[antlr-interest] pull requests at github

Terence Parr parrt at cs.usfca.edu
Wed Jul 11 16:00:49 PDT 2012


So it looks like the intentions of the sign off line

Signed-off-by: Random J Developer <random at developer.example.org>

would go into the commit message so that it stays in the repository, as opposed to the pull request, right?

apparently then there is an assumption that random J developer agrees with the developer's certificate of origin, but I don't like that from a legal point of view. I prefer something like

Developer-certificate-of-origin: [link to contributors license]
Signed-off-by: Random J Developer <random at developer.example.org>

that way, there is no doubt that the signatory understood what they are swearing to.

Ter
On Jul 11, 2012, at 3:48 PM, Kyle Ferrio wrote:

> Ter & Kirby,
> 
> I like simple [1], and when simple is not-so-simple I like to shift the
> burden off people like me because I know how attentive I am to bookkeeping
> when I'm in the flow.
> 
> As I understand git's signoff feature [2], it applies a non-repudiatable
> stamp.  That's a good feature and speaks to Ter's "contributor hashcode"
> concept.  So if the signoff also  -- and this is key -- includes or
> encapsulates (e.g. with a message digest) teh agreement or the
> version-number of the agreement [3] then I think we're golden.
> 
> [1] hat-tip to Oliver aka Dr. Simple.
> [2] which is to say, not at all.
> [3] It would be a mistake to assume the agreement will never evolve.
> 
> Kyle
> 
> 
> On Wed, Jul 11, 2012 at 3:30 PM, Kirby Bohling <kirby.bohling at gmail.com>wrote:
> 
>> I'm not sure if this workflow will work for you.  As I understand it, git
>> includes the "--signoff" feature.  I'm not sure I understand all the
>> details, but I know it is essentially to help facilitate that everything
>> was done in good faith, and there is a provenance review of all code going
>> into the Linux kernel.  It might be worth investigating if that can be used
>> as a template for implementation, or piggy backed upon directly.
>> 
>> 
>> http://stackoverflow.com/questions/1962094/what-is-the-sign-off-feature-in-git-for
>> 
>> Kirby
>> 
>> 
>> 
>> 
>> On Wed, Jul 11, 2012 at 5:25 PM, Terence Parr <parrt at cs.usfca.edu> wrote:
>> 
>>> Hi Kyle,
>>> 
>>> interesting. so, in the commit message, they would have a link or
>>> something to a certificate of origin.  Maybe once they've made the commit,
>>> they can go to the ANTLR site and submit the commit hash to a website where
>>> they can click "I give the rights etc." which gives them another SHA1 hash
>>> or something that combines their user information with the commit hash.
>>> They can then add this to their commit message or perhaps simply in the
>>> pull request instead of the commit.
>>> 
>>> Maybe I should just create a hash for each new contributor, that sort of
>>> like their current generator ID. Then, they can simply include this in
>>> their pull request and I can check against my ID list.
>>> 
>>> Ter
>>> 
>>> On Jul 11, 2012, at 2:20 PM, Kyle Ferrio wrote:
>>> 
>>>> It would be nice to have a permanent, easily auditable yet unobtrusive
>>>> record of contributor testimony.  There is such a mechanism: the commit
>>>> log.  It would be easy for any GitHub user to include a link to the
>>> contrib
>>>> agreement in a commit message on his branch before calling for a pull.
>>>> Ideally this would be done with a standardized meta-tag to make it easy
>>> for
>>>> the person (or machine) accepting the pull request.
>>>> 
>>>> I agree that it would be great if GitHub would add this to the pull
>>> request
>>>> itself.
>>>> 
>>>> Kyle
>>>> On Jul 11, 2012 1:25 PM, "Terence Parr" <parrt at cs.usfca.edu> wrote:
>>>> 
>>>>> Usually, these pull requests are one offs so a click wrap license
>>> would be
>>>>> ideal. Those that continue to contribute,  could sign the full meal
>>> deal.
>>>>> 
>>>>> Hmm…yeah, maybe you're right. we need a page that covers all pull
>>> requests
>>>>> from a particular account.
>>>>> 
>>>>> it would be nice to have a link or text in each committed pull request
>>> to
>>>>> show the certificate of origin. Any ideas there?
>>>>> 
>>>>> Ter
>>>>> On Jul 11, 2012, at 1:13 PM, Sam Harwell wrote:
>>>>> 
>>>>>> Generally, you'd have someone send you a signed consent form, separate
>>>>> from
>>>>>> the pull request itself, that covers "pull requests sent to the ANTLR
>>>>>> project from account ____" owned by that person. If you get a pull
>>>>> request
>>>>>> from someone who doesn't already have that agreement in place, send
>>> them
>>>>> a
>>>>>> message that you need the consent form before being able to consider
>>> the
>>>>>> request.
>>>>>> 
>>>>>> --
>>>>>> Sam Harwell
>>>>>> Owner, Lead Developer
>>>>>> http://tunnelvisionlabs.com
>>>>>> 
>>>>>> -----Original Message-----
>>>>>> From: Terence Parr [mailto:parrt at cs.usfca.edu]
>>>>>> Sent: Wednesday, July 11, 2012 3:05 PM
>>>>>> To: ANTLR interest
>>>>>> Subject: [antlr-interest] pull requests at github
>>>>>> 
>>>>>> Howdy,
>>>>>> 
>>>>>> people are now submitting nice pull request to the ANTLR project
>>>>> software,
>>>>>> but I have to keep the license clean. That's why I used to accept
>>> things
>>>>>> through the feedback page:
>>>>>> 
>>>>>> http://www.antlr.org/misc/feedback
>>>>>> 
>>>>>> or with the contributors license agreement. I submitted a feature
>>>>> request to
>>>>>> github to add such a license granting clause to the pull requests.
>>> they
>>>>> like
>>>>>> the idea, but I haven't heard back about implementation.
>>>>>> 
>>>>>> What if we set up a webpage similar to the feedback page (current text
>>>>>> enclosed at the bottom) with a text box where people can submit a URL
>>> to
>>>>> a
>>>>>> pull request, certifying the origin of the material in that pull
>>> request.
>>>>>> The name/username/email etc. would have to match.very messy.
>>>>>> 
>>>>>> As a result of the certificate of origin, I could automatically post a
>>>>>> comment to the pull request so that it somehow links the certificate.
>>>>>> 
>>>>>> Does anybody have any process or legal advice?
>>>>>> 
>>>>>> Ter
>>>>>> 
>>>>>> Submission certification of origin and rights
>>>>>> 
>>>>>> By hitting the submit button, you are warranting and representing that
>>>>> you
>>>>>> have the right to release this code or other content free of any
>>>>> obligations
>>>>>> to third parties and are granting Terence Parr and ANTLR project
>>>>>> contributors, henceforth referred to as The ANTLR Project, a license
>>> to
>>>>>> incorporate it into The ANTLR Project tools (such as ANTLRWorks and
>>>>>> StringTemplate) or related works under the BSD license. (For large new
>>>>> code
>>>>>> submissions or major new functionality, The ANTLR Project will ask
>>> you to
>>>>>> become an official ANTLR project contributor). You understand that The
>>>>> ANTLR
>>>>>> Project may or may not incorporate your submission and you warrant and
>>>>>> represent the following:
>>>>>> I created this submission. I am the author of all contributed work
>>>>> submitted
>>>>>> and further warrant and represent that such work is my original
>>> creation
>>>>> and
>>>>>> I have the right to license it to The ANTLR Project for release under
>>> the
>>>>>> BSD license. I hereby grant The ANTLR Project a nonexclusive,
>>>>> irrevocable,
>>>>>> royalty-free, worldwide license to reproduce, distribute, prepare
>>>>> derivative
>>>>>> works, and otherwise use this contribution as part of the ANTLR
>>> project,
>>>>>> associated documentation, books, and tools at no cost to The ANTLR
>>>>> Project.
>>>>>> I have the right to submit. This submission does not violate the
>>> rights
>>>>> of
>>>>>> any person or entity and that I have legal authority over this
>>> submission
>>>>>> and to make this certification.
>>>>>> If I violate another's rights, liability lies with me. I agree to
>>> defend,
>>>>>> indemnify, and hold The ANTLR Project and ANTLR users harmless from
>>> any
>>>>>> claim or demand, including reasonable attorney fees, made by any third
>>>>> party
>>>>>> due to or arising out of my violation of these terms and conditions
>>> or my
>>>>>> violation of the rights of another person or entity.
>>>>>> I have read this and do so certify
>>>>>> 
>>>>>> List: http://www.antlr.org/mailman/listinfo/antlr-interest
>>>>>> Unsubscribe:
>>>>>> 
>>> http://www.antlr.org/mailman/options/antlr-interest/your-email-address
>>>>>> 
>>>>> 
>>>>> 
>>>>> List: http://www.antlr.org/mailman/listinfo/antlr-interest
>>>>> Unsubscribe:
>>>>> http://www.antlr.org/mailman/options/antlr-interest/your-email-address
>>>>> 
>>>> 
>>>> List: http://www.antlr.org/mailman/listinfo/antlr-interest
>>>> Unsubscribe:
>>> http://www.antlr.org/mailman/options/antlr-interest/your-email-address
>>> 
>>> 
>>> List: http://www.antlr.org/mailman/listinfo/antlr-interest
>>> Unsubscribe:
>>> http://www.antlr.org/mailman/options/antlr-interest/your-email-address
>>> 
>> 
>> 
> 
> List: http://www.antlr.org/mailman/listinfo/antlr-interest
> Unsubscribe: http://www.antlr.org/mailman/options/antlr-interest/your-email-address



More information about the antlr-interest mailing list