My concern is the habit of some using lines of code as a measure of significance. One can make a "significant" commit of a few lines, and an insignificant commit of thousands of lines. It is better to assess the intellectual property content of the submission.
I did look through all contributions other than the top two contributors and found only two commits that I would consider "copyrightable" IP. All that said: I do not have any concern with the two contributors who made these two commits having not signed CLAs. I do not believe CLAs are required if: - the individuals submitting the PR are not committers on the project (committers must sign CLAs) - the individuals submitted a pull request to the project when it already had AL2.0 license - the submission was voluntary - they did not explicitly state their contribution was under any other license I posted a few links earlier. See http://mail-archives.apache.org/mod_mbox/www-legal-discuss/201606.mbox/%3ccanq7ko_z_cfflju_7hoonno4duo7bxufdzutk3yntsnxvu1...@mail.gmail.com%3E which references this blog post: https://apetro.ghost.io/apache-contributors-no-cla/ On 9/5/21, 7:19 PM, "Olivier Lamy" <ol...@apache.org> wrote: On Mon, 6 Sept 2021 at 12:13, Daniel Widdis <wid...@gmail.com> wrote: > Code size is not the only measure of significance. > > Without any specialty knowledge of the domain, I would consider this > security fix probably significant. > https://github.com/mvndaemon/mvnd/pull/391 fixing > https://github.com/mvndaemon/mvnd/issues/390 I don't understand your concern? every project can have security issues but if it's fixed what is the problem? At least the first release under ASF will contain the fix because it's already fixed. > > > However, the AL2.0 license states: > > Unless You explicitly state otherwise, any Contribution intentionally > submitted for inclusion in the Work by You to the Licensor shall be under > the terms and conditions of this License, without any additional terms or > conditions. > > Given the project was AL2.0 licensed at the time of the contribution, > submitting a PR to the repository should constitute a "Contribution > intentionally submitted for inclusion in the Work" and should require no > additional terms. > > Also see > https://issues.apache.org/jira/browse/LEGAL-156?focusedCommentId=13554864&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-13554864 > > Any contribution - in any form (patch to the mailing list, blog post, > JIRA attchment, git pull request, Bugzilla attachment, scrawled on the back > of a napkin) - may be included as long as two conditions are met: > > > > 1. As per section 5 of AL2 the person providing the patch does not > explicitly state that the patch provided is not licensed under ALv2 > > > > 2. The project's PMC is happy that the person providing the contribution > has the necessary rights to do so. > > > > On 9/5/21, 6:46 PM, "Olivier Lamy" <ol...@apache.org> wrote: > looking at this https://github.com/mvndaemon/mvnd/graphs/contributors > except the 2 main contributors we can't really qualify other > contributions > as really significant in terms of code size :) > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > > -- Olivier Lamy http://twitter.com/olamy | http://linkedin.com/in/olamy --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
