Mozilla is making more use of Github. One of the things legal-minded Mozillians care about when people are putting together Mozilla code is legal provenance – where it came from, and whether the people contributing it have sufficient rights to do so. Github is designed to allow code to be pulled in, mixed up and exchanged between many different people. Leaving aside for the moment how well provenance tracking works in the current system, let’s posit a few scenarios:
- A Mozilla member wants to prove, for CV purposes, that they wrote the original version of an interesting algorithm now used in Firefox
- A suggestion is made that some code we are shipping is part of a proprietary codebase, and the legal team want to investigate
- We are using some code under licence X, but the known upstream is (now, at least) licence Y, which is incompatible with our iicences, and the project contacts us and tells us to stop
How would you deal with these sorts of issues in a Github-based project? How do you track provenance?