If it was already released as Apache and everyone contributed under that license, contributors outside of Google have no need to sign a Google CLA. Everyone can continue using it outside of Google without issue.
That depends on whether there's documentation that Google legal did indeed approve the release of Google-owned code under the Apache licence as Steve Weis claims.
If not, Google can't claim to own the whole project, but they can claim they own bits of it and refuse to allow distribution of those bits, just as they could if someone had release core parts of the Google search algorithms without permission. In that case, the choices for the project are to either create a clean fork without any of the Google contributions, or cease distribution altogether. It also leaves downstream users in a somewhat awkward legal position. I certainly wouldn't want to depend on the project for something that directly competes with a Google service, for instance.
Still, more likely it's just a mistake by Google legal and furthermore, it's highly unlikely they would go around suing people, especially when it's not 100% clear that the IP was released without permission. Still a bit of a messy situation though.
Doesn't mean much, if you are a developer for company X and you have restriction in your contract which are fairly standard these days that grant full or partial ownership on any thing you do on or off the job while being employed sticking an open source license for it won't save you.
I've seen quite a bit of "open source" projects being pull off when the employer discovered them, and while it's true that you can't effectively pull anything off the internet, it also means that no one with a shred of common sense would ever touch them again with a 10 feet pole.
This is slightly more complicated since it's been released by the corporation under an OSS license.
It's also less about employees doing something on their own, and more about the company fearing that some one external will lay claims to parts of the cod from what i understand.
But there can be still internal legal complications that would result in this being pulled off completely or dropped.
I don't know why this is needed, but glancing at the CLA the clause which is most obviously not covered by the Apache license is this one:
"You represent that you are legally entitled to grant the above license. If your employer(s) has rights to intellectual property that you create that includes your Contributions, you represent that you have received permission to make Contributions on behalf of that employer, that your employer has waived such rights for your Contributions to Google, or that your employer has executed a separate Corporate CLA with Google."
Linux requires a similar declaration to accept code, but many free software projects do not, and it's not a part of any of the usual licenses.
Subject: All past Keyczar contributors PLEASE READ
Shawn Willden:
It turns out that the Googlers on this project haven't done our legal due diligence as we should, and as a result, Keyczar is in danger of being pulled completely, just when I was thinking that we had a chance to revive it and move it to Github (thanks entirely to Devin's offer and interest).
To avoid having it taken down, and to get it moved to Github, we need to get Contributor Licensing Agreements signed by everyone who has contributed. The agreement doesn't give your IP to Google or restrict your use of it... well, I probably shouldn't try to interpret it for you.
Obviously, in the future we'll need CLAs from anyone who contributes.
Thanks, and sorry about this.
Steve Weis:
Keyczar was released under an Apache 2.0 license and I received approval from open source and legal teams in 2008. Why is there suddenly a need to retroactively get a Google CLA? What happens if you're unable to get everyone to agree?
Regardless, these are all the internal contributors I recall before it was released:
Me
Arkajit Dey
Ben Laurie
Neil Daswani
Marius Schilder
Sarvar Patel
Loren Kornfelder
Manuel Marquez Garrido
Rafael Castro
Laura Krotowski
Google has a weird state between logged in and logged out. I believe it happens when your session has expired, but the cookies are still being sent. You're constantly asked to login again to access completely open pages.
1. There's no suitable legal entity that could receive the copyright/rights on behalf of the PostgreSQL project. There are entities handling domains/... but that's not really useful.
2. The fact that developers keep all the rights (except for implicitly allowing use by submitting the patches) makes the project immune to particular changes. For example no one can suddenly change the license used by the project - it's going to be MIT-like license forewer.
3. I really wonder how this CLA works outside USA, in countries with different copyright laws. Say, Europe, Japan, South America - where a lot of PostgreSQL contributors live.
The fact that PostgreSQL has no CLA is one of the reasons why I work on this project. I'm the one who keeps copyright, etc. I'm not saying establishing a CLA would make me quit immediately.
Moreover, I don't see how a CLA could be established after 15+ years of a project.
13 comments
[ 226 ms ] story [ 1100 ms ] threadIf not, Google can't claim to own the whole project, but they can claim they own bits of it and refuse to allow distribution of those bits, just as they could if someone had release core parts of the Google search algorithms without permission. In that case, the choices for the project are to either create a clean fork without any of the Google contributions, or cease distribution altogether. It also leaves downstream users in a somewhat awkward legal position. I certainly wouldn't want to depend on the project for something that directly competes with a Google service, for instance.
Still, more likely it's just a mistake by Google legal and furthermore, it's highly unlikely they would go around suing people, especially when it's not 100% clear that the IP was released without permission. Still a bit of a messy situation though.
I've seen quite a bit of "open source" projects being pull off when the employer discovered them, and while it's true that you can't effectively pull anything off the internet, it also means that no one with a shred of common sense would ever touch them again with a 10 feet pole.
This is slightly more complicated since it's been released by the corporation under an OSS license. It's also less about employees doing something on their own, and more about the company fearing that some one external will lay claims to parts of the cod from what i understand. But there can be still internal legal complications that would result in this being pulled off completely or dropped.
I don't know why this is needed, but glancing at the CLA the clause which is most obviously not covered by the Apache license is this one:
"You represent that you are legally entitled to grant the above license. If your employer(s) has rights to intellectual property that you create that includes your Contributions, you represent that you have received permission to make Contributions on behalf of that employer, that your employer has waived such rights for your Contributions to Google, or that your employer has executed a separate Corporate CLA with Google."
Linux requires a similar declaration to accept code, but many free software projects do not, and it's not a part of any of the usual licenses.
Shawn Willden:
It turns out that the Googlers on this project haven't done our legal due diligence as we should, and as a result, Keyczar is in danger of being pulled completely, just when I was thinking that we had a chance to revive it and move it to Github (thanks entirely to Devin's offer and interest).
To avoid having it taken down, and to get it moved to Github, we need to get Contributor Licensing Agreements signed by everyone who has contributed. The agreement doesn't give your IP to Google or restrict your use of it... well, I probably shouldn't try to interpret it for you.
The agreements for individual and corporate contributors are here: https://cla.developers.google.com
Obviously, in the future we'll need CLAs from anyone who contributes.
Thanks, and sorry about this.
Steve Weis:
Keyczar was released under an Apache 2.0 license and I received approval from open source and legal teams in 2008. Why is there suddenly a need to retroactively get a Google CLA? What happens if you're unable to get everyone to agree?
Regardless, these are all the internal contributors I recall before it was released: Me Arkajit Dey Ben Laurie Neil Daswani Marius Schilder Sarvar Patel Loren Kornfelder Manuel Marquez Garrido Rafael Castro Laura Krotowski
This specifies who worked on what: https://code.google.com/p/keyczar/wiki/Contributors
Two early external contributors were: Sébastien Martini Martin Clausen
Everyone else should be in the commit history.
And here's a copy of the text: http://paste.click/GdAeQx
(Not sure if copying this is an issue, if it is let me know and I'll take it down)
1. There's no suitable legal entity that could receive the copyright/rights on behalf of the PostgreSQL project. There are entities handling domains/... but that's not really useful.
2. The fact that developers keep all the rights (except for implicitly allowing use by submitting the patches) makes the project immune to particular changes. For example no one can suddenly change the license used by the project - it's going to be MIT-like license forewer.
3. I really wonder how this CLA works outside USA, in countries with different copyright laws. Say, Europe, Japan, South America - where a lot of PostgreSQL contributors live.
The fact that PostgreSQL has no CLA is one of the reasons why I work on this project. I'm the one who keeps copyright, etc. I'm not saying establishing a CLA would make me quit immediately.
Moreover, I don't see how a CLA could be established after 15+ years of a project.