aka Dr. Simple.
> [2] which is to say, not at all.
> [3] It would be a mistake to assume the agreement will never evolve.
>
> Kyle
>
>
> On Wed, Jul 11, 2012 at 3:30 PM, Kirby Bohling <kirby.bohling at gmail.com>wrote:
>
>> I'm not sure if this workflow will work for you. As I understand it, git
>> includes the "--signoff" feature. I'm not sure I understand all the
>> details, but I know it is essentially to help facilitate that everything
>> was done in good faith, and there is a provenance review of all code going
>> into the Linux kernel. It might be worth investigating if that can be used
>> as a template for implementation, or piggy backed upon directly.
>>
>>
>> http://stackoverflow.com/questions/1962094/what-is-the-sign-off-feature-in-git-for
>>
>> Kirby
>>
>>
>>
>>
>> On Wed, Jul 11, 2012 at 5:25 PM, Terence Parr <parrt at cs.usfca.edu> wrote:
>>
>>> Hi Kyle,
>>>
>>> interesting. so, in the commit message, they would have a link or
>>> something to a certificate of origin. Maybe once they've made the commit,
>>> they can go to the ANTLR site and submit the commit hash to a website where
>>> they can click "I give the rights etc." which gives them another SHA1 hash
>>> or something that combines their user information with the commit hash.
>>> They can then add this to their commit message or perhaps simply in the
>>> pull request instead of the commit.
>>>
>>> Maybe I should just create a hash for each new contributor, that sort of
>>> like their current generator ID. Then, they can simply include this in
>>> their pull request and I can check against my ID list.
>>>
>>> Ter
>>>
>>> On Jul 11, 2012, at 2:20 PM, Kyle Ferrio wrote:
>>>
>>>> It would be nice to have a permanent, easily auditable yet unobtrusive
>>>> record of contributor testimony. There is such a mechanism: the commit
>>>> log. It would be easy for any GitHub user to include a link to the
>>> contrib
>>>> agreement in a commit message on his branch before calling for a pull.
>>>> Ideally this would be done with a standardized meta-tag to make it easy
>>> for
>>>> the person (or machine) accepting the pull request.
>>>>
>>>> I agree that it would be great if GitHub would add this to the pull
>>> request
>>>> itself.
>>>>
>>>> Kyle
>>>> On Jul 11, 2012 1:25 PM, "Terence Parr" <parrt at cs.usfca.edu> wrote:
>>>>
>>>>> Usually, these pull requests are one offs so a click wrap license
>>> would be
>>>>> ideal. Those that continue to contribute, could sign the full meal
>>> deal.
>>>>>
>>>>> Hmm…yeah, maybe you're right. we need a page that covers all pull
>>> requests
>>>>> from a particular account.
>>>>>
>>>>> it would be nice to have a link or text in each committed pull request
>>> to
>>>>> show the certificate of origin. Any ideas there?
>>>>>
>>>>> Ter
>>>>> On Jul 11, 2012, at 1:13 PM, Sam Harwell wrote:
>>>>>
>>>>>> Generally, you'd have someone send you a signed consent form, separate
>>>>> from
>>>>>> the pull request itself, that covers "pull requests sent to the ANTLR
>>>>>> project from account ____" owned by that person. If you get a pull
>>>>> request
>>>>>> from someone who doesn't already have that agreement in place, send
>>> them
>>>>> a
>>>>>> message that you need the consent form before being able to consider
>>> the
>>>>>> request.
>>>>>>
>>>>>> --
>>>>>> Sam Harwell
>>>>>> Owner, Lead Developer
>>>>>> http://tunnelvisionlabs.com
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Terence Parr [mailto:parrt at cs.usfca.edu]
>>>>>> Sent: Wednesday, July 11, 2012 3:05 PM
>>>>>> To: ANTLR interest
>>>>>> Subject: [antlr-interest] pull requests at github
>>>>>>
>>>>>> Howdy,
>>>>>>
>>>>>> people are now submitting nice pull request to the ANTLR project
>>>>> software,
>>>>>> but I have to keep the license clean. That's why I used to accept
>>> things
>>>>>> through the feedback page:
>>>>>>
>>>>>> http://www.antlr.org/misc/feedback
>>>>>>
>>>>>> or with the contributors license agreement. I submitted a feature
>>>>> request to
>>>>>> github to add such a license granting clause to the pull requests.
>>> they
>>>>> like
>>>>>> the idea, but I haven't heard back about implementation.
>>>>>>
>>>>>> What if we set up a webpage similar to the feedback page (current text
>>>>>> enclosed at the bottom) with a text box where people can submit a URL
>>> to
>>>>> a
>>>>>> pull request, certifying the origin of the material in that pull
>>> request.
>>>>>> The name/username/email etc. would have to match.very messy.
>>>>>>
>>>>>> As a result of the certificate of origin, I could automatically post a
>>>>>> comment to the pull request so that it somehow links the certificate.
>>>>>>
>>>>>> Does anybody have any process or legal advice?
>>>>>>
>>>>>> Ter
>>>>>>
>>>>>> Submission certification of origin and rights
>>>>>>
>>>>>> By hitting the submit button, you are warranting and representing that
>>>>> you
>>>>>> have the right to release this code or other content free of any
>>>>> obligations
>>>>>> to third parties and are granting Terence Parr and ANTLR project
>>>>>> contributors, henceforth referred to as The ANTLR Project, a license
>>> to
>>>>>> incorporate it into The ANTLR Project tools (such as ANTLRWorks and
>>>>>> StringTemplate) or related works under the BSD license. (For large new
>>>>> code
>>>>>> submissions or major new functionality, The ANTLR Project will ask
>>> you to
>>>>>> become an official ANTLR project contributor). You understand that The
>>>>> ANTLR
>>>>>> Project may or may not incorporate your submission and you warrant and
>>>>>> represent the following:
>>>>>> I created this submission. I am the author of all contributed work
>>>>> submitted
>>>>>> and further warrant and represent that such work is my original
>>> creation
>>>>> and
>>>>>> I have the right to license it to The ANTLR Project for release under
>>> the
>>>>>> BSD license. I hereby grant The ANTLR Project a nonexclusive,
>>>>> irrevocable,
>>>>>> royalty-free, worldwide license to reproduce, distribute, prepare
>>>>> derivative
>>>>>> works, and otherwise use this contribution as part of the ANTLR
>>> project,
>>>>>> associated documentation, books, and tools at no cost to The ANTLR
>>>>> Project.
>>>>>> I have the right to submit. This submission does not violate the
>>> rights
>>>>> of
>>>>>> any person or entity and that I have legal authority over this
>>> submission
>>>>>> and to make this certification.
>>>>>> If I violate another's rights, liability lies with me. I agree to
>>> defend,
>>>>>> indemnify, and hold The ANTLR Project and ANTLR users harmless from
>>> any
>>>>>> claim or demand, including reasonable attorney fees, made by any third
>>>>> party
>>>>>> due to or arising out of my violation of these terms and conditions
>>> or my
>>>>>> violation of the rights of another person or entity.
>>>>>> I have read this and do so certify
>>>>>>
>>>>>> List: http://www.antlr.org/mailman/listinfo/antlr-interest
>>>>>> Unsubscribe:
>>>>>>
>>> http://www.antlr.org/mailman/options/antlr-interest/your-email-address
>>>>>>
>>>>>
>>>>>
>>>>> List: http://www.antlr.org/mailman/listinfo/antlr-interest
>>>>> Unsubscribe:
>>>>> http://www.antlr.org/mailman/options/antlr-interest/your-email-address
>>>>>
>>>>
>>>> List: http://www.antlr.org/mailman/listinfo/antlr-interest
>>>> Unsubscribe:
>>> http://www.antlr.org/mailman/options/antlr-interest/your-email-address
>>>
>>>
>>> List: http://www.antlr.org/mailman/listinfo/antlr-interest
>>> Unsubscribe:
>>> http://www.antlr.org/mailman/options/antlr-interest/your-email-address
>>>
>>
>>
>
> List: http://www.antlr.org/mailman/listinfo/antlr-interest
> Unsubscribe: http://www.antlr.org/mailman/options/antlr-interest/your-email-address
More information about the antlr-interest
mailing list