[Python-Dev] Introducing Electronic Contributor Agreements (original) (raw)

Terry Reedy tjreedy at udel.edu
Wed Mar 6 23:43:15 CET 2013

On 3/6/2013 3:06 PM, Steven D'Aprano wrote:

On 05/03/13 09:08, Brett Cannon wrote:

Depends on your paranoia. If you're worried about accidentally lifting IP merely by reading someone's source code, then you wouldn't want to touch code without the CLA signed.

Now I'm not that paranoid, but I'm still not about to commit someone's code now without the CLA signed to make sure we are legally covered for the patch. If someone chooses not to contribute because of the CLA that's fine, but since we have already told at least Anatoly that we won't accept patches from him until he signs the CLA I'm not going to start acting differently towards others. I view legally covering our ass by having someone fill in a form is worth the potential loss of some contribution in the grand scheme of things. Pardon my ignorance, but how does a CLA protect us in the event of an IP violation?

The penalty for willful copyright violation (possible punitive damages) is higher than for inadvertent violation (typically, remove the offending code). In the CLA, contributors affirm that they will only contribute code they have a legal right to contribute. This makes it clear that PSF only wants legal code. We do not grab 3rd party code without author participation even if the license would seem to make it legal to do so.

Good repository software, including svn and hg, can trace every line to a specific commit. Commit messages typically have an issue number and credit (blame) any patch author other than the one making the commit. So any line should be traceable to a specific person and we should have a CLA for that person.

-- Terry Jan Reedy

More information about the Python-Dev mailing list