How to manage copyright notices from contributors to a BSD licensed project

bsd licensecopyrightlegallicensingopen source

We have the following BSD license in the LICENSE file:

Copyright (c) 2006-2016 SymPy Development Team

All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:

  a. Redistributions of source code must retain the above copyright notice,
     this list of conditions and the following disclaimer.
  b. Redistributions in binary form must reproduce the above copyright
     notice, this list of conditions and the following disclaimer in the
     documentation and/or other materials provided with the distribution.
  c. Neither the name of SymPy nor the names of its contributors
     may be used to endorse or promote products derived from this software
     without specific prior written permission.


THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.

We manage the source repository by git (https://github.com/sympy/sympy), and thus each author owns the patches that he or she created. We then have an AUTHORS file where we list all the people who contributed patches (currently about ~450 or so). Typically authors fork the repository on github and add patches as git commits.

One author forked the repository, but added his name into the LICENSE file itself as a copyright notice as follows (I changed the name):

Copyright (c) 2006-2015 SymPy Development Team,
              2015-2016 John Doe

All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:

  a. Redistributions of source code must retain the above copyright notice,
     this list of conditions and the following disclaimer.
  b. Redistributions in binary form must reproduce the above copyright
     notice, this list of conditions and the following disclaimer in the
     documentation and/or other materials provided with the distribution.
  c. Neither the name of SymPy nor the names of its contributors
     may be used to endorse or promote products derived from this software
     without specific prior written permission.


THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.

The author developed a patch, that fixes a bug. The fix consists of touching just one file and removing 19 characters from one line, and adding 18 characters on another line in the same file. It also adds a 5 line test for this bug into a test file. That's it.

Under what conditions are we legally allowed to apply his patch (by cherry-picking his commits, e.g. preserving the date and author's name + email in the git meta data)?

a) Do we need to modify our LICENSE file to add his copyright notice?

b) Or are we still complying with the BSD license if we keep an up to date AUTHORS file and keep the git repository which specifically tracks which commits were contributed by which authors.

What I don't like about the option a) is that if all 450 or so contributors required this, then we would need to keep essentially the contents of the AUTHORS file in the LICENSE file, together with the Copyright word and the years. Git is much better at keeping the years (and even days and minutes) as well as which lines where modified by each author and how. Then we have a simple LICENSE file that doesn't change and we keep the list of authors in AUTHORS (and we have a script that keeps it synchronized with the list of authors from git).

Best Answer

You may incorporate any code that has a compatible license to it.

That said, unless the new code is specifically licensed under a compatible license if you are to pull the changes into your codebase, you are opening yourself up to the possibility of some difficulties.

In particular, unless the code specifically states that the new contributions are under a compatible license, the default "all rights reserved" license is applicable to it. Pulling the code would be a copyright infringement.

There is also the possibility that the new code is licensed under a license that is compatible with you (and you would need to maintain that license for the code), but incompatible with many of your users. For example, if you are using BSD 2 clause, and someone licenses the contributions of a fork under BSD 3 clause, you could probably pull that into your code without too much difficulty. However, as BSD 3 clause isn't compatible with the GPL, that would make your project GPL incompatible.

If you should decide change from BSD to GPL at a later time (for example), and the pull requests assign the necessary rights to change the license as part of the contributor license agreement, you pulling code from other projects that haven't agreed to the CLA could cause you some headaches.

Thats the general case...

For the specific case where the the license file changed... I don't know. From the simple reading of the license file:

Copyright (c) 2006-2015 SymPy Development Team,  
              2015-2016 John Doe

All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:


a. Redistributions of source code must retain the above copyright notice,
   this list of conditions and the following disclaimer.

That bit seems to indicate that if you want to pull those changes in, you will also need to change your license file.

Unfortunately, you don't have a well defined CLA at this time. Fortunately, at this time you only have 450 people to ask.

Related Topic