-
Notifications
You must be signed in to change notification settings - Fork 164
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Foundation-wide copyright guidance #414
Add Foundation-wide copyright guidance #414
Conversation
This commit adds Foundation-wide copyright guidance on how to add copyright notices to source code headers. This document is based on the guidance document from CNCF, available here: https://github.com/cncf/foundation/blob/master/copyright-notices.md To ensure clarity, do *NOT* modify an existing copyright line unless you put it there, or have explicit permission from the one who did. This guidance only applies to copyright notices which are *APPENDED* to the existing list of notices. In addition, the OpenJS Foundation Board of Directors recently approved standardized website footers for projects to use. These include the copyright notice, as well as trademark notices and links to Foundation-wide policies. One notice is for projects related to Node.js, and includes a line referencing the trademark license. The other is for projects which are unrelated to Node.js, and omits the line. If you have any questions, please reach out to [email protected] Signed-off-by: Brian Warner <[email protected]>
COPYRIGHT-NOTICES.md
Outdated
## Copyright Notices | ||
|
||
OpenJS Foundation does not require or recommend that every contributor include their | ||
copyright notice in contributed files. [See below for more details on why |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this seems to talk about "no notice" versus "a notice in every file", but doesn't seem to mention the far more reasonable option of "copyrights only go in the license file".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With more organizations doing automatic license scanning, an unmodified, standard license file tends to be the least error-prone. That said, projects can choose when and in which files to include these additional copyright notice lines, and this guidance applies whether they choose to put these additional lines in individual files, a single LICENSE file, or no files at all.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The copyright section detection generally is a bit fuzzier for this reason; but i'm mainly concerned about any advice that suggests that it's a good idea to put boilerplate metadata in every file - that's what version control is for :-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed, yes. It gets out of date easily and has no guarantee of correctness. That's one of the reasons this recommends against doing that. But if you feel you need to, it provides guidance on how to do it properly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggested a session on these IP-related issues at the collab summit next week here. Additional subtopics welcomed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unfortunately I can't make it to the collab summit, but will be around all day Wednesday to discuss. I'd be happy to take as much time is needed for this.
Please note though that I'm only the messenger and while I'm familiar with the docs and can ask questions of Foundation counsel, I don't approve changes. :-) Per the organizational bylaws, the IP policy is set by the board of directors, although I'm happy to help clarify where I can.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point, @brianwarner. See my comment about this here: #390 (comment). I feel like a joint session between the CPC and Board would be incredibly useful (if that's not already planned).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think one of the key things is capturing the feedback from the projects to help both legal and the board understand the concerns. I see that as an ongoing process we need to make sure happens. In this specific instance, while the documents may be new, they to a large extent are based on what was in place in the JS and Node.js foundations so not necessarily "new" in terms of content.
As new projects join (like AMP) we will likely have new/different concerns and we need to get the process in place capture those and figure out how those got into updates of the existing docs like the IP policy. @brianwarner I think you in addition to the CPC board reps (myself included) need to be part of the return feedback loop as opposed to just being "messengers".
Depending on the progress on capturing/documenting concerns/recommendations at the Collab summit next week we should define next steps.
In terms of documenting current guidance based on the approved Policy in the CPC repo, I'm wondering if that can be decoupled from desired updates? My perspective is that as long as the doc is accurate based on the current IP policy it's better to have it documented versus not.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@openjs-foundation/cpc any questions for @brianwarner on this? If not more approvals would help us get it landed. |
COPYRIGHT-NOTICES.md
Outdated
copyright notice in contributed files. [See below for more details on why | ||
not.](#why-not-list-every-copyright-holder) | ||
|
||
Instead, OpenJS Foundation recommends using a more general statement in a form similar to the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where should this copyright statement live? In COPYRIGHT.md
? README.md
? Another file?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm going to guess LICENSE
is appropriate, but we should be specific about it. @brianwarner?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To the extent that a project wishes to add a new copyright statement, it can go in any of the above, or none of the above. Given that adding a copyright line is optional I might suggest not getting too prescriptive about it, my concern being that people may wonder if they need to move lines around. That's a situation we want to avoid, as it is ripe for error.
That said, LICENSE would be a great option, as many license texts include a template copyright line and it's a logical place to look.
But again, just to be sure, I'd suggest we hold off on being too explicit here, as it could be interpreted counter to "it is optional, add it if you feel you need to, but be absolutely certain not to change anything that's already there."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
COPYRIGHT-NOTICES.md
Outdated
copyright holders. | ||
|
||
The copyrights are not _assigned_ to OpenJS Foundation. Instead, they are _licensed_ for | ||
distribution as part of the project. Whether a project uses the DCO or a CLA, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we explain these acronyms?
Whether a project uses a
<abbr title="Developer Certificate of Origin">[DCO][]</abbr>
or a
<abbr title="Contributor License Agreement">CLA</abbr>
[DCO]: https://developercertificate.org/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I mentioned this before, but this hasn't always been the case.
The JS Foundation had the original author of Mocha and AFAIK every contributor to reassign the copyright to the JS Foundation.
I'm going to assume that means we need to change the copyright notice (in LICENSE
file) from:
Copyright (c) 2011-2018 JS Foundation and contributors, https://js.foundation
to
Copyright (c) 2011-2020 OpenJS Foundation and contributors, https://openjsf.org
???
If this is the case, please add guidance for those projects that the Foundation does retain the copyright to.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @boneskull,
Yes, correct, my understanding is that the foundation's stance on copyright has gone through a number of iterations. The current one is more permissive than the prior two iterations, where now adoption of a CLA is optional, with the decision to be made by the project's maintainer(s).
Because the JS Foundation merged into the OpenJS Foundation, it is factually accurate to update "JS Foundation" to "OpenJS Foundation." This came up in another comment thread, and we can add this to the document when we revise it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we explain these acronyms?
Whether a project uses a <abbr title="Developer Certificate of Origin">[DCO][]</abbr> or a <abbr title="Contributor License Agreement">CLA</abbr> [DCO]: https://developercertificate.org/
I just pushed a patch which expands these acronyms and links to the upstream documents.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @boneskull,
Yes, correct, my understanding is that the foundation's stance on copyright has gone through a number of iterations. The current one is more permissive than the prior two iterations, where now adoption of a CLA is optional, with the decision to be made by the project's maintainer(s).
Because the JS Foundation merged into the OpenJS Foundation, it is factually accurate to update "JS Foundation" to "OpenJS Foundation." This came up in another comment thread, and we can add this to the document when we revise it.
I just pushed a patch which explicitly adds this into the guidance.
COPYRIGHT-NOTICES.md
Outdated
By using a common format, the project avoids having to deal with names of | ||
copyright holders, years or ranges of years, and variations on the (c) symbol. | ||
This aims to minimize the burden on developers and maintainers as well as | ||
redistributors of the code. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should projects encourage .git/hooks/pre-commit and/or use CI/CD checks to flag content that doesn't comply. Is this something that could be templatized?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
somebody could write a linter that checks for this stuff, but it seems like it should be updated so rarely that it's probably not worth the bother..
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would be inclined to agree with @boneskull here, changes to these lines should be a rarity.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are these required on all source files?
I agree that, once present, they're unlikely to change, but if they are per-file boilerplate, then a linter might be useful for new source files.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please let's not require the ancient and obsolete-in-the-wider-ecosystem practice of per-file boilerplate.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@molant I'm checking on this specific situation, and will get back to you when I get an answer. Thanks for raising it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@molant Ok, got an answer for you.
Because JS Foundation merged into the OpenJS Foundation, it would be factually correct to update this to OpenJS Foundation. However, since these notices are informational in nature and optional, it is up to the maintainer of the file whether to update this specific line.
In other words, it can't hurt to update it, but it is not required either.
Does this help?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@brianwarner @ljharb If the lawyercats agree that per-file (C) boilerplate is unnecessary and that having it on old files and not putting it on new doesn't put the new files in a different legal category than the old, that addresses my concerns.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mikesamuel Yep, that's correct.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this help?
Yes, thanks a lot!
COPYRIGHT-NOTICES.md
Outdated
copyright notice in contributed files. [See below for more details on why | ||
not.](#why-not-list-every-copyright-holder) | ||
|
||
Instead, OpenJS Foundation recommends using a more general statement in a form similar to the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm going to guess LICENSE
is appropriate, but we should be specific about it. @brianwarner?
COPYRIGHT-NOTICES.md
Outdated
By using a common format, the project avoids having to deal with names of | ||
copyright holders, years or ranges of years, and variations on the (c) symbol. | ||
This aims to minimize the burden on developers and maintainers as well as | ||
redistributors of the code. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
somebody could write a linter that checks for this stuff, but it seems like it should be updated so rarely that it's probably not worth the bother..
COPYRIGHT-NOTICES.md
Outdated
|
||
## Copyright notices for website footers | ||
|
||
Please use one of these standard footers, which have been approved by OpenJS |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we display these in our README.md
? Or web site? Or both?
Based on the discussion at the collaborator summit last week I think I was a bit confused. I thought this was directly importing the approved IP policy. As an interpretation of the policy to provide guidance we might have have more leeway to tailor. @tobie do you have suggested changes or is that you were suggesting we have a discussion of the overall approach. If so we could set something up early in January. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM as "guidance."
Which makes me wonder if COPYRIGHT-NOTICES
is a good name for this file. I'm not familiar with prior art in this area.
@mhdawson well, now that we've established that this is a guidance document that interprets the IP policy, I would suggest revisiting the document with the following goals in mind (all other things being equal):
|
On today's CPC call we agreed to have @brianwarner and myself get together offline to revisit the document and submit an updated version. |
COPYRIGHT-NOTICES.md
Outdated
Bylaws](https://bylaws.openjsf.org/) \| [Trademark | ||
Policy](https://trademark-policy.openjsf.org/) \| [Trademark | ||
List](https://trademark-list.openjsf.org/) \| [Cookie | ||
Policy](https://www.linuxfoundation.org/cookies/) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please reformat these as fenced code blocks (without backslash escapes); it's difficult to copy-paste it. If you try to copy the raw code, you get escapes, but if you try to copy the rendered text, you lose the links.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just pushed a patch which adds rendered HTML, markdown in code fences and without line breaks or escaped chars, and raw HTML.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please reformat footers into a fenced code block (```) so we can more easily copy/paste this into our sites.
Don't hard-wrap the code either; this breaks links
@brianwarner and I just chatted about this offline. We agreed that the document should be renamed "IP Policy Guidance" and would be the single entry point for anything related to copyright/patent issues for OpenJSF projects. We agreed that we could split up the document in two sections: 1. a super short TL;DRThe goal of that document would be to address the requirements of the vast majority of projects. It would basically contain those five points:
2. a section for those wanting do dig deeperThis would contain the already submitted text (which is essentially the standard Linux Foundation copyright guidance document), potentially reframed as more of an FAQ. Next steps:
|
I'm not sure how to best incorporate my suggested changes here so I currently added the proposed alternative text to a dedicated branch. There are attribution issues with my proposal in its current state (@brianwarner is the main author of the whole thing, I just pruned and remixed it a bit). This will be fixed when I add it to this PR, but since the changes are important, pushing those changes to this PR or adding them as a code suggestion didn't feel like the right way to proceed. Should I open a new PR with this rewrite proposal? Would appreciate your thoughts. |
The goal of this IP Policy guidance is to make it really simple for projects to comply with the Foundation's IP Policy. This document is non-exhaustive by design. It is meant to address the most common scenarios, not every corner-case. It is also opinionated: it favors community norms and best pratices in areas where the Foundation's IP Policy provides leeway to do so. This document is based on prior work from CNCF, available here: https://github.com/cncf/foundation/blob/master/copyright-notices.md, an earlier pull request by @brianwarner, available here: #414, and community input. Committer: Tobie Langel <[email protected]>
The goal of this IP Policy guidance is to make it really simple for projects to comply with the Foundation's IP Policy. This document is non-exhaustive by design. It is meant to address the most common scenarios, not every corner-case. It is also opinionated: it favors community norms and best practices in areas where the Foundation's IP Policy provides leeway to do so. This document is based on prior work from CNCF, available here: https://github.com/cncf/foundation/blob/master/copyright-notices.md, an earlier pull request by @brianwarner, available here: #414, and community input. Committer: Tobie Langel <[email protected]>
* Add IP Policy guidance The goal of this IP Policy guidance is to make it really simple for projects to comply with the Foundation's IP Policy. This document is non-exhaustive by design. It is meant to address the most common scenarios, not every corner-case. It is also opinionated: it favors community norms and best practices in areas where the Foundation's IP Policy provides leeway to do so. This document is based on prior work from CNCF, available here: https://github.com/cncf/foundation/blob/master/copyright-notices.md, an earlier pull request by @brianwarner, available here: #414, and community input. Committer: Tobie Langel <[email protected]> * Update DCO/CLA guidance Signed-off-by: Brian Warner <[email protected]> * Fix syntax error Signed-off-by: Brian Warner <[email protected]> * One more time, to satisfy the linter. Signed-off-by: Brian Warner <[email protected]> * Apply suggestions from code review Co-authored-by: Brian Warner <[email protected]> * Restructure DCO/CLA guidance. * Update IP_POLICY_GUIDANCE.md Co-authored-by: Sendil Kumar N <[email protected]> * Update IP_POLICY_GUIDANCE.md * Update IP_POLICY_GUIDANCE.md * Update IP_POLICY_GUIDANCE.md Co-authored-by: Brian Warner <[email protected]> * Update IP_POLICY_GUIDANCE.md * Update IP_POLICY_GUIDANCE.md * Update IP_POLICY_GUIDANCE.md * Update IP_POLICY_GUIDANCE.md Co-authored-by: Kris Borchers <[email protected]> * Update IP_POLICY_GUIDANCE.md Co-authored-by: Kris Borchers <[email protected]> * Update IP_POLICY_GUIDANCE.md Co-authored-by: Brian Warner <[email protected]> Co-authored-by: Sendil Kumar N <[email protected]> Co-authored-by: Kris Borchers <[email protected]>
With #618 now merged, should we close this? |
* Add IP Policy guidance The goal of this IP Policy guidance is to make it really simple for projects to comply with the Foundation's IP Policy. This document is non-exhaustive by design. It is meant to address the most common scenarios, not every corner-case. It is also opinionated: it favors community norms and best practices in areas where the Foundation's IP Policy provides leeway to do so. This document is based on prior work from CNCF, available here: https://github.com/cncf/foundation/blob/master/copyright-notices.md, an earlier pull request by @brianwarner, available here: #414, and community input. Committer: Tobie Langel <[email protected]> * Update DCO/CLA guidance Signed-off-by: Brian Warner <[email protected]> * Fix syntax error Signed-off-by: Brian Warner <[email protected]> * One more time, to satisfy the linter. Signed-off-by: Brian Warner <[email protected]> * Apply suggestions from code review Co-authored-by: Brian Warner <[email protected]> * Restructure DCO/CLA guidance. * Update IP_POLICY_GUIDANCE.md Co-authored-by: Sendil Kumar N <[email protected]> * Update IP_POLICY_GUIDANCE.md * Update IP_POLICY_GUIDANCE.md * Update IP_POLICY_GUIDANCE.md Co-authored-by: Brian Warner <[email protected]> * Update IP_POLICY_GUIDANCE.md * Update IP_POLICY_GUIDANCE.md * Update IP_POLICY_GUIDANCE.md * Update IP_POLICY_GUIDANCE.md Co-authored-by: Kris Borchers <[email protected]> * Update IP_POLICY_GUIDANCE.md Co-authored-by: Kris Borchers <[email protected]> * Update IP_POLICY_GUIDANCE.md Co-authored-by: Brian Warner <[email protected]> Co-authored-by: Sendil Kumar N <[email protected]> Co-authored-by: Kris Borchers <[email protected]>
* Add IP Policy guidance The goal of this IP Policy guidance is to make it really simple for projects to comply with the Foundation's IP Policy. This document is non-exhaustive by design. It is meant to address the most common scenarios, not every corner-case. It is also opinionated: it favors community norms and best practices in areas where the Foundation's IP Policy provides leeway to do so. This document is based on prior work from CNCF, available here: https://github.com/cncf/foundation/blob/master/copyright-notices.md, an earlier pull request by @brianwarner, available here: openjs-foundation/cross-project-council#414, and community input. Committer: Tobie Langel <[email protected]> * Update DCO/CLA guidance Signed-off-by: Brian Warner <[email protected]> * Fix syntax error Signed-off-by: Brian Warner <[email protected]> * One more time, to satisfy the linter. Signed-off-by: Brian Warner <[email protected]> * Apply suggestions from code review Co-authored-by: Brian Warner <[email protected]> * Restructure DCO/CLA guidance. * Update IP_POLICY_GUIDANCE.md Co-authored-by: Sendil Kumar N <[email protected]> * Update IP_POLICY_GUIDANCE.md * Update IP_POLICY_GUIDANCE.md * Update IP_POLICY_GUIDANCE.md Co-authored-by: Brian Warner <[email protected]> * Update IP_POLICY_GUIDANCE.md * Update IP_POLICY_GUIDANCE.md * Update IP_POLICY_GUIDANCE.md * Update IP_POLICY_GUIDANCE.md Co-authored-by: Kris Borchers <[email protected]> * Update IP_POLICY_GUIDANCE.md Co-authored-by: Kris Borchers <[email protected]> * Update IP_POLICY_GUIDANCE.md Co-authored-by: Brian Warner <[email protected]> Co-authored-by: Sendil Kumar N <[email protected]> Co-authored-by: Kris Borchers <[email protected]>
This PR adds Foundation-wide copyright guidance on how to add copyright
notices to source code headers. This document is based on the guidance document
from CNCF, available here:
https://github.com/cncf/foundation/blob/master/copyright-notices.md
To be absolutely clear, do NOT modify an existing copyright line unless you put it
there, or have explicit permission from the one who did. This guidance only
applies to copyright notices which are APPENDED to the existing list of
notices.
In addition, the OpenJS Foundation Board of Directors recently approved
standardized website footers for projects to use. These include the copyright
notice, as well as trademark notices and links to Foundation-wide policies. One
notice is for projects related to Node.js, and includes a line referencing the
trademark license. The other is for projects which are unrelated to Node.js,
and omits the line.
If you have any questions, please reach out to [email protected]
Signed-off-by: Brian Warner [email protected]