You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
"We clarified this in the "Intellectual Property" section of our terms a few months back.
As part of providing the Service, Dependabot generates software code contributions to the customer's repositories. For the avoidance of doubt, Dependabot grants to each customer a non-exclusive, worldwide right or license to perform, display, and use the contributions and any content contained in, accessed by or transmitted through Dependabot to customer's repositories."
However, this was for dependabot before it was acquired by Github, it seems. In August 2021 I asked about the same question in a private Github Ticket (reference #1291040 but the ticket is private and also it disappeared somehow..?). I was answered that GitHub grants a non-exclusive, worldwide right or license to perform, display, and use the contributions and any content contained in, accessed by or transmitted through Dependabot to customer’s repositories. They are also working on updating the terms to specifically include this.
I don't see this update in the Github Terms of Service today, more than 8 months later. Maybe I didn't find and it's there, I don't know. Dependabot has merged millions of PRs. What is the license of all these millions of contributions remains unclear (to me anyway).
Please either:
a. Point to the specific part of the Github Terms of Service where this issue is addressed.
b. Change the Github Terms of Service so that future (and past!) merged PRs are correctly licensed.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
In 2019 Dependabot @greysteil mentioned in dependabot/feedback#615 (archived for dependabot feedback repo) that:
"We clarified this in the "Intellectual Property" section of our terms a few months back.
However, this was for dependabot before it was acquired by Github, it seems. In August 2021 I asked about the same question in a private Github Ticket (reference #1291040 but the ticket is private and also it disappeared somehow..?). I was answered that
GitHub grants a non-exclusive, worldwide right or license to perform, display, and use the contributions and any content contained in, accessed by or transmitted through Dependabot to customer’s repositories. They are also working on updating the terms to specifically include this.
I don't see this update in the Github Terms of Service today, more than 8 months later. Maybe I didn't find and it's there, I don't know. Dependabot has merged millions of PRs. What is the license of all these millions of contributions remains unclear (to me anyway).
Please either:
a. Point to the specific part of the Github Terms of Service where this issue is addressed.
b. Change the Github Terms of Service so that future (and past!) merged PRs are correctly licensed.
Beta Was this translation helpful? Give feedback.
All reactions