[TOS] contributors' agreements

Frank Hecker hecker at hecker.org
Wed Dec 9 16:11:42 UTC 2009 

On Mon, Dec 7, 2009 at 3:08 PM, Greg Wilson <gvwilson at cs.utoronto.ca> wrote:
> Regardless of whether the FLOSS organization requires a contributor's
> agreement, is it wise to get one so that the student's university doesn't
> think they have any rights to what the students has done?

My personal opinions (not an official Mozilla position):

As Ross wrote, it's ultimately a risk management issue, and part of
that means trading off less risk vs. more hassle, and vice versa. For
example, if a university has a particularly large and active office of
technology transfer and a more-than-usual interest in making
relatively-expansive IP claims in relation to faculty and student
work, the amount of work required to get an explicit waiver or grant
of rights (i.e., in the form of a CLA) may be onerous enough to
strangle any TOS-related initiative in the cradle.

Expanding on my earlier comments in relation to Mozilla: In the
Mozilla project almost all the code is generated by Mozilla employees
(under a work for hire situation, with assignment to the Mozilla
Foundation), carried over from Netscape (explicit grant of rights), or
contributed by major corporations like IBM, Sun, Red Hat, etc.
(explicit grant of rights, though not in the form of a CLA per se).
The amount of code contributed by individual volunteers, including
students, is pretty small in relative terms; ditto for code
contributed by small businesses.

With respect to individual contributors, including students, Mozilla
has chosen to prioritize ease of making contributions over reducing
IP-related risks to the absolute minimum, with contributors informally
affirming that they have rights to contribute their code, and
committers informally verifying this. It's certainly possible that
some code has slipped in at one time or another for which the
contributor did not actually have rights to contribute under the
Mozilla licensing scheme. If that were the case, it's also possible
that the organization that does have rights would object to the
contribution and seek to exert its own claims, e.g., by preventing the
code from being used by the Mozilla project. However in practice
that's never happened, and Mozilla has made a decision to accept any
associated risk as opposed to trying to further formalize the act of
contributing code.

I suspect that many other FOSS projects have made a similar risk
management trade-off.

Frank

-- 
Frank Hecker

More information about the tos mailing list