[cairo] Questions about Contributions / Licensing for Cairo

Carl Worth cworth at cworth.org
Fri Jul 24 13:34:29 PDT 2009 

On Thu, 2009-07-23 at 16:16 -0700, Bryant H Lee wrote:
> 1.  Is there a policy / procedure in place on how code is maintained?
>  Mainly need some assurances that code that we're using doesn't
> contain any contaminated code or code that wasn't originally written
> by the developer.

The standard policy is that anyone making a non-trivial contribution
must add a Copyright statement to the blurb at the top of the file
stating their personal/corporate copyright interest in the file as
appropriate.

All new files added must also have the standard license description that
all source files currently have.

> 2.  Is there some verification (i.e. code scans) done to ensure that
> there isn't any violation of your policies (assuming the answer to #1
> is yes). 

The cairo community itself doesn't have any resources to do anything
like automatic scans. What we do have is trusted maintainers that review
incoming patches according to the above policies before merging code
contributions.

Of course, maintainers can make mistakes, but we will certainly act as
quickly as we can to correct them if they are ever pointed out to us.

And finally, I have occasionally seen evidence that suggests that some
people may be running code scan tools over cairo's source code. The
evidence I have is that once or twice when new code has been committed
with a statement such as "code taken from project <foo>", I've received
personal emails inquiring whether the original code was licensed
appropriately for this use. (In every case, we were able to verify that
the license was appropriate---for example the code was written by the
same person working for the same corporation and contributed to both
project <foo> and cairo under their respective licenses. And we
responded by adding clarifying comments.)

Obviously, as a cairo community, such external code scans are happening
outside of our awareness and control, so we can't ensure they are
continuing to happen.

But who knows, Bryant, you might even ask around in your own
organization to see if code scans are being run over the cairo source
code already. Some of the emails I received did have addresses that bore
some resemblance to yours. :-)

I hope that helps,

-Carl

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.cairographics.org/archives/cairo/attachments/20090724/01e34bdd/attachment.pgp

More information about the cairo mailing list