Hey open source contributors,
I’m looking for examples of license agreements from big open source projects.
What are, according to you, the best license agreements? What is an important thing to check before signing a license agreement? What would be your advice to an organization drafting a license agreement to contribute to an #agpl3 project?
Thanks for sharing my question. This is something I will probably add in my open source teaching at university.
Hello everyone, and Happy New Year 2025! 🎉 As we kick off another exciting year for Open WebUI, we’ve got some important news to share with the community. But first, we want to extend our gratitude...
@jonmsterling @ploum @albertcardona
Totally agree.
Plus a CLA can be a hell to manage for the organization (maintaining and updating the list of all corporate and individual contributors)
And from the contributor pov, if only one clause is a stopper, he / she would be stuck between the willingness to contribute and the rejection of one small unacceptable condition.
@benoitb @jonmsterling @albertcardona : I believe that there are many cases where CLA could be beneficial for the project on a long term scale (what if, for example, you wanted to switch from GPL to AGPL because it suddenly become available over a network?)
That’s why I’m investigating the subject.
@ploum
It all really depends what you want a CLA for.
Some want it primarily to increase their own freedom over the project, like license changes.
Some want it primarily for assurance of provenance.
Some want it only from the maintainers (I know that exactly this has been argued for in Apache circles), which then essentially constitutes a permanent sign-off on everything they do.
@ploum
Personally, I've come to the conclusion that CLA are pretty much bullshit.
We have other tools for provenance, with the Sign-off trailer in commit messages. Maintainers need to pay attention either way, and in that respect, the Sign-off trailers in front of you are just as easy to deal with as any commit author.
As for increasing the freedom of the maintainers, the creates a power imbalance which isn't very palatable when you thinkg about it.
@ploum
On the subject of license changes, BTW... this is also something to carefully think about.
I'm coming from the perspective that there's a project license, and then there are licenses in each file. They do not have to be the same, all that's needed is that they are compatible.
@ploum
... And yeah, I know, license compatibility comes with its own set of issues, to be pondered over as well.
/end
@levitte : Indeed, you could technically change from GPL to AGPL without approval from contributors because there’s a one way compatibility (in fact, I did it myself by changing a project license from BSD to AGPL).
So my example doesn’t work. But does that mean that CLA are always bad?
@ploum
Calling them anything is a matter of perspective and what your objectives are as a maintainer.
I know contributors who do call them bad, mainly because of the power imbalance they introduce. There's a sense of losing one's stake that you may have to grapple with.
I'm myself at the very least ambivalent, and am very apprehensive of signing a CLA, these days.
@ploum I think there might be confusion, unless you're the copyright holder(s) you're not allowed to change the license from "BSD" to AGPL. What you can do is license any new changes under the AGPL ... but the old license still sticks around.
Similar if you combine GPL to AGPL (see section 13 of the #GNU GPL -- you're not changing the license of the old code).
@ploum Nothing gets tainted, and you can go back if you can untangled the changes that are licensed under one or the other license.
Often when people say "change the license" they mean that, when you combine to licenses, you ever change the license, which is the point I want to clarify. There was one instance when some Linux hackers "changed the license" as an earnest mistake ..
I once ran a project with a few thousand global clients, each with dozens to hundreds of end-users. A big part of this was that clients could use plugins. However, when I inherited the project it had a GPL license. I just could not convince anyone to write a plugin due to GPL. No one wanted to deal with the viral license.
It wasn't until we burned the project down and restarted with MIT that we got plugin authors and core contributors interested.
@ploum The Spring project recently switched from requesting a CLA to a simpler DCO, if that’s interesting to you.
https://spring.io/blog/2025/01/06/hello-dco-goodbye-cla-simplifying-contributions-to-spring
@ploum two CLA from an open source framework from Pixar: https://github.com/PixarAnimationStudios/OpenUSD
One is for individuals, the other for corporate contributors. I've signed both.
pablo suárez-serrato
ploum
Pol Dellaiera
Jon Sterling
Benoît B.
Richard Levitte
Alfred M. Szmidt
rat (mibioctet)
Guilhem Bonnefille
Gilou
AMS
Olivier Hubaut
Odoo Community Association
Charles Flèche