Should we recommend a Contributor License Agreement? #6
Comments
|
The Puppet CLA is the one to which I've most recently consented. I've also agreed to the OpenStack CLA. I find these to be annoying, and very off-putting to casual contributions. If I want to fix a small typo in a document, I need to jump through several more hoops than simply making a PR. Different projects also apply CLAs for different purposes. Puppet, as a for-profit corporate entity, and OpenStack as a foundation, have real legal concerns to protect. They also have lawyers to help them with evaluation and enforcement (or defense). I understand the motivations for having a CLA, and I don't necessarily object. But I also wonder if this is putting too much structure and process in place too soon. Do we have lawyers helping us with this? Do we know what we hope to protect, exactly? Do we understand the risks of using an existing CLA template?
This is a terrifying notion to me. Changing licenses should be hard. The license is an integral part of the project, and it ought not be changed easily. I know you're suggesting we change license capriciously or frequently but I still think changing licenses should be a big deal and require a non-trivial amount of work and effort to execute. |
|
Let me put a very real and concrete example of the kind of license change I’m concerned about. For a moment, let’s assume we license libraries under Apache2 and applications under GPL3. Some code is originally contributed to an application. Later, the team wants to refactor and extract that code into a library. We could not easily make that change without a CLA in place that gives the project the right to do so. Does that clarify why I’m asking about CLAs? |
|
Yes, that makes sense; but that's also pretty trivially avoided by using a single license for all code. A single license doens't obviate the value of a CLA overall: just for this one issue. |
|
Yes. You’re correct about that. A single license mitigates that, but in that case we should avoid the AGPL & GPL licenses. Licensing libraries under GPL is not a nice thing to do IMO. Considering there seems to be a growing consensus that the system should be libre, I think we need to consider this. |
I think we need to summarize the goals over-all and then work out which licenses will best fit. This feels a bit hand-wavy to me |
|
Sure. That was a bit hand wavy on my part. I apologize for that. The GPL isn’t appropriate for libraries due to its viral nature. Once you’ve brought a GPL library in as a dependency, you’re forced to license your application under the GPL as well. So, either you don’t use the GPL licensed library or you go through the headache of relicensing your code (hope you had a CLA!). That qualifies as “not nice” in my book. |
|
I concur regarding the GPL licenses. They are problematic for distribution. |
I personally believe it's in the best interest of the project if we use a CLA to protect the project and make any licensing changes in the future an easier thing to accomplish.
Should we be recommending the use of a CLA and, if so, are there existing CLAs we could evaluate for recommendation?
The text was updated successfully, but these errors were encountered: