← Back to team overview

openstack team mailing list archive

Do we really need a CLA? [was Re: Using Gerrit to verify the CLA]



I'm not sure whether this has been discussed recently, but do we really
need a CLA?

I had a long discussion with Richard Fontana about the Apache CLA in the
context of another project and I came away from that convinced that the
Apache CLA is fairly pointless.

Compare the CLA to the Apache License 2.0 - there's a couple of fairly
minor, arbitrary differences but, on the whole, they're the same. So,
the CLA is effectively just the contributor granting OpenStack LLC the
contribution under the Apache License 2.0.

There are other ways to go about this:

  - Put in place an assumption that anyone contributing to the project 
    (e.g. by pushing to gerrit) are contributing under the existing 
    license of the project.

  - Follow the kernel's approach of making Signed-off-by: in each mean
    that you are contributing (and have the right to contribute) the
    code under the existing license of the project (http://goo.gl/lRhmQ)

  - Have a contributor agreement which explicitly says "I am the 
    Copyright holder and submit my contributions under the Apache 
    License 2.0"

Each of these schemes are used elsewhere and have significant advantages
over the current CLA scheme - e.g. less bureaucracy, not as scarey to
new contributors, less chance of the CLA being confused with copyright
assignment, etc.


Follow ups