I think the point was made, but worth emphasising from a different direction.
Different organisations have different goals when it comes to releasing code as Open Source.
Setting aside universities for the moment, companies (and especially startups) have (hopefully) a strategy which takes their product to commercialism and profitability.
Some projects go OSS purely for the marketing, attracting talent, unpaid labour and so on. But ultimately that means a pivot, and a CLA gives them more pivoting choices. They might cut out some contributers, but at the same time they serve the long game.
If you are wanting to contribute to a project, you, in turn, need to be clear what your goals are, and make sure they are aligned with the -long term- goals of the project owner.
I don't think you can set aside universities when you talk about open source - they were the original drivers in this field, and continue to be heavily involved. The biggest difference is probably that most of the software written at a university is done by faculty and grad students and isn't work for hire, so for someone like me there's no reason to ever ask my employer to execute a CLA.
But the same problems arise in most other organizations - it's hard enough to get a legal department to sign essential things needed to keep a business running, never mind signing some random CLA for a project they haven't heard of.
Finally, your view seems oriented to pseudo-open source projects where someone slapped an open source license on code written at a single company and wants to keep control of that code within the company, rather than open projects spanning multiple organizations, run by the developers and architects of the code.
Why? Getting someone so sign off on a CLA is a huge burden. There are loads of companies that have huge software development teams but the company is NOT an IT company. Legal isn't setup to figure out a CLA.
At least that's in my experience. It's significantly easier to not contribute back than spend ages trying to involve legal. Sort of like a barrier to entry, though maybe called a barrier to contribute.
Yeah, I would argue the projects requiring a CLA are exactly as you described - companies that want to keep specific future options on the table.
OSS covers a wide spectrum of projects, from the Linux Kernel at the one end, to Frank's recent half-assed attempt at a CSS editor. Clearly no statement is going to cover everything.
The set of projects that require a CLA, and the set of pseudo OSS projects has a high degree of overlap.
I've been turned off many times from contributing because projects had incomplete or inscrutable CLAs. Of course, the person in charge of asking for a CLA signature is usually not very knowledgeable about their own CLA, being a programmer and not a lawyer.
For example, I have been asked to sign CLAs that granted rights to "recipients" or "organizations" that they hadn't named, having simply adopted a template CLA without filling it in. Some placed specific requirements on me, like "notifying the Project Manager", without information on how to do that or who they were. cla-assistant.io even has the unbelievable default of stating that it's a "CLA for multiple repositories or organizations" without naming them. How can you agree to a contract without knowing where it applies?
In my experience it is rarely possible to legally contribute to a project that uses a CLA. You can ignore the legal issue with the assumption that none of it will come up anyway, but that's a weird way to approach contracts.
I factor CLAs into my determination of how difficult a project upstream is going to be to work with (incl. whether to remain downstream as a user, too—if I even am at that point) and/or how irrational its maintainers are. It doesn't inspire confidence, for example, when a project doesn't practice good hygiene with respect to keeping a tightly focused bugtracker (usually on the basis that it's too bureaucratic and they're lazy) but then turn around and ask you jump through a thousand unnecessary hoops that includes a CLA signoff just to fix a broken link in the README or code comments. And I have even less interest tacitly endorsing projects by people who get abusive or are obnoxiously stubborn about not being able to admit when they're wrong or reveal that they don't even understand their own CLA[1].
As soon as I see a CLA I'm turned off even using a piece of FOSS software.
I get it's usually just the lawyers protecting the company just in case a contributor tries something dodgy in the future. Out of principle however, I resent the broad assignment of copyright and granting them the right to relicense.
Of course I expect most of these projects would never exercise that right, but the mere fact that they _could_ take my Free work and make it non-Free is very disturbing.
So I'm simply not going to use it. I'm not going to get invested, then find a problem that I could theoretically submit a patch for. Rather than think of all the users who would benefit from my change, I'll just see it as free work for a megacorp.
I have a CAA on my GPL project so that I have the right to start releasing it as MIT, that is, more Free. Also so I can dual-license it to a corporation and make a modicum of money from the software that is 98% my work. I absolutely never intend to make future versions non-free (and I don't even have the right to make already released versions non-free). Do you find this disturbing?
> I have a CAA on my GPL project so that I have the right to start releasing it as MIT, that is, more Free.
That really depends on the CAA. It might allow way more. The text might be (legally) not applicable or have flaws, etc.
> Do you find this disturbing?
It is a barrier to contribute. I would not even bother trying to contribute.
Your statements here are already a bit conflicting to me. You partly might want to monetize the software. You partly might want to release it as MIT. I don't see how you'd still have a means to monetize if you'd release it as MIT. Feels like you want to keep all options open.
That all said, hey, you developed it, so cool if you'd listen to people with different opinions but I'd likely not need your software anyway I guess. Further, loads of non-CAA pure GPL software never receive any contributions. It takes quite a bit of effort to be noticed and get contributions.
FYI: If I reread above parts might come across as harsh but none is meant that way.
Most CLAs are a bot on the MR where you click sign, type your name, and it's done. If you don't really care about your code ownership then it's barely a speed bump compared to the rest of getting a PR merged.
Yeah, I've put 7 years and thousands of hours into it. I do want to keep my options open!
> loads of non-CAA pure GPL software never receive any contributions.
Yup, for several years before I had a CAA I received almost no contributions, except from people I had a direct personal relationship with. The CAA hasn't deterred people, in fact if you look at the timeline, I've gotten more contributors since I've put the CAA into place. (I'm sure it's not cause and effect, but still.)
> It is a barrier to contribute. I would not even bother trying to contribute.
I used to think that I would want any and all contributions to my project. But I've learned over time that, except for trivial changes, a PR from a new contributor is more effort than it's worth, by itself. I mean I can write code, and I do--lots of it. The real value in contributing is everything else: documentation, bugfixing, sincere attention on the problem. So I realized that I'm looking for repeat contributors, the ones who are going to invest in the project, and become active community members, maybe even maintainers. And the low-effort drive-by contributors who would be deterred by e.g. a CAA were never the contributors that were going to move the needle anyway.
In fact, and please correct me if I'm wrong, based on your general tone above, I'm guessing that you've never been an active contributor to any open source project, CLA/CAA or not. In which case, I consider the CAA to have been effective: you can feel self-righteous and I avoid the hassle.
I respect your intentions, and if the CLA is truly restricted to relicensing as MIT or dual-licensing, I'd be more willing to use it.
I would hightlight that the dual licensing in particula introduces the issue of sharing any profits with other maintainers, if there are several. Personally if I'm submitting minor patches I would not bring this up, but it deter people from wanting to be more actively involved.
Depends on the size and scope of your project, I guess.
You'll probably never do things the people who contributed won't agree with. But someday you'll pass away, and the people who end up with your estate might not care about the intricacies of software and sell it off for cheap to somebody who'd rather do anything to get a return in investment.
Even if the CLA somehow said you could only relicense to MIT, they could simply do that without releasing anything, and immediately take it and use it in proprietary things :)
You seem to have a single line at the bottom of your CONTRIBUTING.md stating that contributors assign copyright to you. I doubt that this is worth anything legally. You have probably received and merged many contributions whose author didn't have the right to assign it to you, and having put no effort in checking that, you would probably be the one found in the wrong.
Also take a look at GitHub's ToS, which explicitly states that "inbound=outbound" is the default. I don't think you can expect people to hunt down your little notice when there is a site-wide default. https://docs.github.com/en/site-policy/github-terms/github-t...
Just like cookie banners, CLAs are one of those idiot lawyer things where some jackass at a big corp invented the idea to justify their paycheck, and now everyone cargo cults it because they think they need it. 99% of projects do not need a CLA and 99% of websites do not need a cookie banner.
I think I would actually flip that for CLAs -- 99% of projects do need a CLA it's just annoying because assignment isn't the assumed default when contributing to other projects. The number of projects where there is more than one owner (be that a person, foundation, or llc) is insignificant. Almost all outside contributions are from people who have no expectations at all over their code and are just scratching their own itch. Plus unless you're a huge project the legal issues are just ignored when it comes to re-licensing.
So maybe you're right but "99% of projects have a CLA in the form of not giving a fuck" is far more accurate.
This isn't a good analogy. Copyright is a real thing, and getting explicit consent from your contributors to use their copyrighted material is an important defensive measure.
This is where I like the FSFE's Fiduciary License Agreement (https://fsfe.org/activities/fla/fla.en.html). It's more explicit about protecting free software. They solve a different problem to most CLAs, but align better with what I want my relationship with a project to be. For example KDE uses it (https://ev.kde.org/rules/fla/).
Still, CLAs are a barrier on their own already. Standardizing them doesn't help. Plus as another commenter mentioned: sometimes a standard CLA is used but then various bits aren't filled in.
Standardizing CLA's helps the same way standardizing software licenses helps prevent license proliferation [1].
Code hosting websites, like GitHub, should provide a mechanism for registered users to electronically sign a CLA from their web interface.
No hassle, no unfilled bits, and you've got a 3rd party (e.g. GitHub) notarizing the contract.
The solution to CLA proliferation is not the proliferation of CLA use, which is what your suggestion involves. If you want to solve CLA proliferation, it's as easy as not going out of your way to add a CLA to your project followed by insisting that people sign it. Let the strength of the license (and your faith in the choice of license) stand on its own.
How is a CLA any different of a legal agreement than agreeing to a license?
The CLAs I have seen basically boil down to the project maintainers maintaining ownership of the code, ability to adjust the license if desired, and protect them from people contributing code that the contributor doesn't have the rights for.
I have seen projects suffer from single contributors stubbornly refusing to budge on relicensing, even if the relicense would benefit the project.
If I contribute to an AGPL project and license my changes back to you under AGPL, that means you can't one day decide to start selling my changes together with a closed-source module; the copyleft works to protect me against you deciding to take my changes closed-source, not just to protect the original maintainer from that.
If I contribute to an AGPL project and sign a CLA that assigns copyright to you, you might announce tomorrow that you are going to run off with my contribution and start only releasing new versions under a non-FOSS licence. This fear applies particularly if you are a for-profit company who might one day lose your desire to do FOSS.
This exact thing, in fact (other than the AGPL part anyway) happened recently with just about every Hashicorp project - so it is not just some hypothetical fear.
I would not contribute (unless I was being paid) to someone else's project unless there was no CLA (inbound = outbound licensing), or they were a not-for-profit with appropriate constitutional limitations on profit-seeking behaviour.
>If I contribute to an AGPL project and sign a CLA that assigns copyright to you, you might announce tomorrow that you are going to run off with my contribution and start only releasing new versions under a non-FOSS licence.
That is generally the point of a CLA. If that bothers you you're supposed to not contribute and not sign. The up side is that that revenue model might mean that they can pay people to do that work instead of relying upon drive by pull requests and maintainers dedicating their time for free.
Back in the early days of open source I saw a lot of people get mad at viral licensing because it did exactly what it was supposed to. There was some weird sort of entitlement complex going on where people felt entitled not only to use open source but that it was somehow unfair that they couldn't also violate the terms and conditions of using it.
I was similarly perplexed by the reaction back then too.
You're just explaining what a CLA does. There's pros and cons toward one. I for one don't see the problem. Yes, the maintainers retain control, and that can be good or bad. But contributors getting a portion of control can also be good or bad.
One way is not strictly better or worse than the other. But if a project that has a CLA also has a currently permissive license, then take the supposedly open source route and fork it.
A CLA is a legal contract between two parties. An open source license is a general grant of additional permissions under copyright (and sometimes some additional promises regarding things like patents), provided that the person using those permissions (to make and distribute copies) adheres to certain requirements.
How is a software license not a legal contract? Everywhere I've seen treats it as such.
A normal CLA is just making things that are implicit when contributing code explicit. It is a clarifying statement and agreement on who maintains control. So if the complaint is that CLAs force you and your company or institution to be explicit when contributing code, then I'm not sure I understand the complaint.
Some organizations (IBM/Eclipse) require signing agreements before you can even log an issue on their bug tracker. It's a pain, and I really can't be arsed.
We used to have a CLA for Solvespace (CAD) which is under the GPL3 license. There was some pressure to eliminate it, and some practical reasons as well so we dropped it. Since then, both FreeCAD (assembly 3) and Blender (via CAD sketcher add-on) have been using our constraint solver to great effect. Unfortunately they will probably never be able to tightly integrate it because both those projects are under GPLv2. I suspect we could offer that solver under another that license if those projects really wanted to go with it, but we no longer have a CLA so relicensing or dual licensing is off the table.
On a related note, this is why proliferation of FLOSS licenses is bad - it prevents smooth code sharing between projects. Use MIT, BSD, GPL3, or LGPL and call it a day. I'm still not sure how "compatibility" actually works.
I think I'm right in saying that the FreeCAD integration problem could be solved on the solvespace side by relicensing the solver library as LGPL while retaining the GPL for the solvespace application itself. That keeps the set of licenses within your list, and applies the one intended for libraries to the library component. I'm sure that's been suggested and rejected before though - what's your take?
My take is that's still not possible because we dropped the CLA.
In the past it may have been unlikely because the original author offered the solver under paid terms for commercial use and LGPL would allow commercial use without paying. I'm not sure what my own contribution to that part is, but I'd sooner offer GPLv2 as an option over LGPL.
> but we no longer have a CLA so relicensing or dual licensing is off the table.
Why is it off the table? Email your contributors and ask if anyone objects. If they object or don't reply, you can probably rewrite the code they contributed, or argue it's too small/trivial to justify a copyright claim. To be blunt, it's extremely unlikely someone is going to sue or even raise a stink over a small contribution. It's more work than if you had a CLA, yeah, but it's not off the table.
> On a related note, this is why proliferation of FLOSS licenses is bad. Use MIT, BSD, GPL3, or LGPL and call it a day.
VLC did a relicense a few years ago and it required them to contact 300+ contributors (!) and even stalk a few of them IRL in order to get in touch with them. Nobody wants to go through this pain…
In my opinion, they went way above what was required. A lot of that pain was self-inflicted. In all of that work, they didn't have a single person object to the license change. I feel confident saying that there are zero people who meet all of these requirements to cause a real problem:
1) contributed enough code to genuinely have a copyright claim,
2) are still alive,
3) are not easily contactable, and
4) care enough about their contribution to file a legal claim over it.
IMO they could have stopped after the emails and a quick look through the remaining unaccounted-for code for any genuinely significant contributions. They didn't need to go hunt down one guy who changed two characters in a comment ("Quite a few people were surprised that I would mail them ('I only wrote one small commit', 'This was minor code').").
Oh it's not really. If either FreeCAD or Blender devs asked for a drop of the solver under their license I'd take a look to see who we'd need permission from and make some effort. It can't be more than 10 people.
Since we switched to Eigen for the matrix stuff, there would also be a decision on whether to use it prior to that change. It was completely stand alone until then.
I agree with this, but at the same time, that's exactly why I will have a CLA.
I am a one-man shop. I struggle to read code written by others because I struggle to build theory of mind.
So I do not want your contributions. My CLA is supposed to drive you away from giving them to me.
But on the flip side, I also want to be able to give commercial licenses to customers instead of the current AGPL-like license I have. For that, I need a CLA.
I also want to relicense to more permissive ones in the future after I'm established. I also want to release my stuff into the public domain on my death. For that, I need a CLA.
So I apologize, but my CLA is meant to stop you from contributing, but it's also important for making things more permissive later.
If you don't have any other contributors, you're free to offer any license to anyone you'd like. Simply not accepting contributions will do the trick; you don't also need a CLA in that situation. It doesn't make sense to have a CLA for a project that doesn't accept contributions.
There is so little that you stand to gain by agreeing to the CLA (and so much downside for them if they reject it and keep the status quo) that the best thing would be to say no.
And I hope that if they do keep it as-is and then someone comes along later and makes the fix, you hound them about violating your IP and cite their comment "we do not have the rights" as prima facie evidence. Make CLA worshippers bite the bullet on their goofy beliefs.
> no one, including myself or my employer, can claim copyright ownership over it
People can claim anything they want. Whether they're correct is the thing. I'm suggesting that, since they've articulated a belief that they can't use it without an explicit CLA, you go ahead and yes-and them and play it out both for comedy's sake and the greater good.
I am sympathetic to that view, however, I have no desire to "punish" the authors for choosing to use a CLA in this case. I am not going to waste the time of multiple people at my day job to get this approved, however. Nor do I want my mental health called into question at work, which would be a predictable result of making such a request.
(We have a GitHub action that verifies this, based on another action, based on something by Probot. Ours has been modified to allow automatic DCO certification for people from the company.)
69 comments
[ 2.9 ms ] story [ 140 ms ] threadDifferent organisations have different goals when it comes to releasing code as Open Source.
Setting aside universities for the moment, companies (and especially startups) have (hopefully) a strategy which takes their product to commercialism and profitability.
Some projects go OSS purely for the marketing, attracting talent, unpaid labour and so on. But ultimately that means a pivot, and a CLA gives them more pivoting choices. They might cut out some contributers, but at the same time they serve the long game.
If you are wanting to contribute to a project, you, in turn, need to be clear what your goals are, and make sure they are aligned with the -long term- goals of the project owner.
But the same problems arise in most other organizations - it's hard enough to get a legal department to sign essential things needed to keep a business running, never mind signing some random CLA for a project they haven't heard of.
Finally, your view seems oriented to pseudo-open source projects where someone slapped an open source license on code written at a single company and wants to keep control of that code within the company, rather than open projects spanning multiple organizations, run by the developers and architects of the code.
At least that's in my experience. It's significantly easier to not contribute back than spend ages trying to involve legal. Sort of like a barrier to entry, though maybe called a barrier to contribute.
OSS covers a wide spectrum of projects, from the Linux Kernel at the one end, to Frank's recent half-assed attempt at a CSS editor. Clearly no statement is going to cover everything.
The set of projects that require a CLA, and the set of pseudo OSS projects has a high degree of overlap.
For example, I have been asked to sign CLAs that granted rights to "recipients" or "organizations" that they hadn't named, having simply adopted a template CLA without filling it in. Some placed specific requirements on me, like "notifying the Project Manager", without information on how to do that or who they were. cla-assistant.io even has the unbelievable default of stating that it's a "CLA for multiple repositories or organizations" without naming them. How can you agree to a contract without knowing where it applies?
In my experience it is rarely possible to legally contribute to a project that uses a CLA. You can ignore the legal issue with the assumption that none of it will come up anyway, but that's a weird way to approach contracts.
1. e.g., <https://github.com/neovim/neovim/issues/3036>
I get it's usually just the lawyers protecting the company just in case a contributor tries something dodgy in the future. Out of principle however, I resent the broad assignment of copyright and granting them the right to relicense.
Of course I expect most of these projects would never exercise that right, but the mere fact that they _could_ take my Free work and make it non-Free is very disturbing.
So I'm simply not going to use it. I'm not going to get invested, then find a problem that I could theoretically submit a patch for. Rather than think of all the users who would benefit from my change, I'll just see it as free work for a megacorp.
That really depends on the CAA. It might allow way more. The text might be (legally) not applicable or have flaws, etc.
> Do you find this disturbing?
It is a barrier to contribute. I would not even bother trying to contribute.
Your statements here are already a bit conflicting to me. You partly might want to monetize the software. You partly might want to release it as MIT. I don't see how you'd still have a means to monetize if you'd release it as MIT. Feels like you want to keep all options open.
That all said, hey, you developed it, so cool if you'd listen to people with different opinions but I'd likely not need your software anyway I guess. Further, loads of non-CAA pure GPL software never receive any contributions. It takes quite a bit of effort to be noticed and get contributions.
FYI: If I reread above parts might come across as harsh but none is meant that way.
Most CLAs are a bot on the MR where you click sign, type your name, and it's done. If you don't really care about your code ownership then it's barely a speed bump compared to the rest of getting a PR merged.
Yeah, I've put 7 years and thousands of hours into it. I do want to keep my options open!
> loads of non-CAA pure GPL software never receive any contributions.
Yup, for several years before I had a CAA I received almost no contributions, except from people I had a direct personal relationship with. The CAA hasn't deterred people, in fact if you look at the timeline, I've gotten more contributors since I've put the CAA into place. (I'm sure it's not cause and effect, but still.)
> It is a barrier to contribute. I would not even bother trying to contribute.
I used to think that I would want any and all contributions to my project. But I've learned over time that, except for trivial changes, a PR from a new contributor is more effort than it's worth, by itself. I mean I can write code, and I do--lots of it. The real value in contributing is everything else: documentation, bugfixing, sincere attention on the problem. So I realized that I'm looking for repeat contributors, the ones who are going to invest in the project, and become active community members, maybe even maintainers. And the low-effort drive-by contributors who would be deterred by e.g. a CAA were never the contributors that were going to move the needle anyway.
In fact, and please correct me if I'm wrong, based on your general tone above, I'm guessing that you've never been an active contributor to any open source project, CLA/CAA or not. In which case, I consider the CAA to have been effective: you can feel self-righteous and I avoid the hassle.
I would hightlight that the dual licensing in particula introduces the issue of sharing any profits with other maintainers, if there are several. Personally if I'm submitting minor patches I would not bring this up, but it deter people from wanting to be more actively involved.
Depends on the size and scope of your project, I guess.
Even if the CLA somehow said you could only relicense to MIT, they could simply do that without releasing anything, and immediately take it and use it in proprietary things :)
https://github.com/saulpw/visidata/blob/develop/CONTRIBUTING...
Also take a look at GitHub's ToS, which explicitly states that "inbound=outbound" is the default. I don't think you can expect people to hunt down your little notice when there is a site-wide default. https://docs.github.com/en/site-policy/github-terms/github-t...
As someone who has been turned off by many CLAs before, I find yours [1] pretty clear and straightforward.
[1]: https://cla-assistant.io/saulpw/visidata
So maybe you're right but "99% of projects have a CLA in the form of not giving a fuck" is far more accurate.
I've lost many contributions over the insane FSF contributors license workflow. https://www.fsf.org/blogs/licensing/new-contributors-frequen...
Still, CLAs are a barrier on their own already. Standardizing them doesn't help. Plus as another commenter mentioned: sometimes a standard CLA is used but then various bits aren't filled in.
Code hosting websites, like GitHub, should provide a mechanism for registered users to electronically sign a CLA from their web interface. No hassle, no unfilled bits, and you've got a 3rd party (e.g. GitHub) notarizing the contract.
[1] https://en.wikipedia.org/wiki/License_proliferation
The CLAs I have seen basically boil down to the project maintainers maintaining ownership of the code, ability to adjust the license if desired, and protect them from people contributing code that the contributor doesn't have the rights for.
I have seen projects suffer from single contributors stubbornly refusing to budge on relicensing, even if the relicense would benefit the project.
If I contribute to an AGPL project and sign a CLA that assigns copyright to you, you might announce tomorrow that you are going to run off with my contribution and start only releasing new versions under a non-FOSS licence. This fear applies particularly if you are a for-profit company who might one day lose your desire to do FOSS.
This exact thing, in fact (other than the AGPL part anyway) happened recently with just about every Hashicorp project - so it is not just some hypothetical fear.
I would not contribute (unless I was being paid) to someone else's project unless there was no CLA (inbound = outbound licensing), or they were a not-for-profit with appropriate constitutional limitations on profit-seeking behaviour.
That is generally the point of a CLA. If that bothers you you're supposed to not contribute and not sign. The up side is that that revenue model might mean that they can pay people to do that work instead of relying upon drive by pull requests and maintainers dedicating their time for free.
Back in the early days of open source I saw a lot of people get mad at viral licensing because it did exactly what it was supposed to. There was some weird sort of entitlement complex going on where people felt entitled not only to use open source but that it was somehow unfair that they couldn't also violate the terms and conditions of using it.
I was similarly perplexed by the reaction back then too.
One way is not strictly better or worse than the other. But if a project that has a CLA also has a currently permissive license, then take the supposedly open source route and fork it.
(I am the author of the linked-to article.)
A normal CLA is just making things that are implicit when contributing code explicit. It is a clarifying statement and agreement on who maintains control. So if the complaint is that CLAs force you and your company or institution to be explicit when contributing code, then I'm not sure I understand the complaint.
On a related note, this is why proliferation of FLOSS licenses is bad - it prevents smooth code sharing between projects. Use MIT, BSD, GPL3, or LGPL and call it a day. I'm still not sure how "compatibility" actually works.
My take is that's still not possible because we dropped the CLA.
In the past it may have been unlikely because the original author offered the solver under paid terms for commercial use and LGPL would allow commercial use without paying. I'm not sure what my own contribution to that part is, but I'd sooner offer GPLv2 as an option over LGPL.
Why is it off the table? Email your contributors and ask if anyone objects. If they object or don't reply, you can probably rewrite the code they contributed, or argue it's too small/trivial to justify a copyright claim. To be blunt, it's extremely unlikely someone is going to sue or even raise a stink over a small contribution. It's more work than if you had a CLA, yeah, but it's not off the table.
> On a related note, this is why proliferation of FLOSS licenses is bad. Use MIT, BSD, GPL3, or LGPL and call it a day.
100% agree.
Part 1: https://jbkempf.com/blog/how-to-properly-relicense-a-large-o...
Part 2: https://jbkempf.com/blog/how-to-properly-relicense-a-large-o...
Part 3: https://jbkempf.com/blog/how-to-properly-relicense-a-large-o...
1) contributed enough code to genuinely have a copyright claim,
2) are still alive,
3) are not easily contactable, and
4) care enough about their contribution to file a legal claim over it.
IMO they could have stopped after the emails and a quick look through the remaining unaccounted-for code for any genuinely significant contributions. They didn't need to go hunt down one guy who changed two characters in a comment ("Quite a few people were surprised that I would mail them ('I only wrote one small commit', 'This was minor code').").
Oh it's not really. If either FreeCAD or Blender devs asked for a drop of the solver under their license I'd take a look to see who we'd need permission from and make some effort. It can't be more than 10 people.
Since we switched to Eigen for the matrix stuff, there would also be a decision on whether to use it prior to that change. It was completely stand alone until then.
Solvespace as a whole will remain GPLv3 though.
I am a one-man shop. I struggle to read code written by others because I struggle to build theory of mind.
So I do not want your contributions. My CLA is supposed to drive you away from giving them to me.
But on the flip side, I also want to be able to give commercial licenses to customers instead of the current AGPL-like license I have. For that, I need a CLA.
I also want to relicense to more permissive ones in the future after I'm established. I also want to release my stuff into the public domain on my death. For that, I need a CLA.
So I apologize, but my CLA is meant to stop you from contributing, but it's also important for making things more permissive later.
There is so little that you stand to gain by agreeing to the CLA (and so much downside for them if they reject it and keep the status quo) that the best thing would be to say no.
And I hope that if they do keep it as-is and then someone comes along later and makes the fix, you hound them about violating your IP and cite their comment "we do not have the rights" as prima facie evidence. Make CLA worshippers bite the bullet on their goofy beliefs.
Luckily, as I wrote, the change is not copyrightable and no one, including myself or my employer, can claim copyright ownership over it.
Right.
> no one, including myself or my employer, can claim copyright ownership over it
People can claim anything they want. Whether they're correct is the thing. I'm suggesting that, since they've articulated a belief that they can't use it without an explicit CLA, you go ahead and yes-and them and play it out both for comedy's sake and the greater good.
https://developercertificate.org
(We have a GitHub action that verifies this, based on another action, based on something by Probot. Ours has been modified to allow automatic DCO certification for people from the company.)
[1] https://www.gnu.org/licenses/why-assign.en.html
[2] https://www.fsf.org/bulletin/2022/fall/copyright-assignment-...