From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-f45.google.com (mail-wm0-f45.google.com [74.125.82.45]) by dpdk.org (Postfix) with ESMTP id E32BCBD5B for ; Wed, 26 Oct 2016 18:47:03 +0200 (CEST) Received: by mail-wm0-f45.google.com with SMTP id d128so94481919wmf.1 for ; Wed, 26 Oct 2016 09:47:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=z9ulnpXbaJHG45Zy8tvQ0CmcPtbzO0a9orEjq44sO98=; b=LXZS5us09nSGHZPM4WLyTZEtGS80vgCb5h7zxLyCtriIfozB4uaO6aVZI7gBstpX1L 8tbhFjptMvfQOCEuoJT0r5/i+zmGqnGxqEMrbVYKBb07GinT5qkWHb+tzH25s7G5dpMY YhgQ3ZzPStCQS+GG4zV8/WMgCs2COj69n+DdA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=z9ulnpXbaJHG45Zy8tvQ0CmcPtbzO0a9orEjq44sO98=; b=lJe5cMj5GhSNRWHvcTdXYVuzexpx03lm64Zq9Kayc2JUsRo7BchyKZhbd6NjfZefqX +HAz43S5JbFDeuig7q47zZJtyZjCLRRpOTXary+77JXQl+XtaLw6mjZK+wmH24LORIgz fejzp9i9Hyym17FB60AIguHVXwb28OhF03TLsanScaIgoN3B3mt/V3zja9neVmlhETr8 gCzQrhixK0A+0OtWx2K1yormJfjP2xKCN87NbB/Dj507hhNtn8l8eXDIDgs/CXnQZgqV 1a4MzsoJZRksaby5j+S8kMoVu/jBGpIYpFe1BQcpaeyhurWqjNSDP4TYA14eOfWGu8Ux 4uXg== X-Gm-Message-State: ABUngvffagtA2XBJWriB/vQi7MajKEhAm+6CdJMxLTbPJ1CnmieHKgGOuHM9lkX+2XFl224jiZfxw6+zoIsm7d8+ X-Received: by 10.28.14.65 with SMTP id 62mr9158232wmo.3.1477500423296; Wed, 26 Oct 2016 09:47:03 -0700 (PDT) MIME-Version: 1.0 Received: by 10.80.145.162 with HTTP; Wed, 26 Oct 2016 09:47:02 -0700 (PDT) In-Reply-To: <3EB4FA525960D640B5BDFFD6A3D8912647AA187F@IRSMSX108.ger.corp.intel.com> References: <3EB4FA525960D640B5BDFFD6A3D8912647AA187F@IRSMSX108.ger.corp.intel.com> From: Francois Ozog Date: Wed, 26 Oct 2016 18:47:02 +0200 Message-ID: To: "Dumitrescu, Cristian" Content-Type: multipart/alternative; boundary=001a114427e4e2efc5053fc75fda Cc: "moving@dpdk.org" Subject: Re: [dpdk-moving] [legal] X-BeenThere: moving@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK community structure changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Oct 2016 16:47:04 -0000 --001a114427e4e2efc5053fc75fda Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Cristian, I am not a lawyer and I am out of my league here. That said, we all know that NDA's cannot be executed by any employee of a company. So, the DPDK signoff is nice, but why implement a policy that is less binding for something that may be involving very high liability issues? DPDK says precisely "The purpose of the signoff is explained in the Developer=E2=80=99s Certificate of Origin section of the Linux kernel guide= lines.". The following note says the contributor has to "understand" DCO... So unless I have missed something, nothing says that a contributor SHALL COMPLY to anything. And even if you change the sentences to include the word comply: - their should be a DPDK DCO not a pointer to some external project - do you have properly recorded in your books a paer signed by an authorized representative of a company ? - the DCO itslef is somewhat loose: "The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license". It does not say it is: . free from patents . free to use in large scale production by an end customer (not a developper). Or more precisely, the developper (say the NEP) has the right to sell and the customer (the operator) has been transfered the right to use. Bottom line, it is desirable that companies properly engage their responsability for licence, patents and copyright aspects. The CLA should be signed by each contributor company at the moment of joining: the company liability is engaged, not just the employee when submitting patches. There is probably some additional statement to be done for already contributed code. FF On 26 October 2016 at 17:49, Dumitrescu, Cristian < cristian.dumitrescu@intel.com> wrote: > Hi Francois- Frederic, > > > > A few questions to clarify my confusion: > > > > =C2=B7 Is every DPDK contributor expected to sign one of these for= ms > before being allowed to contribute code? > > > > =C2=B7 Is every DPDK contributor expected to sign this form only o= nce > at the time of joining DPDK community or once for every patch its submits= ? > > > > =C2=B7 What is wrong with the current DPDK.org signoff process whi= ch is > the mechanism that certifies the origin of the code and the applicable > license? Maybe we just need to expand the description on dpdk.org/dev a > bit? > > > > Before sending a patch, be sure that there is no licensing issue. The > commit log must have a *Signed-off-by* line (*--signoff* option). It > certifies that you wrote it and/or have the right to send it. > For a longer explanation, see the *Developer's Certificate of Origin* in = Linux > guidelines . > > > > Regards, > > Cristian > > > > *From:* moving [mailto:moving-bounces@dpdk.org] *On Behalf Of *Francois > Ozog > *Sent:* Wednesday, October 26, 2016 4:03 PM > *To:* moving@dpdk.org > *Subject:* [dpdk-moving] [legal] > > > > As part of the legal work, here is the CLA that we use at Linaro and > passed lawyers from many networking organizations (Cisco, Ericsson, Nokia= , > Huawei, ZTE, Broadcom, TI, Cavium, NXP, ENEA, WindRiver, Monta Vista, ARM= ) > > > > https://drive.google.com/file/d/0B8xTReYFXqNtR0wwRUhqUEpwTUE/preview > > > > I think this can be a good base for DPDK. > > > > FF > > > > -- > > [image: Linaro] > > *Fran=C3=A7ois-Fr=C3=A9d=C3=A9ric Ozog* | *Director Linaro Networking Gro= up* > > T: +33.67221.6485 > francois.ozog@linaro.org | Skype: ffozog > > > > > --=20 [image: Linaro] Fran=C3=A7ois-Fr=C3=A9d=C3=A9ric Ozog | *Director Linaro Networking Group* T: +33.67221.6485 francois.ozog@linaro.org | Skype: ffozog --001a114427e4e2efc5053fc75fda Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi Cristian,

I am not a lawyer and I am= out of my league here. That said, we all know that NDA's cannot be exe= cuted by any employee of a company. So, the DPDK signoff is nice, but why i= mplement a policy that is less binding for something that may be involving = very high liability issues?=C2=A0


D= PDK says precisely "The purpose of the signoff is explained in the Dev= eloper=E2=80=99s Certificate of Origin section of the Linux kernel guidelin= es.". The following note says the contributor has to "understand&= quot; DCO...
So unless I have missed something, nothing says that= a contributor SHALL COMPLY to anything. And even if you change the sentenc= es to include the word comply:
- their should be a DPDK DCO not a= pointer to some external project
- do you have properly recorded= in your books a paer signed by an authorized representative of a company ?=
- the DCO itslef is somewhat loose: "The contribution is ba= sed upon previous work that, to the best of my knowledge, is covered under = an appropriate open source license". It does not say it is:
= =C2=A0 =C2=A0 =C2=A0. free from patents
=C2=A0 =C2=A0 =C2=A0. fre= e to use in large scale production by an end customer (not a developper). O= r more precisely, the developper (say the NEP) has the right to sell and th= e customer (the operator) has been transfered the right to use.
<= br>


Bottom line, it is desirable th= at companies properly engage their responsability for licence, patents and = copyright aspects.

The CLA should be sign= ed by each contributor company at the moment of joining: the company liabil= ity is engaged, not just the employee when submitting patches.
There is probably some additional statement to be done for alr= eady contributed code.

FF




On 26 October 2016 at 17:49, Dumitrescu, Cristian <cristian.dumitrescu@intel.com> wrote:

Hi Francois- Frederic,<= /span>

=C2=A0

A few questions to clarify my confusi= on:

=C2=A0

=C2=B7=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0 Is every DPDK contributor expect= ed to sign one of these forms before being allowed to contribute code?

=C2=A0

=C2=B7=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0 Is every DPDK contributor expect= ed to sign this form only once at the time of joining DPDK community or onc= e for every patch its submits?

=C2=A0

=C2=B7=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0 What is wrong with the current D= PDK.org signoff process which is the mechanism that certifies the origin of= the code and the applicable license? Maybe we just need to expand the description on dpdk.org/dev a bit?<= /u>

=C2=A0

Before sending a patch, be sure that there is no lic= ensing issue. The commit log must have a Signed-off-by line (--signoff option). It certifies that = you wrote it and/or have the right to send it.
For a longer explanation, see the Developer's Certificate of Origin= in Linux guidelines.

=C2=A0

Regards,

Cristian

=C2=A0

From: moving [mailto:moving-bounces@d= pdk.org] On Behalf Of Francois Ozog
Sent: Wednesday, October 26, 2016 4:03 PM
To: moving@dpdk= .org
Subject: [dpdk-moving] [legal]

=C2=A0

As part of the legal work, here is the CLA that we u= se at Linaro and passed lawyers from many networking organizations (Cisco, = Ericsson, Nokia, Huawei, ZTE, Broadcom, TI, Cavium, NXP, ENEA, WindRiver, M= onta Vista, ARM)

=C2=A0

=C2=A0

I think this can be a good base for DPDK.<= /u>

=C2=A0

FF

=C2=A0

--

3D"Linaro"

Fran=C3=A7ois-Fr=C3=A9d=C3=A9ric Ozog= =C2=A0|=C2=A0<= i>Director Linaro Networking Group

T:=C2=A0+33.67221.6485<= br> francois.ozog@linaro.org= =C2=A0|=C2=A0Skype:=C2=A0ffozog<= u>

=C2=A0

=C2=A0




--
3D"Linaro"<= td style=3D"font-family:Arial,Helvetica,'Sans Serif';white-space:no= wrap;font-size:9pt;padding-top:2px;color:rgb(87,87,87)" valign=3D"top">T:= =C2=A0+33.67221.6485
francois.ozog@linaro.org=C2=A0|=C2=A0Skype:=C2=A0ffozog
Fran=C3= =A7ois-Fr=C3=A9d=C3=A9ric Ozog=C2=A0|=C2=A0Director Linaro Networking Group

--001a114427e4e2efc5053fc75fda--