Open Source at Bramble

We believe in Open Source

As a company, Bramble is dedicated to open source. Not only do we believe in it, but we use it, and we give back to it, chiefly through contributions to other open source projects.

The purpose of this page is to document how a Bramble employee can:

  • Create an open source project on behalf of Bramble
  • Contribute to a third-party open source project on behalf of Bramble
  • Use a third-party open source code in a Bramble’s project

Creating an open source project

See Creating a new project for the instructions.

Contributing to a third-party project on behalf of Bramble

Contributor License Agreements (CLAs)

If you’re contributing to an open source project on behalf of Bramble, you may be required to enter into a CLA. In accordance with our policies, Legal approval is required to you enter into a CLA on behalf of Bramble.

If you have the choice between a Corporate and Individual CLAs, opt for the Corporate CLA.

Follow these steps to obtain legal approval and enter into a CLA on behalf of Bramble:

  1. Check the Third-party CLA Tracker to verify whether there is already a CLA in place in respect of the project you want to contribute to.
  2. If there’s no CLA already in place listed in the Third-party CLA Tracker, open a new General Legal Issue in the Legal and Compliance Project.
  3. Apply the Licensing label to the issue.
  4. Include details of the project you are contributing to, and add the CLA for approval, either as an attachment or a hyperlink, to the issue.
  5. Legal will review the CLA, requesting additional information where necessary, and approve.
  6. If an email address and/or account is required to enter into the CLA, the cla_managers[at] brmbl.io email address should be used. Access to this Google Group can be requested and granted via the issue if required.
  7. Once Legal have confirmed approval of the CLA in the issue, you can proceed to enter into the CLA (using the cla_managers[at] brml.io email if one is required) and begin contributing to the project.

We are continuing to develop our policy and workflow around CLAs on behalf of Bramble contributors. See related issue here. For any questions in the meantime, please post to the #legal Slack channel.

Contributing to a project on GitLab

We prefer, but do not require you to use the account associated with your @brmbl.io email

  1. Fork the repository you want to contribute to into your account
  2. Follow the usual merge request flow

Contributing to a project on GitHub

If your GitHub account’s primary email is not your @brmbl.io email, you can add it as an additional address. No need to create a separate account.

  1. Fork the repository you want to contribute to into your account
  2. Follow the usual pull request flow

In the future me might have a single organization for forks. That will allow us to track various metrics about contributions made by Bramble employees.

Using open source libraries

Acceptable Licenses

Libraries with the following licenses are acceptable for use:

  • MIT License (the MIT Expat License specifically): The MIT License requires that the license itself is included with all copies of the source. It is a permissive (non-copyleft) license as defined by the Open Source Initiative.
  • Apache 2.0 License: A permissive license that also provides an express grant of patent rights from contributors to users.
  • Ruby 1.8 License: Dual-licensed under either itself or the GPLv2, defer to the Ruby License itself. Acceptable because of point 3b: “You may distribute the software in object code or binary form, provided that you do at least ONE of the following: b) accompany the distribution with the machine-readable source of the software.”
  • Ruby 1.9 License: Dual-licensed under either itself or the BSD 2-Clause License, defer to BSD 2-Clause.
  • BSD 2-Clause License: A permissive (non-copyleft) license as defined by the Open Source Initiative.
  • BSD 3-Clause License (also known as New BSD or Modified BSD): A permissive (non-copyleft) license as defined by the Open Source Initiative
  • ISC License (also known as the OpenBSD License): A permissive (non-copyleft) license as defined by the Open Source Initiative.
  • Creative Commons Zero (CC0): A public domain dedication, recommended as a way to disclaim copyright on your work to the maximum extent possible.
  • Unlicense: Another public domain dedication.
  • OWFa 1.0: An open-source license and patent grant designed for specifications.
  • JSON License: Equivalent to the MIT license plus the statement, “The Software shall be used for Good, not Evil.”

Potentially Acceptable Licenses

These licenses may or may not be acceptable based on the usage and integration. Review with the legal team to confirm.

  • Mozilla MPL v2 : This is a copyleft license. It is more permissive than GPL, however it imposes specific requirements on the treatment of the licensed code. Specifically, the MPL requires that where MPL-licensed code (and any modifications to such code) is combined with other code, the MPL-licensed code and modifications must be distributed in a separate directory from the other code and the MPL applied.

Unacceptable Licenses

Libraries with the following licenses require legal approval for use:

Requesting Approval for Licenses or any other Intellectual Property

Libraries that are not already approved and listed on the Acceptable Licenses list or that may be listed on the Unacceptable Licenses list may be submitted to the legal team for review and use on a case-by-case basis. Please contact Legal by following the instructions in the Legal Handbook to request review. Include the details of how the software will be used, whether or not it will be modified, and how it will be distributed (if at all). After a decision has been made, the original requestor is responsible for updating this document, if applicable. Not all approvals will be approved for universal use and may continue to remain on the Unacceptable License list.

All inquiries relating to patents should be directed to the Legal team.

Notes

Decisions regarding the GNU GPL licenses are based on information provided by The GNU Project, as well as the Open Source Initiative, which both state that linking GPL libraries makes the program itself GPL.

If a library uses a license which is not listed above, open an issue and ask. If a license is not included in the “acceptable” list, operate under the assumption that it is not acceptable.

Keep in mind that each license has its own restrictions (typically defined in their body text). Please make sure to comply with those restrictions at all times whenever an external library is used.

Dependencies which are only used in development or test environment are exempt from license requirements, as they’re not distributed for use in production.

NOTE: This document is not legal advice, nor is it comprehensive. It should not be taken as such.

Using forks in your code

Avoid using forked code and try to contribute your change upstream.

It’s typical for forks to fall far behind the upstream repository and such dependencies become a source of pain:

  • Rebasing the branch may become non-trivial and it’d become hard to bring such dependency up to date.
  • Some other library in your project might depend on the original version, creating a diamond dependency problem.

There may be good reasons to create a fork:

  • To fix a security issue that is not being fixed upstream fast enough if it’s affecting us or our customers
  • Any other reasons? Talk to your peers and use your best judgement.

If you decide to create a fork, make sure you open an issue that:

  • Describes the reason for the fork to exist
  • Links to the MR(s) where the fork was introduced as a dependency
  • Links to any relevant issues in the upstream project. If the issue was not reported already, make sure you report it in the project’s issue tracker. This is important because if the project’s maintainers don’t know about it they will not fix it
  • Links to any opened MRs/PRs to fix the issue upstream
  • Describes the remediation work needed to start using the upstream code again
  • If it’s not just changes in the forked code, but also some modifications in your code to use the fork, consider putting a TODO and a link to this issue next to that code in a comment

GPL Cooperation Commitment

Before filing or continuing to prosecute any legal proceeding or claim (other than a Defensive Action) arising from termination of a Covered License, Bramble commits to extend to the person or entity (“you”) accused of violating the Covered License the following provisions regarding cure and reinstatement, taken from GPL version 3. As used here, the term ‘this License’ refers to the specific Covered License being enforced.

However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation.

Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice.

Bramble intends this Commitment to be irrevocable, and binding and enforceable against Bramble and assignees of or successors to Bramble’s copyrights.

Bramble may modify this Commitment by publishing a new edition on this page or a successor location.

Definitions

‘Covered License’ means the GNU General Public License, version 2 (GPLv2), the GNU Lesser General Public License, version 2.1 (LGPLv2.1), or the GNU Library General Public License, version 2 (LGPLv2), all as published by the Free Software Foundation.

‘Defensive Action’ means a legal proceeding or claim that Bramble brings against you in response to a prior proceeding or claim initiated by you or your affiliate.

Bramble means Bramble Group Corp. and its affiliates and subsidiaries.