diff options
author | Neal H. Walfield <neal@pep.foundation> | 2024-01-12 17:39:14 +0100 |
---|---|---|
committer | Neal H. Walfield <neal@pep.foundation> | 2024-01-12 17:40:56 +0100 |
commit | 93cfc472e2e201a5731f33e725c88a11189e76f3 (patch) | |
tree | e6ea621aa113818972c66221ed5b61a4cc5a964c | |
parent | 28c1b024f4821887e572d6074a417d5ab2d807e3 (diff) |
Update contribution guidelines.
-rw-r--r-- | CONTRIBUTING.md | 93 |
1 files changed, 37 insertions, 56 deletions
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 17006e85..51e96e5f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,63 +1,44 @@ -Sequoia PGP is owned by the [p≡p foundation] and licensed under the -terms of the LGPLv2+. - - [p≡p foundation]: https://pep.foundation/ - -To finance its mission, privacy by default, the [p≡p foundation] -allows third parties to relicense its software. Consistent with the -rules of a foundation, the money collected by the foundation in this -manner is fully reinvested in the foundation's mission, which includes -further development of Sequoia PGP. - -To do this, the [p≡p foundation] needs permission from all -contributors to relicense their changes. In return, the -[p≡p foundation] guarantees that *all* releases of Sequoia PGP (and -any other software it owns) will also be released under a GNU-approved -license. That is, even if Foo Corp is granted a license to use -Sequoia PGP in a proprietary product, the exact code that Foo Corp -uses will also be licensed under a GNU-approved license. - -If you want to contribute to Sequoia PGP, and you agree to the above, -please clear sign the [p≡p foundation]'s CLA (in [doc/CLA.txt]), and -send it to [contribution@pep.foundation] and cc -[team@sequoia-pgp.org]. Please use the same certificate as you'll use -to sign your commits. This allows us to automatically link CLAs to -commits. - - [contribution@pep.foundation]: mailto:contribution@pep.foundation - [team@sequoia-pgp.org]: mailto:team@sequoia-pgp.org - [doc/CLA.txt]: https://gitlab.com/sequoia-pgp/sequoia/-/blob/main/doc/CLA.txt - -You can do this using `sq` as follows: - -```bash -$ sq sign --cleartext-signature doc/CLA.txt --signer-file contributor.pgp ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA512 - -p≡p Foundation – Contributor Copyright Assignment -... -``` +Sequoia PGP is licensed under the terms of the LGPLv2+. -Or using the -[chameleon](https://gitlab.com/sequoia-pgp/sequoia-chameleon-gnupg) as -follows: +Contributions are governed by the Developer Certificate of Origin, +which can be obtained from [https://developercertificate.org/]. A +copy is reproduced below, for your convenience. -``` -$ gpg-sq -u FINGERPRINT --clear-sign doc/CLA.txt ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA512 +# Developer Certificate of Origin -p≡p Foundation – Contributor Copyright Assignment -... -``` +```text +Developer Certificate of Origin +Version 1.1 + +Copyright (C) 2004, 2006 The Linux Foundation and its contributors. + +Everyone is permitted to copy and distribute verbatim copies of this +license document, but changing it is not allowed. -Or, just use `gpg`, if `gpg-sq` or an API-compatible tool is installed -as `gpg` on your system. -This is an electronic assignment; no paper work is required. +Developer's Certificate of Origin 1.1 -Please direct questions regarding the CLA to -[contribution@pep.foundation] and cc [team@sequoia-pgp.org]. +By making a contribution to this project, I certify that: -Thanks for considering contributing to Sequoia PGP! +(a) The contribution was created in whole or in part by me and I + have the right to submit it under the open source license + indicated in the file; or + +(b) The contribution is based upon previous work that, to the best + of my knowledge, is covered under an appropriate open source + license and I have the right under that license to submit that + work with modifications, whether created in whole or in part + by me, under the same open source license (unless I am + permitted to submit under a different license), as indicated + in the file; or + +(c) The contribution was provided directly to me by some other + person who certified (a), (b) or (c) and I have not modified + it. + +(d) I understand and agree that this project and the contribution + are public and that a record of the contribution (including all + personal information I submit with it, including my sign-off) is + maintained indefinitely and may be redistributed consistent with + this project or the open source license(s) involved. +``` |