Skip to content

Contributor agreements – the grass is browner

If you’ve been looking to implement a contributor license agreement (CLA), or your free/open source software project already has one, I wanted to let you know that the grass is greener on this side of the fence. As soon as you can, burn your CLA and never look back.

I’ve had more than my fair share of dealings around these tools of accidental-anti-community – I’m fairly sure I coined the phrase “nuclear option” to refer to using the CLA to relicense without obtaining copyright-holder consent, and I certainly was instrumental in using that option in the now-defunct Fedora CLA.

As I continue to hear groups and organizations struggle with using CLAs, I wanted to pull together a few useful pointers and one particularly good presentation by Richard Fontana. Basically, I agree with everything he says, especially how CLAs inhibit community-building.

Richard is Red Hat’s lawyer specializing in FOSS licensing, and he gave this half-hour talk at the Open World Forum this year as part of the European Open Source and Free Software Law Event. In “Contribution Policies for FOSS Projects“, Richard systematically covers the major objections and concerns about CLAs.

Richard inherited a Red Hat practice of using CLAs, and I think it’s fair to say that he represents the learning that Red Hat has done institutionally around contributor agreements. Similar to other organizations, we originally thought the CLA was a good practice overall, and you’ll find the remnants of that practice throughout Red Hat-started projects.

These days, though, you can see that we’ve been using what Richard calls “inbound = outbound”, that is, code and content coming in to the project as a contribution is simply taken in under the same license the code and content is distributed under, no additional agreements required. If the project uses the Apache License, contributions must simply be under the Apache License. Same with the GPL, and so forth.

Examples of Red Hat using inbound = outbound in practice are the oVirt project and OpenShift Origin, both of which are licensed under the Apache License. Similarly, I like the contribution policy we crafted for The Open Source Way. It’s simple, clear, unambiguous, and reusable.

One thing I appreciate about Richard’s viewpoint is that he looks beyond the basic concern that legalese can scare people away, which is what many perceive as the main threat. More importantly, he highlights the way contribution agreements create different classes of contributors with a larger imbalance of power than many of us recognize.