[cairo] Questions about Contributions / Licensing for Cairo

Behdad Esfahbod behdad at behdad.org
Fri Jul 24 13:48:52 PDT 2009 

Hi Bryant,

I saw your request on other mailing lists for projects that I maintain also. 
I think in general, like Carl suggested, you'd have a better chance of getting 
a definite answer from within IBM.

Regards,
behdad

On 07/24/2009 04:42 PM, Bryant H Lee wrote:
>
> Thanks Carl for the response, appreciate it!
>
> I will check around my org to see what scans have been done. =)
>
> _______________________________________
>
> Bryant Lee, PMP®, SCPM
> IBM Certified Senior Project Manager
> Information Archive Development Mgr / Proj Mgr
> Email : bryantl at us.ibm.com
> Phone: (408)927-2146 or tl: 457 - 2146
>
>
> From: 	Carl Worth <cworth at cworth.org>
> To: 	Bryant H Lee/San Jose/IBM at IBMUS
> Cc: 	cairo at cairographics.org
> Date: 	07/24/2009 01:34 PM
> Subject: 	Re: [cairo] Questions about Contributions / Licensing for Cairo
>
>
> ------------------------------------------------------------------------
>
>
>
> On Thu, 2009-07-23 at 16:16 -0700, Bryant H Lee wrote:
>  > 1. Is there a policy / procedure in place on how code is maintained?
>  > Mainly need some assurances that code that we're using doesn't
>  > contain any contaminated code or code that wasn't originally written
>  > by the developer.
>
> The standard policy is that anyone making a non-trivial contribution
> must add a Copyright statement to the blurb at the top of the file
> stating their personal/corporate copyright interest in the file as
> appropriate.
>
> All new files added must also have the standard license description that
> all source files currently have.
>
>  > 2. Is there some verification (i.e. code scans) done to ensure that
>  > there isn't any violation of your policies (assuming the answer to #1
>  > is yes).
>
> The cairo community itself doesn't have any resources to do anything
> like automatic scans. What we do have is trusted maintainers that review
> incoming patches according to the above policies before merging code
> contributions.
>
> Of course, maintainers can make mistakes, but we will certainly act as
> quickly as we can to correct them if they are ever pointed out to us.
>
> And finally, I have occasionally seen evidence that suggests that some
> people may be running code scan tools over cairo's source code. The
> evidence I have is that once or twice when new code has been committed
> with a statement such as "code taken from project <foo>", I've received
> personal emails inquiring whether the original code was licensed
> appropriately for this use. (In every case, we were able to verify that
> the license was appropriate---for example the code was written by the
> same person working for the same corporation and contributed to both
> project <foo> and cairo under their respective licenses. And we
> responded by adding clarifying comments.)
>
> Obviously, as a cairo community, such external code scans are happening
> outside of our awareness and control, so we can't ensure they are
> continuing to happen.
>
> But who knows, Bryant, you might even ask around in your own
> organization to see if code scans are being run over the cairo source
> code already. Some of the emails I received did have addresses that bore
> some resemblance to yours. :-)
>
> I hope that helps,
>
> -Carl
>
> [attachment "signature.asc" deleted by Bryant H Lee/San Jose/IBM]
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> cairo mailing list
> cairo at cairographics.org
> http://lists.cairographics.org/mailman/listinfo/cairo

More information about the cairo mailing list