← Back to team overview

openstack team mailing list archive

Re: Do we really need a CLA? [was Re: Using Gerrit to verify the CLA]


Hi Rick,

On Tue, 2012-01-03 at 09:02 -0600, Rick Clark wrote:
> Hey Mark,
> First of all, orthogonally, we are very lucky to not have Copyright
> Assignment crushing this project.  That is what the management at
> Rackspace wanted, only NASA's inability to sign such a document
> prevented it.

Copyright assignment would certainly be worse than an Apache-style CLA.

> IANAL, but I was told by lawyers when we were in the planning stages of
> starting Openstack, that while in the US submitting code under the
> Apache License 2.0 was enough to bind the submitter to it, that is not
> the case in all countries.  Some countries require explicit acceptance
> to be bound by it.

I've cc-ed Richard Fontana who I'm sure can comment on that.

> As far as changing anything about the way the CLA works, until we have a
> foundation, the discussion of which seems to have stalled, we, as a
> group, have no real authority to change anything.

Sure, I understand and eagerly await some progress/discussion on the
foundation. I was very disappointed at the level of engagement in the
important discussions started by ttx on the foundation@ list in October.

Even before the foundation is established, though, I'd hope that we as a
community could have sensible discussions about things like our CLA

> We have a bigger hole in the Corporate CLA, IMHO.  I have been told that
> since it is necessary for a corporate signer to explicitly name their
> individual contributers, and we have no way of updating the document,
> openstack is potentially left open to a lawsuit, if an employee
> unspecified in the CLA, contributes something they consider IP.  I
> seriously hate all this legal stuff.

I'll leave that one for Richard too :-)


> Cheers,
> Rick
> On 01/03/2012 06:22 AM, Mark McLoughlin wrote:
> > Hey,
> > 
> > I'm not sure whether this has been discussed recently, but do we really
> > need a CLA?
> > 
> > I had a long discussion with Richard Fontana about the Apache CLA in the
> > context of another project and I came away from that convinced that the
> > Apache CLA is fairly pointless.
> > 
> > Compare the CLA to the Apache License 2.0 - there's a couple of fairly
> > minor, arbitrary differences but, on the whole, they're the same. So,
> > the CLA is effectively just the contributor granting OpenStack LLC the
> > contribution under the Apache License 2.0.
> > 
> > There are other ways to go about this:
> > 
> >   - Put in place an assumption that anyone contributing to the project 
> >     (e.g. by pushing to gerrit) are contributing under the existing 
> >     license of the project.
> > 
> >   - Follow the kernel's approach of making Signed-off-by: in each mean
> >     that you are contributing (and have the right to contribute) the
> >     code under the existing license of the project (http://goo.gl/lRhmQ)
> > 
> >   - Have a contributor agreement which explicitly says "I am the 
> >     Copyright holder and submit my contributions under the Apache 
> >     License 2.0"
> > 
> > Each of these schemes are used elsewhere and have significant advantages
> > over the current CLA scheme - e.g. less bureaucracy, not as scarey to
> > new contributors, less chance of the CLA being confused with copyright
> > assignment, etc.
> > 
> > Cheers,
> > Mark.
> > 
> > 
> > _______________________________________________
> > Mailing list: https://launchpad.net/~openstack
> > Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> > Unsubscribe : https://launchpad.net/~openstack
> > More help   : https://help.launchpad.net/ListHelp

Follow ups