Hi John,
Thank you for your vote!
In executing and filing the SGA Couchbase asserts that it "owns or has
sufficient rights to contribute the software source code and other
related intellectual property". And I'm sure that Couchbase did not
execute the SGA without exercising due diligence before donating the
code.
Obviously, members of the PMC will look at the code before forming a
release and will also expect Couchbase to fulfill their obligations as
described in the SGA.
Regards,
Till
On 7 Sep 2021, at 17:42, John D. Ament wrote:
Hi Till
fwiw I think the donation is fine though the AsterixDB PMC will need
to do
some due diligence in verifying ownership of code before forming a
release.
This is likely what Justin is trying to refer to as well.
Some background on possible issues….
Before GitHub became the popular place to do this when a donation was
received a tar ball without any history was the preferred method to
receive
it. Since the donation was put on GitHub it leaves some ambiguity with
the
actual history of the code. The ASF headers already applied create
some
additional cautiousness here - no one can validate 100% that the code
being
donated can actually be claimed by couchbase. No way to see if some
code
was lifted via stack overflow or taken from a GPL library.
So here’s my +1 with the cautionary note about validating the
original
source of each line of code.
John
On Tue, Sep 7, 2021 at 19:01 Till Westmann <ti...@apache.org> wrote:
Hi Justin,
On 3 Sep 2021, at 0:46, Justin Mclean wrote:
Please help me understand why
- the software grant from Couchbase and
- the acceptance from the AsterixDB project
are not sufficient to approve this donation.
Because IMO the information provided doesn’t give sufficient
detail
to determine who has contributed to the codebase, the history of
contributions has been hidden, the IP ownership of files can't
really
be determined from what has been provided and previous questions by
the IPMC on this donation went unanswered.
On our "Contributor Agreements" page [1] we say:
"When an individual or corporation [in this case a corporation]
decides
to donate a body of existing software or documentation to one of the
Apache projects, they need to execute a formal Software Grant
Agreement
(SGA) with the ASF [which has been executed and recorded]. Typically,
they do this after negotiating approval with the ASF Incubator or one
of
the PMCs [in this case the AsterixDB PMC], since the ASF does not
accept
software unless there is a viable community available to support it
as
part of a collaborative project."
The code has been developed by developers working for Couchbase and
the
IP is owned by the corporation. Couchbase has executed the SGA and
has
specified which code is contributed to the ASF under the terms of the
SGA. As the AsterixDB PMC has voted to accept the donation it seems
that
all requirements to accept the donation are met.
Wasn't the SGA design for cases like this where a corporation (and
not
an individual) contributes code to an Apache project?
On your questions:
Q: Where was this code original developed and who worked on it? There
is
only a couple of commits in that repro, so it doesn’t seem to have
been developed there.
A: This code was originally developed by multiple developers working
for
Couchbase. The names of current and former developers at Couchbase
who
have worked on it (and who largely do not have an ICLA on file) seem
to
be immaterial for the IP question as an SGA is recorded.
Q: Why does the code have ASF headers on it before being donated?
Were
any 3rd party headers removed?
A: The repository with the Apache license headers was created with
the
purpose of being donated to the ASF. Couchbase's copyright notices
were
removed from the source files and corresponding NOTICE files were
added.
ASF headers were added to files that did not have license headers and
regular Apache License headers were replaced with the ASF headers.
Q: Have all contributors signed ICLAs and/or do we have a SGA from
CouchBase?
A: A SGA has been executed and recorded. Not all contributors have
signed an ICLA, but that also seems immaterial as the SGA is
available.
Regards,
Till
[1]
https://www.apache.org/licenses/contributor-agreements.html#grants
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org
