From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS22989 209.51.188.0/24 X-Spam-Status: No, score=-4.1 required=3.0 tests=AWL,BAYES_00, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id BF6EF1F5AE for ; Tue, 15 Jun 2021 16:32:40 +0000 (UTC) Received: from localhost ([::1]:45958 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ltBzT-0002ta-Hp for normalperson@yhbt.net; Tue, 15 Jun 2021 12:32:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:55178) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ltBzQ-0002tR-HU for bug-gnulib@gnu.org; Tue, 15 Jun 2021 12:32:36 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:34416) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ltBzQ-00015e-0r for bug-gnulib@gnu.org; Tue, 15 Jun 2021 12:32:36 -0400 Received: from pool-96-233-64-159.bstnma.fios.verizon.net ([96.233.64.159]:54008 helo=pdslaptop.home.arpa) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ltBzP-0005R5-TP for bug-gnulib@gnu.org; Tue, 15 Jun 2021 12:32:35 -0400 Message-ID: <5ac569a3c976caf3658e652fea843dc9dc69f76a.camel@gnu.org> Subject: Re: Seeking input from developers: glibc copyright assignment policy. From: Paul Smith To: Gnulib bugs Date: Tue, 15 Jun 2021 12:32:35 -0400 In-Reply-To: <20210615120307.uob7puryy2z3yqjp@redhat.com> References: <9b5fff12-c16f-799f-6178-000b2e667d24@cs.ucla.edu> <20210615120307.uob7puryy2z3yqjp@redhat.com> Organization: GNU's Not UNIX! Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.36.5-0ubuntu1 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-BeenThere: bug-gnulib@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Gnulib discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: psmith@gnu.org Errors-To: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org Sender: "bug-gnulib" On Tue, 2021-06-15 at 07:03 -0500, Eric Blake wrote: > I recall how long it took for me to get permission to sign assignment > papers from my previous employer, for work I was doing in my spare > time, and being able to use the DCO instead would have made my > efforts easier at that time. This is what concerns me (not necessarily in Eric's case per se but in general). I worry that people think that a DCO is a hassle-free replacement for an employer's copyright assignment. Maybe, in some jurisdictions, it even can be. But as far as I'm aware in the U.S. (and other countries) you can't just declare that your employer doesn't have any copyright to work you do, even on your own time. Most employment contracts make this clear and even when they don't spell it out I think there's a presumption that it is the case, certainly for salaried employees. So, I just worry people will simply sign the DCO and call it good when they don't actually have legal rights to do that. Sure, that may reduce liability for copyright infringement on the project: an employer would have to go after the individual instead, but that wouldn't prevent the project from having to remove the infringing code and all code that could be considered derivative from it, which could be an enormous hassle. Maybe I'm wrong about how the DCO works but it greatly concerns me that we would lose this safety net: rather than doing the work up-front directed by people who understand the law, we're distributing this work to random individuals and relying on each of them to fully understand the legal questions and get it right for their situation... and leave the project holding the bag if they don't. Have there been any opinions or whitepapers published by FOSS organizations regarding DCOs vs. assignments, discussing their benefits and risks?