On Fri, 2020-02-14 at 15:46 +0000, Dimitri John Ledkov wrote: > Can a Debian Package Maintainer require CLA for accepting packaging > changes and distro patches to be uploaded into Debian itself? > > (case in point, debian maintainer & upstream wear the same hat, and > maintain upstream code & packaging on github.com, under a company org > with a CLA bot, rejecting debian/* merge proposals until CLA is > signed) > > I didn't find things specifically about this in the policy and/or in > the dfsg-faq and the three classic tests (desert island / dissident / > tentacles of evil) do not fit the bill quite right. The DFSG is about what rights owners allow downstream recipients to do, and not about whether or how they accept contributions back. And generally maintainers can follow their own policies for accepting or rejecting patches. So I don't think there's anything explicit that rules this out. Since NMUs are allowed in some circumstances, there can be an implicit conflict with such a policy, though as Matthew Garrett pointed out there are different kinds of CLA. The Developer's Certificate of Origin can be asserted by someone other than the original author, and I would feel confident in representing to upstream that a change made by another DD through an NMU was intended to be released under the project's stated license. But if an upstream project requires a CLA to be executed by every original contributor, I don't think it is viable to keep the Debian packaging in the upstream project's repository. Ben. -- Ben Hutchings Any sufficiently advanced bug is indistinguishable from a feature.
Attachment:
signature.asc
Description: This is a digitally signed message part