[cairo] Questions about Contributions / Licensing for Cairo
Bryant H Lee
bryantl at us.ibm.com
Fri Jul 24 13:42:33 PDT 2009
Thanks Carl for the response, appreciate it!
I will check around my org to see what scans have been done. =)
_______________________________________
Bryant Lee, PMP®, SCPM
IBM Certified Senior Project Manager
Information Archive Development Mgr / Proj Mgr
Email : bryantl at us.ibm.com
Phone: (408)927-2146 or tl: 457 - 2146
From:
Carl Worth <cworth at cworth.org>
To:
Bryant H Lee/San Jose/IBM at IBMUS
Cc:
cairo at cairographics.org
Date:
07/24/2009 01:34 PM
Subject:
Re: [cairo] Questions about Contributions / Licensing for Cairo
On Thu, 2009-07-23 at 16:16 -0700, Bryant H Lee wrote:
> 1. Is there a policy / procedure in place on how code is maintained?
> Mainly need some assurances that code that we're using doesn't
> contain any contaminated code or code that wasn't originally written
> by the developer.
The standard policy is that anyone making a non-trivial contribution
must add a Copyright statement to the blurb at the top of the file
stating their personal/corporate copyright interest in the file as
appropriate.
All new files added must also have the standard license description that
all source files currently have.
> 2. Is there some verification (i.e. code scans) done to ensure that
> there isn't any violation of your policies (assuming the answer to #1
> is yes).
The cairo community itself doesn't have any resources to do anything
like automatic scans. What we do have is trusted maintainers that review
incoming patches according to the above policies before merging code
contributions.
Of course, maintainers can make mistakes, but we will certainly act as
quickly as we can to correct them if they are ever pointed out to us.
And finally, I have occasionally seen evidence that suggests that some
people may be running code scan tools over cairo's source code. The
evidence I have is that once or twice when new code has been committed
with a statement such as "code taken from project <foo>", I've received
personal emails inquiring whether the original code was licensed
appropriately for this use. (In every case, we were able to verify that
the license was appropriate---for example the code was written by the
same person working for the same corporation and contributed to both
project <foo> and cairo under their respective licenses. And we
responded by adding clarifying comments.)
Obviously, as a cairo community, such external code scans are happening
outside of our awareness and control, so we can't ensure they are
continuing to happen.
But who knows, Bryant, you might even ask around in your own
organization to see if code scans are being run over the cairo source
code already. Some of the emails I received did have addresses that bore
some resemblance to yours. :-)
I hope that helps,
-Carl
[attachment "signature.asc" deleted by Bryant H Lee/San Jose/IBM]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.cairographics.org/archives/cairo/attachments/20090724/e9344c1b/attachment.htm
More information about the cairo
mailing list