openstack team mailing list archive
Mailing list archive
Do we really need a CLA? [was Re: Using Gerrit to verify the CLA]
I'm not sure whether this has been discussed recently, but do we really
need a CLA?
I had a long discussion with Richard Fontana about the Apache CLA in the
context of another project and I came away from that convinced that the
Apache CLA is fairly pointless.
Compare the CLA to the Apache License 2.0 - there's a couple of fairly
minor, arbitrary differences but, on the whole, they're the same. So,
the CLA is effectively just the contributor granting OpenStack LLC the
contribution under the Apache License 2.0.
There are other ways to go about this:
- Put in place an assumption that anyone contributing to the project
(e.g. by pushing to gerrit) are contributing under the existing
license of the project.
- Follow the kernel's approach of making Signed-off-by: in each mean
that you are contributing (and have the right to contribute) the
code under the existing license of the project (http://goo.gl/lRhmQ)
- Have a contributor agreement which explicitly says "I am the
Copyright holder and submit my contributions under the Apache
Each of these schemes are used elsewhere and have significant advantages
over the current CLA scheme - e.g. less bureaucracy, not as scarey to
new contributors, less chance of the CLA being confused with copyright