I faced the following situation recently as a maintainer of a popular open-source project, and I wondered what to do.
Situation
A first-time contributor submits a PR to Spectre.Console, a Microsoft .Net Foundation open-source project. Itโs a small, but important change to guard against a null input parameter on a public method.
The contribution bot asks for confirmation the code change is copyright-free, but the contributor doesnโt respond. The bot proceeded to remind the contributor several times, and I even attempted to make contact through other channels, but the contributor didnโt respond.
I wish to merge the contribution, I wish to behave in a legally compliant manner, and I wish to encourage other first-time contributors.
Question
What is the โproperโ open source etiquette regarding this PR?
- Leave it open, wait indefinitely
- Close it with a comment
- Close it with a comment, then submit my own PR with exactly the same code
- Merge it anyway
Answer
โ4. Merge it anywayโ is probably the right course of action, for the reasons that follow.
The repository is MIT-licensed, and clearly advertised as such, so itโs reasonable to expect all contributions are made under that license, even before the bot comes along. Additionally, the change is trivial and widely considered industry best practice, so itโs hard to see how anyone could enforce a copyright claim. Anyhow, code change could easily be reversed, and I find it hard to see how damages could be levied in this situation.
However, a more extensive contribution could prove to be problematic. So, Iโll consider an update to the PR template (and contributing guidelines) to explicitly state that all contributions are MIT-licensed and not to proceed otherwise.