[CentOS-devel] CentOS CLA (Contributor License Agreement)

Mon Jun 29 17:09:12 UTC 2015
Karsten Wade <kwade at redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/29/2015 09:03 AM, Matthew Miller wrote:
> On Mon, Jun 29, 2015 at 10:53:31AM -0500, Jim Perrin wrote:
>>> I'm curious which areas you find too restrictive. The list of 
>>> acceptable open source / free software licenses? Or, you need
>>> to be able to accept unlicensed contributions? (Note that the
>>> list includes a number of very unrestrictive licenses,
>>> including CC0 and WTFPL (or NLPL if you prefer.)
>> A bit of both. We may need some unlicensed contributions so
>> something like "if you submit code you wrote without a license,
>> the default distro license of GPLv2 applies"  or something.
> 
> Right, that "something" is almost all of what the FPCA does —
> except MIT instead of GPL.
> 
> I am kind of getting the sense that people who are opposed to the
> FPCA haven't actually looked at it. :-/

There are two things here.

First, the flag being *_cla continues to create an impression that
there is a CLA in Fedora; note that in fact the Subject: of this
thread is really a misnomer. I think it makes for a prejudiced reading.

Second, the only problem I've ever had with the FPCA is that it is
written as a legal document, so causes people's eyes to glaze over.

I've got an alternative to consider, which is a bit easier to read and
accomplishes the same thing. I wrote it with Richard Fontana, who was
lead author and legal counsel on the FPCA.

http://www.theopensourceway.org/wiki/Contribution_policy

This policy is specifically written so that it can be reused -- it's
released under the CC BY SA.

To make the goal clear for all -- if you have contributors to a
project, it is a great boon to have a clear contribution policy.

These contributor agreements focus on what Richard terms "Inbound ==
Outbound" -- incoming contributions are licensed under the terms of
the overall project contributed to. If there is no associated license
or coverage, the agreement provides a default one for code and software.

It doesn't need to be a complicated policy (read the above, IMO it
accomplishes what the FPCA does in fewer words.)

This project is now handling contributors more than before (x5 or more
when you add the SIGs and other activity to the pre-existing Core, QA,
Infra, etc. groups.) It makes sense to have an agreement in place for
inbound contributions.

- - Karsten

>> The other bit that may come up is the need to distribute non-free
>> (but legal) code. For example a hardware vendor supplies a binary
>> blob for an aarch64 network card, or a SIG decides to include the
>> nvidia binary etc. So long as they can be legally distributed
>> without cost, it should be possible.
> 
> Under section 1 of the FPCA, as long as there is some
> authorization from the copyright holder, this would be okay. (Our
> list of approved open source / free software licenses is explicitly
> given as one form of authorization, but not necessarily the only
> one.)
> 
> 

- -- 
Karsten 'quaid' Wade        .^\          CentOS Doer of Stuff
http://TheOpenSourceWay.org    \  http://community.redhat.com
@quaid (identi.ca/twitter/IRC)  \v'             gpg: AD0E0C41
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlWRe7gACgkQ2ZIOBq0ODEHmTQCg3BOPS7LO8E4LgwAotzSFG+oi
73gAn16EYWkz199B63dvieE1/pSIOAD1
=jvdn
-----END PGP SIGNATURE-----