[TOS] contributors' agreements

[Behdad Esfahbod]

On 12/09/2009 07:59 PM, Ross Gardler wrote:
> 2009/12/10 Behdad Esfahbod<behdad at behdad.org>:
>> On 12/09/2009 05:00 PM, Ross Gardler wrote:
>>>
>>> 2009/12/9 Behdad Esfahbod<behdad at behdad.org>:
>>>>
>>>> On 12/09/2009 03:41 PM, Ross Gardler wrote:
>>>
>>> ...
>>>
>>>>> I realise that the alternative view of "code is contributed under
>>>>> license XYZ and XYZ has such a disclaimer" is arguably sufficient.
>>>>
>>>> Indeed.  If you think CLA for contribution is a good idea, then why not
>>>> ask
>>>> any user of the software also sign a CLA?
>>>
>>> I think a CLA for contributions that pose a high level of risk are a
>>> good idea. I have never stated they are required for all
>>> contributions.
>>>
>>> There is no need to require users to sign CLAs because they have to
>>> agree to the terms of the licence to use it this is explicit (although
>>> in some jurisdictions this is questionable, but that is off topic).
>>> There is no equivalent explicit agreement between contributors and the
>>> project unless a CLA is in place.
>>
>> Why do you claim that it's different?  In absense of any agreement between
>> the contributor and the project, doesn't the copyright laws apply the same
>> way they do in the project-user case?
>
> Copyright law applies, yes. Copyright still remains with the
> contributor, but I was talking about warranty disclaimers not
> copyright. these do not exist unless explicitly stated, unlike
> copyright.

Sure.  But if copyright remains with the contributor and there is no explicit 
agreement, how is the project allowed to use the contribution if not by way of 
the permissions granted in the license?  The same license includes all the 
warranty disclaimers you are suggesting should be done using a CLA.


>>>> If no-CLA has worked for Mozilla, GNOME, KDE, and Linux, I wouldn't
>>>> bother
>>>> for any other project of mine.
>>>
>>> Mozilla has a CLA [1],  Linux has a CLA [2[, I don't know about KDE
>>
>> Mozilla only has a committer CLA, not contributor CLA, as pointed out
>> repeatedly by Frank.
>
> Yes, I appreciate that. I have never claimed a CLA is required for all
> contributions and do not do so above. I assumed, given that you
> included GNOME in the same statement, that you were saying they have
> no CLA at all since I have learned in this thread that GNOME do not
> have one at all.
>
>> Regarding your Linux
>> link, I'm not sure how you call it a CLA.  It's a patch formatting
>> guideline.
>
> "Signed-off-by: this is a developer's certification that he or she has
> the right to submit the patch for inclusion into the kernel. It is an
> agreement to the Developer's Certificate of Origin, the full text of
> which can be found in Documentation/SubmittingPatches. Code without a
> proper signoff cannot be merged into the mainline."

AFAIK "Singed-off" is mostly a technical measure.  If I submit a patch to the 
Linux kernel, someone will review and sign it off for inclusion.  I don't see 
how that has to do with any CLA.  If I have not signed or otherwise agreed 
with anything (I just sent mail with a patch), can't see how that can be 
called a CLA.


This thread started as seeking recommendations for how to deal with student 
contributions.  You said that you "think a CLA for contributions that pose a 
high level of risk are a good idea."  But your examples (Mozilla and Linux) 
only require CLA from committers, not all contributors.  One would guess that 
"contributions that pose a high level of risk" don't come from project 
committers, but outside contributors.  So I don't see how your examples 
support your claim.

That's all I have to say.

behdad


> Ross
>