Contributor License Agreements Ruin Most FOSS Projects

Brodie Robertson

26 Aug 202413:08

Summary

TLDRThe video script discusses the nuances of open source and free software movements, emphasizing their differences despite shared goals. It delves into the complexities of permissive and copyleft licenses, and the role of Contributor License Agreements (CLAs) in project contributions. The script highlights various types of CLAs, from Fedora's to the KDE project's fiduciary licensing agreement, and the Developer Certificate of Origin, illustrating how some CLAs can be beneficial while others may infringe upon developer rights. It advises caution and understanding of CLA terms before signing, advocating for a balanced approach to open source contributions.

Takeaways

😀 Open source and free software movements have different ideologies and goals but share some overlap in their licensing principles.
🔄 Permissive licenses allow anyone, including companies, to take a project and make it proprietary, applying equally to all parties.
🔒 Copyleft licenses prevent additional restrictions from being added to the code, ensuring freedom for all users and developers.
📜 Contributor License Agreements (CLAs) are additional documents sometimes required for contributing to a project, varying greatly in their terms.
⚠️ CLAs are often viewed negatively due to cases where they undermine developer rights or supersede licenses with unfavorable terms.
📝 The terms of a CLA can range from restrictive and harmful to developers, to neutral or even beneficial in some cases.
📑 Examples of CLAs include the Fedora Project Contributor Agreement and the KDE Project's Fiduciary Licensing Agreement, each with different implications.
🛑 The Developer Certificate of Origin is considered an 'anti-CLA' as it does not grant additional rights and simply confirms the contributor's rights to the code.
🚫 Some CLAs, like the one from Discourse, can be harmful as they grant companies extensive rights to re-license and use contributions in any way they see fit.
🤔 It's crucial for contributors to read and understand CLAs, or seek guidance if they are unclear, as the terms can significantly impact their rights.
❗️ A negative reaction to the term 'CLA' is common due to misuse, but it's important to remember that not all CLAs are inherently bad and some can be neutral or positive.

Q & A

What is the main difference between open source and free software movements?
-The main difference lies in their ideologies and goals. While both movements promote software that can be freely accessed and modified, open source focuses on practical software development and collaboration, whereas free software emphasizes user freedom and ethical issues.
How do permissive licenses affect both companies and individual developers?
-Permissive licenses allow anyone, including companies, to take an open source project, make it proprietary, and claim it as their own. However, this also applies to individual developers, who can do the same with the project.
What is a Contributor License Agreement (CLA) and why is it sometimes viewed negatively?
-A CLA is an additional document that contributors are often required to sign before they can contribute to a project. It is sometimes viewed negatively because it can be used to undermine developer rights, supersede the license, or impose other unwanted terms.
Can you provide an example of a CLA that is considered neutral or positive?
-Yes, the Fedora Project Contributor Agreement and the KDE Project's Fiduciary Licensing Agreement are examples of CLAs that are considered neutral or positive because they do not take away rights from the original authors and are used for the protection of the project.
What is the Developer Certificate of Origin, and how does it differ from other CLAs?
-The Developer Certificate of Origin is a simple document that states the contributor owns the code and it is licensed under an open source license. It does not grant additional rights to the project maintainers and is often considered an 'anti-CLA' because of its minimal requirements.
What are the implications of a CLA that allows for re-licensing of contributions?
-A CLA that allows for re-licensing gives the project or company the right to change the license terms of the contributed code, which can be problematic as it may go against the original intent of the open source or free software movement.
Why is the FSF's copyright assignment considered a form of CLA?
-The FSF's copyright assignment is considered a form of CLA because it requires contributors to assign their copyright to the FSF, giving the FSF the right to protect and manage the code, but it is trusted because of the FSF's commitment to free software.
What does the KDE fiduciary license agreement aim to address?
-The KDE fiduciary license agreement addresses the issue of full copyright assignment by allowing contributors to assign economic rights to the KDE project while retaining moral rights, ensuring that the project cannot change the licensing terms without the author's consent.
What is the recommended approach when encountering a CLA for a project?
-It is recommended to read the CLA document thoroughly and understand its terms. If unsure, seek advice from someone knowledgeable. If the CLA is unbalanced or overly restrictive, it might be best to avoid contributing to that project.
How does the discourse CLA differ from other CLAs mentioned in the script?
-The discourse CLA is more restrictive and grants the company extensive rights, including the ability to re-license the contributions under any terms, which raises concerns about the project's commitment to open source or free software principles.