path: root/README
diff options
authorAndreas Schneider <asn@cryptomilk.org>2012-10-12 18:16:16 +0200
committerAndreas Schneider <asn@cryptomilk.org>2012-10-14 19:58:07 +0200
commitf86b2bf743e8d01884c36252812ade97d7a253c2 (patch)
treee6a96622913501c22bde6c89a06f0e06892bcb25 /README
parent13c26f0733ab624e25373e56e205775708a513b0 (diff)
doc: Update copyright policy.
Diffstat (limited to 'README')
1 files changed, 99 insertions, 14 deletions
diff --git a/README b/README
index a8caa11e..e3170ce3 100644
--- a/README
+++ b/README
@@ -62,17 +62,102 @@ ssh_options_set(session, SSH_OPTIONS_HOST, "localhost");
5* Copyright policy
-The developers of libssh have a policy of asking for contributions to be made
-under the personal copyright of the contributor, instead of a corporate
-There are some reasons for the establishment of this policy:
- * Individual copyrights make copyright registration in the US a simpler
- process.
- * If libssh is copyrighted by individuals rather than corporations,
- decisions regarding enforcement and protection of copyright will, more
- likely, be made in the interests of the project, and not in the interests
- of any corporation’s shareholders.
- * If we ever need to relicense a portion of the code contacting individuals
- for permission to do so is much easier than contacting a company.
+libssh is a project with distributed copyright ownership, which means we prefer
+the copyright on parts of libssh to be held by individuals rather than
+corporations if possible. There are historical legal reasons for this, but one
+of the best ways to explain it is that it’s much easier to work with
+individuals who have ownership than corporate legal departments if we ever need
+to make reasonable compromises with people using and working with libssh.
+We track the ownership of every part of libssh via git, our source code control
+system, so we know the provenance of every piece of code that is committed to
+So if possible, if you’re doing libssh changes on behalf of a company who
+normally owns all the work you do please get them to assign personal copyright
+ownership of your changes to you as an individual, that makes things very easy
+for us to work with and avoids bringing corporate legal departments into the
+If you can’t do this we can still accept patches from you owned by your
+employer under a standard employment contract with corporate copyright
+ownership. It just requires a simple set-up process first.
+We use a process very similar to the way things are done in the Linux Kernel
+community, so it should be very easy to get a sign off from your corporate
+legal department. The only changes we’ve made are to accommodate the license we
+use, which is LGPLv2 (or later) whereas the Linux kernel uses GPLv2.
+The process is called signing.
+How to sign your work
+Once you have permission to contribute to libssh from your employer, simply
+email a copy of the following text from your corporate email address to:
+libssh Developer's Certificate of Origin. Version 1.0
+By making a contribution to this project, I certify that:
+(a) The contribution was created in whole or in part by me and I
+ have the right to submit it under the appropriate
+ version of the GNU General Public License; or
+(b) The contribution is based upon previous work that, to the best of
+ my knowledge, is covered under an appropriate open source license
+ and I have the right under that license to submit that work with
+ modifications, whether created in whole or in part by me, under
+ the GNU General Public License, in the appropriate version; or
+(c) The contribution was provided directly to me by some other
+ person who certified (a) or (b) and I have not modified it.
+(d) I understand and agree that this project and the contribution are
+ public and that a record of the contribution (including all
+ metadata and personal information I submit with it, including my
+ sign-off) is maintained indefinitely and may be redistributed
+ consistent with the libssh Team's policies and the requirements of
+ the GNU GPL where they are relevant.
+(e) I am granting this work to this project under the terms of the
+ GNU Lesser General Public License as published by the
+ Free Software Foundation; either version 2.1 of
+ the License, or (at the option of the project) any later version.
+We will maintain a copy of that email as a record that you have the rights to
+contribute code to libssh under the required licenses whilst working for the
+company where the email came from.
+Then when sending in a patch via the normal mechanisms described above, add a
+line that states:
+ Signed-off-by: Random J Developer <random@developer.example.org>
+using your real name and the email address you sent the original email you used
+to send the libssh Developer’s Certificate of Origin to us (sorry, no
+pseudonyms or anonymous contributions.)
+That’s it! Such code can then quite happily contain changes that have copyright
+messages such as:
+ (c) Example Corporation.
+and can be merged into the libssh codebase in the same way as patches from any
+other individual. You don’t need to send in a copy of the libssh Developer’s
+Certificate of Origin for each patch, or inside each patch. Just the sign-off
+message is all that is required once we’ve received the initial email.
+Have fun and happy libssh hacking!
+The libssh Team