Contribution Policies for
Open Source Projects
Richard Fontana
LinuxCon 2010
Contribution Policies
- Rules governing use of inbound contributions
- Outbound license: presented by project to users
- Inbound: © permissions inhering in contributions
- Limits range of possible outbound licenses
- Types
- Inbound = outbound FOSS license
- Copyright assignment
- Formal contributor license agreement (CLA)
- Miscellaneous
Inbound = Outbound
- Majority rule; culturally authentic
- Contributor uses global outbound FOSS license
- Project passes through contribution FOSS license
- Variance in formality
- Undocumented, manifest in project custom
- Informally documented
- Formal agreement (uncommon)
- Mozilla, Eclipse committer agreements
Copyright Assignment
- Always structured as formal agreement
- Dual-licensing/open core business models
- Uncommon for non-corporate projects
- Common agreement features:
- Grant-back of maximally broad © license
- Fallback maximally broad © license
- How assignee will use contribution
- Patent license grant
- Reps/warranties: originality/third-party claims
CLAs
- Typically like assignment agreements with broad license instead of transfer
- Best-known: Apache CLAs
- ASF commits not to use "contrary to the public benefit or inconsistent with its nonprofit status"
- Widely reused
- Permissive + copyleft outbound-licensed projects
Miscellaneous
- Limit inbound FOSS license choice (non-outbound)
- CiviCRM; PSF CA
- Lightweight approach to small contributions
- Contributor selects from multiple policies
- KDE: choose from acceptable licenses or FLA
- MariaDB: joint © or 3-clause BSD
The Case Against © Assignment
- Primary arguments
- Lockean property idea
- Single-entity control is dangerous
- Red tape
- Dual licensing/open core is evil
- Secondary: disincentives to contribute → harm
- Toxic effect on community-building
- Limits user adoption
- Leads to project forks
- Leads to wasteful reimplementation
- Nonprofits vs. for-profits
The Case For © Assignment
- Three main claims:
- Concentrating © ownership facilitates enforcement
- Facilitates project relicensing
- Protects project/assignee from third-party claims
- Additional arguments (for-profit assignee)
- Facilitates dual-licensing → attracts investment
- Fair for mere patch authors to have less power
- Residual doubt over scope of broadest © licenses
- Convince cautious companies to "open source"
Enforcement Argument
- Distributed © ownership impedes enforcement
- Mere nonexclusive license not enough to enforce
Joint Works
- Two authors are co-owners of undivided © interest if
they both intended contributions to be
merged into inseparable or interdependent parts of a unitary whole
(17 USC § 101) at the time the work was created - Each can license freely, subject to duty to account
- Derivative work by one author is not a joint work
- FOSS projects: cascading collective/derivative works rather than joint works
Joinder of Necessary Parties
- In infringement suit,
court may require the joinder ... of any person having or claiming an interest in the ©
(17 USC § 501(b)) - Rationale: anyone who could grant a license to excuse infringement should be party to this lawsuit
- Unclear that contributor & contributee are joint authors
- Isn't ex-joint-owner assignor with broad grantback license a necessary party?
Standing
- Only © holders can sue for © infringement
- But nonexclusive licensee can hold © on a derivative or collective work
- Fair to expect a company to have contributed something creative in order to enforce a license
What About CLAs?
- © assignment vs. Apache-style CLAs
- Apache-style CLAs vs. ordinary permissive FOSS
- Confusion around Apache-style CLAs
- Often described as copyright assignments
- Some assume CLAs are inherently nonproblematic
- CLA-using corporations exploiting confusion?
Red Hat's Experience
- Contribution asymmetry
- Substantial contributor to many upstream projects
- Difficulty attracting contributors to "our" projects
- By 2008, patchwork of contribution policies
- Fedora: Apache-style CLA
- JBoss.org: (L)GPL CLA
- Cygwin: copyright assignment
- Others: inbound=outbound
Fedora ICLA
- Huge cultural/technical mismatch
- Fedora community tends to be pro-copyleft
- Fedora mainly packages other projects' code
- Led to confusion and mistrust
- Assumed by many to supersede upstream licenses
- Fear of proprietization by Red Hat
- Discouraged some contributions
- Docs relicensing (2009): 'nuclear option'?
FPCA (2010)
- Fedora developed clever reinterpretation
- Codified in new agreement written from scratch
-
- Minimalist design; no scary legalese
- Revised with community input
- Covers only original material with no explicit license
-
- Default free license: MIT, CC-BY-SA
- Contributors can opt out by explicitly licensing
Other Projects
- JBoss
- Inherited committer CLA: use only under (L)GPL
- Supplemented by undocumented customary practices
- Complicates project relicensing (LGPL→Apache)
- Replaced with Apache-based CLA in 2009 as stopgap
- Future: FPCA? Apache 2.0/LGPLv2.1 dual-license?
- And the rest:
- Michael DeHaan (2008):
Cobbler itself has not required copyright assignment, so files are © their original author and major contributors, Linux kernel-style.
- Michael DeHaan (2008):
Red Hat as Contributor
- Most upstreams do not require special agreements
- Exceptions
- Trusted project nonprofits (FSF/GNU, ASF, PSF, Mozilla)
- Established relationships with Sun projects (OOo, OpenJDK)
- For-profits: protracted negotiations over badly drafted, overreaching agreements
Conclusions
- Formal contribution agreements are Bad™:
- Legal benefits for projects and companies dubious relative to harm to community development model
- Signals basic lack of legal confidence in FOSS
- Ethical concerns (unequal bargaining power)
- More justifiable if assignee is nonprofit fiduciary
- Best policies are informal, pure FOSS, documented
The End
Thank you!
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 United States License.