13:03:35 #startmeeting Technical Community discussion 13:03:35 Meeting started Thu Oct 13 13:03:35 2016 UTC. The chair is dneary. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:03:35 Useful Commands: #action #agreed #help #info #idea #link #topic. 13:03:35 The meeting name has been set to 'technical_community_discussion' 13:03:59 #chair ChrisPriceAB rpaik bryan_att 13:03:59 Current chairs: ChrisPriceAB bryan_att dneary rpaik 13:04:17 #info Bin Hu 13:04:25 #chair bin_ ljlamers mtahhan_ 13:04:25 Current chairs: ChrisPriceAB bin_ bryan_att dneary ljlamers mtahhan_ rpaik 13:04:34 #info Dave Neary 13:04:48 #info Ray Paik 13:05:46 #info chris price 13:06:06 * ChrisPriceAB wonders if that was a playback... 13:06:24 #topic Introductions and overview 13:06:34 #info Scott Nicholas notes that OPNFV IP Policy should be the guiding document for licensing questions 13:06:58 #link https://www.opnfv.org/about/bylaws-and-policies/ip-policy OPNFV IP Policy 13:07:05 #info Bryan Sullivan 13:07:20 #info scott notes that OPNFV default license is Apache 2.0 although it is possible to request exceptions from the board. 13:07:24 #info Scott Nicholas, senior director for programs, and Karen Coberhaver from the Linux Foundation's legal team, are on the call 13:07:53 rpaik, Did I get titles and surname spelling correct? 13:07:53 #info there are exception processes for non Apache 2 licenses (incl. Board exceptions) 13:08:10 #info Karen Copenhaver... 13:08:26 #undo 13:08:26 Removing item from minutes: 13:08:39 #undo 13:08:39 Removing item from minutes: 13:08:45 dneary it's Karen Copenhaver 13:09:16 #info Scott notes that Fossology 3.0 is the tool used for license scanning 13:09:19 #info Scott Nicholas, senior director for programs, and Karen Copenhaver from the Linux Foundation's legal team, are on the call 13:09:37 #info there are exception processes for non Apache 2 licenses (incl. Board exceptions) 13:10:14 rpaik, Not sure if I undid enough - there's probably a duplicate line there with just the typo correction 13:10:26 #info Some of the config files do not support comments 13:11:15 #info "Aty directory level" means the root directory only 13:11:15 #info best practice is to include license information in the file (not just at the directory level) 13:11:31 #info But please make that clear 13:11:41 #info Scott indicated that this is not any legal advice. For any legal advice, please work with respective corporate counsel 13:12:46 #info By our policy licenses are "required" rather than "encouraged" 13:12:47 bin_, While it is not legal advice, it is a statement of project IP policy 13:13:04 #info copyrightable material should include license info 13:13:07 #info Unless there is some technical reason that a license cannot be included in the file 13:15:09 for copyright, as far as I remember, OpenStack removed them and created an authors.txt file 13:15:17 #info Manuel Rebellon 13:17:48 not everywhere just find a copyright NASA and OpenStack but cannot find individual copyrights 13:17:48 #info Uli Kleber 13:18:13 #info The inclusion of third party-files (which needs to be defined) brings a risk factor that we need to manage; we should not modify those file licenses but we do need to ensure that the license is clear and compatible (within granted exceptions) to the OPNFV policy 13:18:33 #info general guide is that more information is better than less (incl. license information) 13:22:10 #info the concept of "following the practice of upstream projects" is a slippery slope within OPNFV; even if the upstream community removes license/attribution (which violates OPNFV policy and the APL 2.0 license), that should not give OPNFV members a reason not to include the license in all contributions. 13:23:33 I'm a bit lost 13:24:13 #info APL: 2.0 says "You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; ..." 13:24:14 If someone adds an OPNFV file to a project which is (say) MIT licensed, the new files must be Apache 2.0? 13:24:18 #info rprakash 13:25:53 #info Since contributions to OPNFV require APL 2.0 license info, it would be inappropriate for an upstream community to remove that info; thus the practice of not putting license info into files because the upstream community may remove it, would violate OPNFV policy, 13:30:49 #info 3-party code that is not intended to be part of some delivery in OPNFV or upstream, should be imported as needed and not live in the OPNFV repos; we need to discuss this at TSC and set a policy that there should be a high bar for that practice, to discourage it. 13:32:00 #info it Also would increase the chance of "migration" of some parts of those 3rd-party utilities into the OPNFV code/folders; that's only human are would probably go unnoticed, thus a risk. 13:32:52 rpaik, I would like to move to the "staging patches in clones of upstream projects" topic. 13:33:11 #info what is SPDX? 13:33:25 rpaik, It seemed to me that this was the principal question today, and we have only 20 minutes left to work through it 13:33:34 bryan_att, License metadata 13:33:47 bryan_att, Includes license versioning, variants, etc 13:33:47 #link https://spdx.org/licenses/ SPDX site 13:33:47 #info reference to this somewhere? 13:33:54 #unfo 13:34:02 rpaik pasted it in 13:34:06 #undo 13:34:06 Removing item from minutes: 13:35:01 #info SPDX is not required, but is a shorter & standardized format 13:35:15 #info That should be optional, I'm not sure that it would be used consistently 13:36:55 bryan_att, It's an LF initiative, and the LF is understandably encouraging its adoption in LF hosted projects 13:37:00 #info The point about scanning make sense though - that's a very complex process and this could simplify. 13:37:31 #info you can include both SPDX and conventional license indicators in the file 13:37:54 #info I just want to be sure that we have clear guidelines for what licenses should look like, attribution, etc. So far I still think we are doing this inconsistently. 13:40:00 #link https://github.com/blsaws/charm-congress 13:40:42 #info Scott notes the risk of external repo's that is not part of the formal open source project that have clear IP policies 13:42:08 For apex, for example: git clone http://github.com/trozet/tacker -b SFC_colorado openstack-tacker-2015.2 13:42:44 #info That is a fork of the Canonical JuJu charm (created with APL 2.0 and attribution) that is used when Congress is installed in OPNFV. We can move that into the Copper repo but the build process will need to change to clone the Copper repo - not impossible but it does have an impact. 13:42:45 Also, an external repo may not follow the release process. 13:45:05 #info Scott asks if there's a DCO when you go to external Github 13:45:43 #info Really for Copper, it's just a matter of prioritizing time and things we *must* do. 13:45:52 #info ChrisPriceAB notes that some corporations prevent employees from contributing to personal Githubs 13:49:56 #link https://wiki.opnfv.org/display/apex/Apex 13:57:59 #info LF team can explore structural improvements to enable developers 13:59:39 #info dneary describes that a potential solution could be to mirror upstream and allow project branching according to the listed ietms under https://wiki.opnfv.org/display/DEV/Licensing+and+External+repo%27s+discussion#LicensingandExternalrepo%27sdiscussion-ProposalforOPNFVrepomirroringtoGitHub 14:02:27 #info also need to consider technical impact (not just IP Policy) 14:02:51 #info Ray, Scott and Karen will discuss the next step, and come back with suggestions 14:03:50 #endmeeting