-
Notifications
You must be signed in to change notification settings - Fork 240
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Guidance for license headers and NOTICE file on DataDog contributed code #305
Guidance for license headers and NOTICE file on DataDog contributed code #305
Comments
@trask this is a good question and I am not sufficiently well-versed to provide a confident answer... my overall "sense" (i.e., "don't hold me to this") is that it's possible to remove things like that |
[UPDATE] Ignore this comment, since it is based on incorrect understanding of current situation. Disclaimer: I am not a lawyer, the following is just my opinion:
My understanding is that all these requirement may be lifted if Datadog explicitly grants additional rights to do so, in effect making a contribution under non-Apache license, otherwise we have to follow Apache license requirements. |
My advice is to follow the Apache license rules as @tigrannajaryan described above. It's not only the legally required thing to do without any additional grants, but also gives Datadog credit for their donation. I.e. at the beginning all files should contain two copyright lines, OpenTelemetry, and the original Datadog copyright (because their copyright does not disappear). This is very common in OSS, e.g. you can easily find files in Linux code that have copyright lines by Apple, Microsoft, a IBM, one after another. NB: it's ok to add OTel copyright to all files at once because package names are changing. |
Thanks @yurishkuro! Does this mean that we should be adding other vendors' copyrights to these files as they make contributions also? |
Not necessarily. In CNCF projects, it is common to contributions under 'Copyright {year} The {Project} Authors'. OpenTelemetry makes this even more relevant because it has a CLA by which contributors assign the copyright to the project. But the same reasoning does not apply to code that is initially copied from another Apache-licensed project, as that happens without copyright assignment (and Datadog alone may not be in the position to provide such assignment unless every single contributor to their project was their employee). |
Thanks for the responses! I'm not totally clear on this yet. DataDog contributed this code to OpenTelemetry[1], as opposed to OpenTelemetry going out and copying it from them. I think it's great to cite them for their contribution, but in that case, I'm not following why we wouldn't cite other vendors for their contributions also. [1] "we are contributing our tracing libraries to the OpenTelemetry project" |
CC: @caniszczyk can you provide support on this question. |
@trask when code exists elsewhere with a copyright notice, you cannot copy that code without retaining the notice. This is different from contributing new code to a project under a CLA that assigns copyright. |
@yurishkuro, we didn't copy that code. DataDog contributed it (see link above). |
You mean a link to a blog post? That's not a legal document. |
You're right. I believe the blog post outlines the spirit of the contribution, but it is not a legal document. From a legal perspective (in order to follow through on the spirit of the contribution), we have had DataDog employees perform the initial code push to https://github.com/open-telemetry/opentelemetry-auto-instr-java and all subsequent merges, so that the contributions would fall under the DataDog-signed CLA. |
The reason I'm focused on the spirit of the contribution is because there are ways to dot the i's and cross the t's legally speaking to align with the spirit (such as what we've done in opentelemetry-auto-instr-java by having the contributions performed by DataDog representative under the DataDog CLA). It is my hope for OpenTelemetry to be a vendor-neutral space, and to me that means either all vendors are explicitly credited for their contributions, or no vendors are explicitly credited for their contributions. That said, I strongly believe in crediting all of the DataDog developers for their contributions, and to do that, we have maintained the entire repository history as opposed to just importing the latest code, so that their contributions to the project are not erased. |
@trask my two cents (and this is not a strongly-held opinion): Datadog's donation is different, in that they put the work in before OTel existed and are thus repurposing something that was previously developed outside of the OTel repos. Hence the justification for an "exception" re credits. I agree that subsequent commits (regardless of the contributor's affiliation) need no explicit vendor credits beyond the domain name of the committer email addresses. |
This would be disappointing, because we were under the impression that this was a vendor neutral space, and there were other very viable alternatives to DataDog's initial contribution, at least in the Java space. |
I may be missing something here – my understanding (please correct me if I'm wrong, I am not following this closely / in detail) is that the java auto-instr work was seeded with a large volume of DD code. That's the sole basis for my comment. I'm also curious if this is primarily a question of legal T's and C's, or if it's primarily a question of "credit" (very different things IMO). |
My feeling is that having "Copyright DataDog" in the license headers and in the NOTICE file, while at the same time not attributing other vendors in these same places, does not lead to this being a vendor-neutral space, and de-motivates other vendors in this competitive space from contributing. I think that maintaining the repository history (instead of truncating it and starting fresh) preserves and publicly credits DataDog's (and their developers') prior work. I know this was important to them when we started the project so that their contributions would not get erased (e.g. see https://github.com/open-telemetry/opentelemetry-auto-instr-java/graphs/contributors). |
So @trask, what exactly are you proposing, just so that we understand the alternative? |
I would propose that no vendors are cited in the license headers or NOTICE file, only "OpenTelemetry Authors". I would propose that DataDog's contributions be performed under their CLA, same as all other vendors' contributions. I think technically this is what we have done already in auto-instr-java by having someone from DataDog perform all contributions coming from their repository, including the initial import. |
I agree with the spirit of what @trask is saying. I am not certain about the legal aspect of it, but I think if DataDog submitted the source code under the CLA it likely means they contributed a full copy of their code to OpenTelemetry, who is now the licensor. From legal standpoint this is now a different Intellectual Property that has a different licensor, DataDog is no longer the licensor, they are merely an author. Anyone forking from OpenTelemetry will have to follow Apache license requirements, but not OpenTelemetry itself, because OpenTelemetry is the licensor. As a licensor obviously you do not add notices to your own code when you modify it. Things would different if OpenTelemetry forked DataDog's source code. In that case we would need to follow Apache license requirements and do the attributions, etc. This is not the case, we did not fork it. Again, IANAL, just my understanding of copyright and licenses. Perhaps we can have DataDog legal or CNCF legal shine some light? |
@tigrannajaryan that is very helpful (at least for me), thank you... What does that mean about the |
I think we (CNCF/OpenTelemetry) are free to put anything we want in LICENSE file as long as it does not contradict the CLA that are signed by contributors. Reading CNCF CLA I do not see anything that puts any obligations on us on how exactly we should sublicense the contributed code. Quote from CLA:
(substitute You=DataDog above) I think it is our choice to sublicense it as Apache license (and CLA says we are free to sublicense) and thus the LICENSE file in our repo is a copy of Apache license. (Do note that my first comment in this thread said something else because I originally misunderstood how exactly the DataDog's source code came to be OpenTelemetry source code). Again, I am not a lawyer and I am not qualified to give a legal advise. It would be great if we could get legal help from a lawyer. |
In a relevant thread, we are moving towards consolidating a single license file per project, and removing the individual license headers: For this particular project, the licenses in question come from donated code. The CNCF guidelines on copyright notices (https://github.com/cncf/foundation/blob/master/copyright-notices.md) has some relevant information. Note that "copyright notices are not mandatory in order for the contributor to retain ownership of their copyright." So it is okay to remove the notices without changing the underlying copyright. Also note that "You should not change or remove someone else's copyright notice unless they have expressly permitted you to do so. This includes third parties' notices in pre-existing code." This suggests that it would be best if @tylerbenson or someone else from Datadog removed the notices. Let's request guidance from @jeremy-lq before pulling the trigger on any of this. In general, I think it would be best if we cleaned up all of these headers now, and normalized how we handle licensing across the project (by moving to a single, root-level license for each repo). |
Hello. As the CNCF copyright guidelines indicate, the CNCF CLA does not contain a copyright assignment clause. That said, we at Datadog very much want this to be a collaborative community-driven project with engagement from all vendors and users alike. The suggestion by @bhs seems reasonable to us (and we're in no way opposed to adding additional copyright), but we're happy to discuss further. |
@jeremy-lq reading the entire thread above (esp the responses to my suggestion), a number of folks who are spending considerable effort contributing both net-new code as well as incorporating ideas from other prior art (e.g., Glowroot from @trask, though there are others) don't feel great about any one vendor getting "special treatment" from a Is Datadog comfortable removing that Of course attribution at the line level is not up for debate here, and Datadog is very well-represented on that front! PS: OSS licensing is very far from my lingua franca here... I would like to advance the topic here so am proposing a path forward... if anything I'm suggesting is nonsensical, please don't be shy letting me know. :) |
Thank you for the patience. We approve the project proceeding with the removal of the NOTICE file, and attributing the copyright to "OpenTelemetry Authors". open-telemetry/opentelemetry-java-instrumentation#281 |
I'm closing issue - will coordinate NOTICE file removal in appropriate repositories. |
Remove notice file - keep copyright in individual file headers See discussion here: open-telemetry/community#305
Remove notice file - keep copyright in individual file headers See discussion here: open-telemetry/community#305
Remove notice file - keep copyright in individual file headers See discussion here: open-telemetry/community#305
Based on [this](open-telemetry/community#305 (comment)) approval, changing attribution to the OpenTelemetry authors.
* Add an instrumentation for gin-gonic web framework * Add an example use of the gin-gonic instrumentation * Update attribution and remove NOTICE Based on [this](open-telemetry/community#305 (comment)) approval, changing attribution to the OpenTelemetry authors. * Update to v0.5.0 release Use new `kv` and `value` packages. Co-authored-by: Tyler Yahn <[email protected]>
Based on [this](open-telemetry/community#305 (comment)) comment, updating attribution to be to The OpenTelemetry Authors.
* Copy mongo driver * Add an updated copy of otel-go mock tracer * Integrate mock tracer * Update tests * Update copyright * Move to plugins dir * Move mongo plugin to go.mongodb.org dir * Upgrade to v0.5.0 * Run make Includes fixes needed to past testing. * Update attribution Based on [this](open-telemetry/community#305 (comment)) comment, updating attribution to be to The OpenTelemetry Authors. * package.go -> doc.go * Update package name * Update package docs * Suggested fix for docs * Apply feedback * Remove unneeded go.mod replaces * Update testing service name Co-authored-by: Krzesimir Nowak <[email protected]> Co-authored-by: Tyler Yahn <[email protected]> Co-authored-by: Tyler Yahn <[email protected]>
Hi all!
Based on #113, we are adding the standard license header to all files in https://github.com/open-telemetry/opentelemetry-auto-instr-java:
I realized though that I wasn't sure about the copyright line, and wanted to confirm that applying this copyright to code written at DataDog is covered under DataDog's contribution, or if we should be using something different?
Also, what should we do about the NOTICE file? E.g. is removing this file allowed under DataDog's contribution, or should we leave it as-is?
Thanks,
Trask
The text was updated successfully, but these errors were encountered: