#opnfv-meeting: Technical Community discussion

Meeting started by dneary at 13:03:35 UTC (full logs).

Meeting summary

    1. Bin Hu (bin_, 13:04:17)
    2. Dave Neary (dneary, 13:04:34)
    3. Ray Paik (rpaik, 13:04:48)
    4. chris price (ChrisPriceAB, 13:05:46)

  2. Introductions and overview (dneary, 13:06:24)
    1. Scott Nicholas notes that OPNFV IP Policy should be the guiding document for licensing questions (rpaik, 13:06:34)
    2. https://www.opnfv.org/about/bylaws-and-policies/ip-policy OPNFV IP Policy (rpaik, 13:06:58)
    3. Bryan Sullivan (bryan_att, 13:07:05)
    4. scott notes that OPNFV default license is Apache 2.0 although it is possible to request exceptions from the board. (ChrisPriceAB, 13:07:20)
    5. Scott Nicholas, senior director for programs, and Karen Coberhaver from the Linux Foundation's legal team, are on the call (dneary, 13:07:24)
    6. Scott notes that Fossology 3.0 is the tool used for license scanning (rpaik, 13:09:16)
    7. Scott Nicholas, senior director for programs, and Karen Copenhaver from the Linux Foundation's legal team, are on the call (dneary, 13:09:19)
    8. there are exception processes for non Apache 2 licenses (incl. Board exceptions) (dneary, 13:09:37)
    9. Some of the config files do not support comments (bryan_att, 13:10:26)
    10. "Aty directory level" means the root directory only (bryan_att, 13:11:15)
    11. best practice is to include license information in the file (not just at the directory level) (rpaik, 13:11:15)
    12. But please make that clear (bryan_att, 13:11:31)
    13. Scott indicated that this is not any legal advice. For any legal advice, please work with respective corporate counsel (bin_, 13:11:41)
    14. By our policy licenses are "required" rather than "encouraged" (bryan_att, 13:12:46)
    15. copyrightable material should include license info (rpaik, 13:13:04)
    16. Unless there is some technical reason that a license cannot be included in the file (bryan_att, 13:13:07)
    17. Manuel Rebellon (MR_Sandvine, 13:15:17)
    18. Uli Kleber (ulik, 13:17:48)
    19. The inclusion of third party-files (which needs to be defined) brings a risk factor that we need to manage; we should not modify those file licenses but we do need to ensure that the license is clear and compatible (within granted exceptions) to the OPNFV policy (bryan_att, 13:18:13)
    20. general guide is that more information is better than less (incl. license information) (rpaik, 13:18:33)
    21. the concept of "following the practice of upstream projects" is a slippery slope within OPNFV; even if the upstream community removes license/attribution (which violates OPNFV policy and the APL 2.0 license), that should not give OPNFV members a reason not to include the license in all contributions. (bryan_att, 13:22:10)
    22. APL: 2.0 says "You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; ..." (bryan_att, 13:24:13)
    23. rprakash (rprakash, 13:24:18)
    24. Since contributions to OPNFV require APL 2.0 license info, it would be inappropriate for an upstream community to remove that info; thus the practice of not putting license info into files because the upstream community may remove it, would violate OPNFV policy, (bryan_att, 13:25:53)
    25. 3-party code that is not intended to be part of some delivery in OPNFV or upstream, should be imported as needed and not live in the OPNFV repos; we need to discuss this at TSC and set a policy that there should be a high bar for that practice, to discourage it. (bryan_att, 13:30:49)
    26. it Also would increase the chance of "migration" of some parts of those 3rd-party utilities into the OPNFV code/folders; that's only human are would probably go unnoticed, thus a risk. (bryan_att, 13:32:00)
    27. what is SPDX? (bryan_att, 13:33:11)
    28. https://spdx.org/licenses/ SPDX site (rpaik, 13:33:47)
    29. SPDX is not required, but is a shorter & standardized format (rpaik, 13:35:01)
    30. That should be optional, I'm not sure that it would be used consistently (bryan_att, 13:35:15)
    31. The point about scanning make sense though - that's a very complex process and this could simplify. (bryan_att, 13:37:00)
    32. you can include both SPDX and conventional license indicators in the file (rpaik, 13:37:31)
    33. I just want to be sure that we have clear guidelines for what licenses should look like, attribution, etc. So far I still think we are doing this inconsistently. (bryan_att, 13:37:54)
    34. https://github.com/blsaws/charm-congress (bryan_att, 13:40:00)
    35. Scott notes the risk of external repo's that is not part of the formal open source project that have clear IP policies (rpaik, 13:40:42)
    36. That is a fork of the Canonical JuJu charm (created with APL 2.0 and attribution) that is used when Congress is installed in OPNFV. We can move that into the Copper repo but the build process will need to change to clone the Copper repo - not impossible but it does have an impact. (bryan_att, 13:42:44)
    37. Scott asks if there's a DCO when you go to external Github (rpaik, 13:45:05)
    38. Really for Copper, it's just a matter of prioritizing time and things we *must* do. (bryan_att, 13:45:43)
    39. ChrisPriceAB notes that some corporations prevent employees from contributing to personal Githubs (rpaik, 13:45:52)
    40. https://wiki.opnfv.org/display/apex/Apex (rprakash, 13:49:56)
    41. LF team can explore structural improvements to enable developers (rpaik, 13:57:59)
    42. dneary describes that a potential solution could be to mirror upstream and allow project branching according to the listed ietms under https://wiki.opnfv.org/display/DEV/Licensing+and+External+repo%27s+discussion#LicensingandExternalrepo%27sdiscussion-ProposalforOPNFVrepomirroringtoGitHub (ChrisPriceAB, 13:59:39)
    43. also need to consider technical impact (not just IP Policy) (rpaik, 14:02:27)
    44. Ray, Scott and Karen will discuss the next step, and come back with suggestions (bin_, 14:02:51)


Meeting ended at 14:03:50 UTC (full logs).

Action items

  1. (none)


People present (lines said)

  1. dneary (22)
  2. bryan_att (20)
  3. rpaik (19)
  4. collabot (8)
  5. ChrisPriceAB (4)
  6. bin_ (4)
  7. rprakash (2)
  8. morgan_orange (2)
  9. aricg (1)
  10. tallgren (1)
  11. MR_Sandvine (1)
  12. ulik (1)
  13. ljlamers (0)
  14. mtahhan_ (0)


Generated by MeetBot 0.1.4.