We just made a small tweak to the Committer’s Agreement that everyone with privileges to check in directly to the Mozilla source code trees has to sign. The change is to the section titled “Committing Code Created by Others“, and it is:
You may check in Code to a Mozilla Foundation repository that was not written by You, provided that:
a) The checkin comment contains information (or references to information) sufficient to identify the author and the license of the Code,
including at minimum an email address; andand a link to a public source repository if one is available; and
b) You make all reasonable and appropriate efforts to ensure that such Code conforms to the terms of this agreement.
It isn’t necessary or a good use of time to get everyone to re-sign it :-), but please can existing committers be aware of the need to document license and source when checking in code from external sources. It’s important that we know where our code comes from, and who to contact if there’s a problem.
This really seems like it should be a new, separate clause (or sub-clause).
A reading of the text/changes makes it seem like each time I commit someone else’s patch, I now need to include the author’s name, an indication of license agreed to by the author of the patch, and possibly a link to the author’s source repository, whereas in the past I needed to include the author’s name and email address.
I don’t believe that’s the intent of this change, however; I believe the intent of the change is to make sure that “third-party code” (and boy was that page hard to find, even though I knew that it existed and it was on wikimo!) gets checked in with clear license and upstream source references.
Thus it seems that there should be a small distinction made between checking in code written by another contributor explicitly for a Mozilla project (the traditional “patch”) on the one hand and checking in third-party open-source code not written specifically by another contributor for a Mozilla project (“third-party code”) on the other hand.
Also, in Camino when we’ve checked in third-party code, we’ve traditionally landed an explanatory README file along with said code that provides the various details requested in the changes above (and usually more); will that still be sufficient, or do we really have to adjust checkin comments as well?
Last—but certainly not least—this change seems like something that should have been at least mentioned in .governance before making the change (as happened with the last major rewrite of the policy); that would have allowed people to catch this confusing language before it shipped! :-P
Smokey: Your points are good ones.
This was bug 578857. That bug is not open and, it turns out, cannot be open – I’ve filed bug 641470 about that.
I’ve emailed a copy of your comments to Luis Villa, who wrote the new language. I guess we didn’t post specifically about it in Governance, because we didn’t think it was a big deal. Could be we were wrong :-)
The phrase “a link to a public source repository” confused me until I realized it referred not to hg.mozilla.org but to another, upstream repository.