Signed-off-by & the law

Signed-off-by & the law

[D. Ben Knoble]

Any contributors/users with an interest in law feel like taking a stab
at answering "Is Git's signed-off-by legally useful" ?
https://law.stackexchange.com/q/111158/26698

Having a solid reference answer is usually a good thing, if one exists.

-- 
D. Ben Knoble

Re: Signed-off-by & the law

[Collin Funk]

"D. Ben Knoble" <ben.knoble@gmail.com> writes:

> Any contributors/users with an interest in law feel like taking a stab
> at answering "Is Git's signed-off-by legally useful" ?
> https://law.stackexchange.com/q/111158/26698
>
> Having a solid reference answer is usually a good thing, if one exists.

Not sure if it has ever been a topic in court, but it would allow you to
argue that committers signed off to the DCO acknowledging that they have
the ability to contribute the work under an open source license [1]. In
other words, the they have confirmed the work is not owned by their
employers, as is often the case with Software Developers in the US [2].

What I worry about is whether people actually read it and fully consider
whether they own the copyright to their work. My assumption is that a
non-small percentage of people just add a "Signed-off-by" tag as a
prerequisite to getting their patch approved.

That is why I prefer copyright assignments. I have done many various GNU
projects that I commit to. I feel, at least in GNU's case, that they
force you to consider whether an employer may own your work [3]. If so,
the FSF will request your employer sign your copyright assignment.

Obviously, the assignment process is time consuming and a barrier to
entry for new contributors. For that reason some GNU projects, such as
glibc and binutils, allow you to send patches with "Signed-off-by" to
the DCO if you do not have a copyright assignment nowadays [4].

Obligitory statement that I am not a lawyer here.

Collin

[1] https://developercertificate.org/
[2] https://en.wikipedia.org/wiki/Work_for_hire#
[3] https://github.com/coreutils/gnulib/blob/master/doc/Copyright/request-assign.future
[4] https://sourceware.org/glibc/wiki/Contribution%20checklist#Developer_Certificate_of_Origin

Re: Signed-off-by & the law

[D. Ben Knoble]

On Thu, Oct 16, 2025 at 4:55 PM Collin Funk <collin.funk1@gmail.com> wrote:
>
> "D. Ben Knoble" <ben.knoble@gmail.com> writes:
>
> > Any contributors/users with an interest in law feel like taking a stab
> > at answering "Is Git's signed-off-by legally useful" ?
> > https://law.stackexchange.com/q/111158/26698
> >
> > Having a solid reference answer is usually a good thing, if one exists.
>
> Not sure if it has ever been a topic in court, but it would allow you to
> argue that committers signed off to the DCO acknowledging that they have
> the ability to contribute the work under an open source license [1]. In
> other words, the they have confirmed the work is not owned by their
> employers, as is often the case with Software Developers in the US [2].

As Junio points out, this is dependent on the project attaching a DCO
meaning to the sign-off.

> What I worry about is whether people actually read it and fully consider
> whether they own the copyright to their work. My assumption is that a
> non-small percentage of people just add a "Signed-off-by" tag as a
> prerequisite to getting their patch approved.

I think this concern showed up in the question, too.

>
> That is why I prefer copyright assignments. I have done many various GNU
> projects that I commit to. I feel, at least in GNU's case, that they
> force you to consider whether an employer may own your work [3]. If so,
> the FSF will request your employer sign your copyright assignment.
>
> Obviously, the assignment process is time consuming and a barrier to
> entry for new contributors. For that reason some GNU projects, such as
> glibc and binutils, allow you to send patches with "Signed-off-by" to
> the DCO if you do not have a copyright assignment nowadays [4].

Less germane to the original question: I'm less familiar with
copyright assignment, but it seems relatively heavyweight here. It
seems ironic to me that GNU would want me to give up my own rights
when contributing to their project ;)

> Obligitory statement that I am not a lawyer here.
>
> Collin
>
> [1] https://developercertificate.org/
> [2] https://en.wikipedia.org/wiki/Work_for_hire#
> [3] https://github.com/coreutils/gnulib/blob/master/doc/Copyright/request-assign.future
> [4] https://sourceware.org/glibc/wiki/Contribution%20checklist#Developer_Certificate_of_Origin

[kept for context]

-- 
D. Ben Knoble

Re: Signed-off-by & the law

[Collin Funk]

"D. Ben Knoble" <ben.knoble@gmail.com> writes:

> On Thu, Oct 16, 2025 at 4:55 PM Collin Funk <collin.funk1@gmail.com> wrote:
>>
>> "D. Ben Knoble" <ben.knoble@gmail.com> writes:
>>
>> > Any contributors/users with an interest in law feel like taking a stab
>> > at answering "Is Git's signed-off-by legally useful" ?
>> > https://law.stackexchange.com/q/111158/26698
>> >
>> > Having a solid reference answer is usually a good thing, if one exists.
>>
>> Not sure if it has ever been a topic in court, but it would allow you to
>> argue that committers signed off to the DCO acknowledging that they have
>> the ability to contribute the work under an open source license [1]. In
>> other words, the they have confirmed the work is not owned by their
>> employers, as is often the case with Software Developers in the US [2].
>
> As Junio points out, this is dependent on the project attaching a DCO
> meaning to the sign-off.

Yes, I should have mentioned that, thanks. The DCO meaning is what I see
99% of the time, so my writing assumed it.

>> That is why I prefer copyright assignments. I have done many various GNU
>> projects that I commit to. I feel, at least in GNU's case, that they
>> force you to consider whether an employer may own your work [3]. If so,
>> the FSF will request your employer sign your copyright assignment.
>>
>> Obviously, the assignment process is time consuming and a barrier to
>> entry for new contributors. For that reason some GNU projects, such as
>> glibc and binutils, allow you to send patches with "Signed-off-by" to
>> the DCO if you do not have a copyright assignment nowadays [4].
>
> Less germane to the original question: I'm less familiar with
> copyright assignment, but it seems relatively heavyweight here. It
> seems ironic to me that GNU would want me to give up my own rights
> when contributing to their project ;)

I think this section from an article written by the FSF addresses your
concern [1]:

    Some developers worry that assigning copyright will strip them of
    all their rights to the code they've created. To address this, the
    FSF includes a "license grantback" to the developer in the agreement
    contract. For the developer, a license grantback means they can
    continue to modify and share their code, and technically, they could
    even distribute their software under a different license. In other
    words, by assigning copyright to the FSF, the developer does not
    give up any of these sorts of rights.

All of my assignments have a grantback clause. So you could use
changes/improvements you make to a program elsewhere under a different
license.

Collin

[1] https://www.fsf.org/bulletin/2022/fall/copyright-assignment-with-the-fsf

Re: Signed-off-by & the law

[Theodore Ts'o]

On Thu, Oct 16, 2025 at 02:29:39PM -0700, Collin Funk wrote:
> I think this section from an article written by the FSF addresses your
> concern [1]:
> 
>     Some developers worry that assigning copyright will strip them of
>     all their rights to the code they've created. To address this, the
>     FSF includes a "license grantback" to the developer in the agreement
>     contract. For the developer, a license grantback means they can
>     continue to modify and share their code, and technically, they could
>     even distribute their software under a different license. In other
>     words, by assigning copyright to the FSF, the developer does not
>     give up any of these sorts of rights.

That's not the only concern.  The reason why I have chosen to never to
sign an FSF Copyright Assignment is the following:

  "I hereby indemnify and hold harmless the Foundation, its officers,
  employees, and agents against any and all claims, actions or damages
  (including attorney's reasonable fees)...."

If you ever see the word "indemnify" in a legal document that someone
asks you to sign, I strongly suggest that you first talk to a lawyer
to understand what this might mean.  Speaking for myself, if I were to
give the FSF my intellectual output, under NO circumstances would I be
willing to risk my assets, my house, etc. on an indemnification
guarantee.

In any case, as I mentioned in my comment to Ben's Law Stack Exchange
answer, before the DCO was drafted for the Linux Kernel's
SubmittingPatches process documentation, it was vetted by lawyers at
the Linux Foundation and various LF Member Companies.  Those lawyers
certainly viewed the DCO as being legally useful.

	  	     	    	  	  - Ted

P.S.  The FSF has gotten more flexible over time; when I first got
involved with FOSS, the FSF required copyright assignments, and so I
didn't contribute to FSF projects.  Perhaps because enough people,
including large companies, have said "no way, Jose", the FSF will now
accept copyright disclimers, or even unlimited perpetual copyright
licenses.  More recently, they've even said that limited number of
code contributions with a DCO might be acceptable[1].

[1] https://www.fsf.org/blogs/licensing/FSF-copyright-handling

Re: Signed-off-by & the law

[Junio C Hamano]

"D. Ben Knoble" <ben.knoble@gmail.com> writes:

> Any contributors/users with an interest in law feel like taking a stab
> at answering "Is Git's signed-off-by legally useful" ?
> https://law.stackexchange.com/q/111158/26698
>
> Having a solid reference answer is usually a good thing, if one exists.

The meaning of Sign-off is left to the project that adopts the
trailer as its own convention.  Our SubmittingPatches document
governs our project and nothing else, and defines how we use the
trailer (namely, you sign if you certify your patch is being
submitted under DCO).

So the confusion by original questioner is understandable.  You
would be confused if you only see a Sign-off without project
context and you are forced to answer what it means, because see
above.

Re: Signed-off-by & the law

[D. Ben Knoble]

On Thu, Oct 16, 2025 at 5:04 PM Junio C Hamano <gitster@pobox.com> wrote:
>
> "D. Ben Knoble" <ben.knoble@gmail.com> writes:
>
> > Any contributors/users with an interest in law feel like taking a stab
> > at answering "Is Git's signed-off-by legally useful" ?
> > https://law.stackexchange.com/q/111158/26698
> >
> > Having a solid reference answer is usually a good thing, if one exists.
>
> The meaning of Sign-off is left to the project that adopts the
> trailer as its own convention.  Our SubmittingPatches document
> governs our project and nothing else, and defines how we use the
> trailer (namely, you sign if you certify your patch is being
> submitted under DCO).
>
> So the confusion by original questioner is understandable.  You
> would be confused if you only see a Sign-off without project
> context and you are forced to answer what it means, because see
> above.

Thanks—I think I tried to convey this in a comment and did a poor job.
Let me cite this as part of an answer, perhaps.

-- 
D. Ben Knoble