Contribution Policies for
Open Source Projects
Richard Fontana
Abridged version of LinuxCon 2010 presentation
Types of Contribution Policies
- Inbound = outbound FOSS license
- Copyright assignment
- Formal contributor license agreement (CLA)
- Miscellaneous
Inbound = Outbound
- Majority rule; culturally authentic
- Contributor uses global outbound FOSS license
- Project passes through contribution FOSS license
- Variance in formality
- Undocumented, manifest in project custom
- Informally documented
- Formal agreement (uncommon)
- Mozilla, Eclipse committer agreements
Copyright Assignment
- Always structured as formal agreement
- Dual-licensing/open core business models
- Uncommon for non-corporate projects
- Common agreement features:
- Grant-back of maximally broad © license
- Fallback maximally broad © license
- How assignee will use contribution
- Patent license grant
- Reps/warranties: originality/third-party claims
CLAs
- Typically like assignment agreements with broad license instead
of transfer
- Best-known: Apache CLAs
- ASF commits not to use "contrary to the public benefit or
inconsistent with its nonprofit status"
- Widely reused
- Permissive + copyleft outbound-licensed projects
Miscellaneous
- Limit inbound FOSS license choice (non-outbound)
- Lightweight approach to small contributions
- Contributor selects from multiple policies
- KDE: choose from acceptable licenses or FLA
- MariaDB: joint © or 3-clause BSD
The Copyright Assignment Debate
- Arguments against copyright assignment
- Lockean
- Dangers of single-entity control
- Red tape
- Evils of dual-licensing/open core
- Harmful effects of barriers to contribution
- Arguments for copyright assignment
- Facilitates enforcement
- Facilitates relicensing
- Protection against third-party claims?
- Others (e.g. doubt over scope of licenses)
Enforcement Argument
- Standing (mere nonexclusive license not enough to enforce)
- But nonexclusive licensee can hold © on derivative/collective work
- Joinder (distributed © ownership impedes enforcement)
- US court may require joinder of any person having/claiming an interest in the ©
- Rationale: anyone who could grant license should participate
- Argument assumes contributor & contributee are joint authors
- Isn't ex-joint-owner assignor with broad grantback license a necessary party?
What About CLAs?
- © assignment vs. Apache-style CLAs
- Apache-style CLAs vs. ordinary permissive FOSS
- Confusion around Apache-style CLAs
- Often described as copyright assignments
- Some assume CLAs are inherently nonproblematic
- CLA-using corporations exploiting confusion?
Red Hat's Experience
- Contribution asymmetry
- Substantial contributor to many upstream
projects
- Most have nonproblematic contribution policies
- Difficulty attracting contributors to "our"
projects
- By 2008, patchwork of contribution policies
- Fedora: Apache-style CLA
- JBoss.org: (L)GPL CLA
- Cygwin: copyright assignment
- Others: inbound=outbound
Fedora
- CLA was cultural/technical mismatch
- Fedora community tends to be pro-copyleft
- Fedora mainly packages upstream code
- Led to confusion and mistrust; discouraged contributions
- Docs relicensing (2009): 'nuclear option'?
- Clever reinterpretation, codified in new FPCA (2010)
- Minimalist design; no scary legalese
- Covers only original material with no explicit
license
- Default free license: MIT, CC-BY-SA
- Can opt out by explicitly licensing
Other Projects
- JBoss
- Committer CLA: (L)GPL sublicense; supplemented by
undocumented practices
- Complicates project relicensing (LGPL→Apache)
- Replaced with Apache-style CLA in 2009 as stopgap
- Future: simple Apache 2.0/LGPLv2.1 dual-license?
- Michael DeHaan (2008):
Cobbler itself has not
required copyright assignment, so files are © their
original author and major contributors, Linux
kernel-style.
- Dismantled CLAs for FreeIPA, Spacewalk
Conclusions
- Formal contribution agreements are bad:
- Legal benefits for projects and companies dubious relative to harm to community development model
- Signals lack of legal confidence in FOSS
- Ethical concerns (unequal bargaining power)
- More justifiable if contributee is nonprofit fiduciary
- Best policies are informal, pure FOSS, documented