Relaxing the need for copyright assignments
Werner Koch
wk at gnupg.org
Thu Apr 12 11:49:04 CEST 2012
Hi!
Nowadays we have wealth of crypto libraries available. It is often
easier to contribute to them than to Libgcrypt. The copyright
assignments required for Libgcrypt turned out to be a major hassle and
thus I plan to relax the rules.
What do you think of this:
Libgcrypt is currently licensed under the LGPLv2+ with tools and
the manual being under the GPLv2+. We may eventually update to a
newer version of the license or a combination of them. It is thus
important, that all contributed code allows for an update of the
license; thus we can't accept any code under the LGPLv2(only).
We used to have a strict policy of requiring copyright assignments
to the FSF. To avoid this major organizational overhead and to
allow inclusion of code, not copyrighted by the FSF, this policy has
been relaxed. It is now also possible to contribute code by
asserting that the contribution is in accordance to the "Libgcrypt
Developer's Certificate of Origin" as found in the file "doc/DCO".
(Except for a slight wording change, this DCO is identical to the
one used by the Linux kernel.)
If your want to contribute code (or documentation) to Libgcrypt and
you didn't signed a copyright assignment with the FSF in the past,
you need to take these simple steps:
- Decide which mail address you want to use. Please have your real
name in the address and not a pseudonym. Anonymous contributions
can only be done if you find a proxy who certifies for you.
- If your employer or school might claim ownership of code written
by you; you need to talk to them to make sure that you have the
right to contribute under the DCO.
- Send a mail to the gcrypt-devel at gnupg.org mailing list from that
mail address. Include a copy of the DCO as found in the official
master branch. Insert your name and email address into the DCO in
the same way you want to use it later. For example:
Signed-off-by: Joe R. Hacker <joe at example.org>
If you really need it, you may perform simple transformations of
the mail address: Replacing "@" by " at ", "." by " dot ".
- That's it. From now on you only need to add a "Signed-off-by:"
line with your name and mail address to the commit message.
The DCO is
Libgcrypt Developer's Certificate of Origin. Version 1.0
=========================================================
By making a contribution to the Libgcrypt project, I certify that:
(a) The contribution was created in whole or in part by me and I
have the right to submit it under the free software license
indicated in the file; or
(b) The contribution is based upon previous work that, to the
best of my knowledge, is covered under an appropriate free
software license and I have the right under that license to
submit that work with modifications, whether created in whole
or in part by me, under the same free software license
(unless I am permitted to submit under a different license),
as indicated in the file; or
(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.
(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including
all personal information I submit with it, including my
sign-off) is maintained indefinitely and may be redistributed
consistent with this project or the free software license(s)
involved.
Signed-off-by: [Your name and mail address]
I pondered with the idea of requiring OpenPGP signed statements but
rejected it. They don't gain much unless we want to establish another
complicated procedure to check the trustworthiness of the key. Even if
we would do so, we will have no way to check the provenience of the
submitted code.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gcrypt-devel
mailing list