<br><font size=2 face="sans-serif">Thanks Carl for the response, appreciate
it! </font>
<br><font size=2 face="sans-serif"> </font>
<br><font size=2 face="sans-serif">I will check around my org to see what
scans have been done. =)</font>
<br><font size=2 face="sans-serif"><br>
_______________________________________<br>
<br>
Bryant Lee, PMP®, SCPM<br>
IBM Certified Senior Project Manager<br>
Information Archive Development Mgr / Proj Mgr<br>
Email : bryantl@us.ibm.com<br>
Phone: (408)927-2146 or tl: 457 - 2146</font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td><font size=1 color=#5f5f5f face="sans-serif">From:</font>
<td><font size=1 face="sans-serif">Carl Worth <cworth@cworth.org></font>
<tr valign=top>
<td><font size=1 color=#5f5f5f face="sans-serif">To:</font>
<td><font size=1 face="sans-serif">Bryant H Lee/San Jose/IBM@IBMUS</font>
<tr>
<td valign=top><font size=1 color=#5f5f5f face="sans-serif">Cc:</font>
<td><font size=1 face="sans-serif">cairo@cairographics.org</font>
<tr valign=top>
<td><font size=1 color=#5f5f5f face="sans-serif">Date:</font>
<td><font size=1 face="sans-serif">07/24/2009 01:34 PM</font>
<tr valign=top>
<td><font size=1 color=#5f5f5f face="sans-serif">Subject:</font>
<td><font size=1 face="sans-serif">Re: [cairo] Questions about Contributions
/ Licensing for Cairo</font></table>
<br>
<hr noshade>
<br>
<br>
<br><tt><font size=2>On Thu, 2009-07-23 at 16:16 -0700, Bryant H Lee wrote:<br>
> 1. Is there a policy / procedure in place on how code is maintained?<br>
> Mainly need some assurances that code that we're using doesn't<br>
> contain any contaminated code or code that wasn't originally written<br>
> by the developer.<br>
<br>
The standard policy is that anyone making a non-trivial contribution<br>
must add a Copyright statement to the blurb at the top of the file<br>
stating their personal/corporate copyright interest in the file as<br>
appropriate.<br>
<br>
All new files added must also have the standard license description that<br>
all source files currently have.<br>
<br>
> 2. Is there some verification (i.e. code scans) done to ensure
that<br>
> there isn't any violation of your policies (assuming the answer to
#1<br>
> is yes). <br>
<br>
The cairo community itself doesn't have any resources to do anything<br>
like automatic scans. What we do have is trusted maintainers that review<br>
incoming patches according to the above policies before merging code<br>
contributions.<br>
<br>
Of course, maintainers can make mistakes, but we will certainly act as<br>
quickly as we can to correct them if they are ever pointed out to us.<br>
<br>
And finally, I have occasionally seen evidence that suggests that some<br>
people may be running code scan tools over cairo's source code. The<br>
evidence I have is that once or twice when new code has been committed<br>
with a statement such as "code taken from project <foo>",
I've received<br>
personal emails inquiring whether the original code was licensed<br>
appropriately for this use. (In every case, we were able to verify that<br>
the license was appropriate---for example the code was written by the<br>
same person working for the same corporation and contributed to both<br>
project <foo> and cairo under their respective licenses. And we<br>
responded by adding clarifying comments.)<br>
<br>
Obviously, as a cairo community, such external code scans are happening<br>
outside of our awareness and control, so we can't ensure they are<br>
continuing to happen.<br>
<br>
But who knows, Bryant, you might even ask around in your own<br>
organization to see if code scans are being run over the cairo source<br>
code already. Some of the emails I received did have addresses that bore<br>
some resemblance to yours. :-)<br>
<br>
I hope that helps,<br>
<br>
-Carl<br>
<br>
[attachment "signature.asc" deleted by Bryant H Lee/San Jose/IBM]
</font></tt>
<br>
<br>