24 Jan
2013
24 Jan
'13
2:21 a.m.
It looks like we're not too interested in migrating away from the LGPL2,
this can be brought up later if warranted.
I really hope we don't have to put an evil lawyer document in
everyone's face because they want to fix a bug. Not only does it hurt
us but it hurts open source because it encourages others follow suit
using mean language against those who try to help the community.
I'll address concerns leading to desire for a CLA in order:
--------------
People contributing code which isn't theirs:
The issue with people contributing code which isn't theirs is ugly and
there is no real end to the mess, copyright assignment doesn't help
much. If an employee writes code on company time, it's the company's not
theirs, they can't open source it without company permission but they
can't transfer it either so the CLA is technically worthless.
A few interesting discussions on the topic:
http://ezinearticles.com/?Contributor-License-Agreements,-and-the-Effects-o…
http://www.kuro5hin.org/story/2002/4/8/22291/81741
It looks like if someone wants to stage an SCO style lawsuit barrage,
there is no magic bullet to make them go away. Additionally, given recent
cases, they would probably choose to use frivolous patent litigation
instead.
Since the point about employers is only able to help remind the
contributor that they need to have permission to use contribute code
which they contribute, we could devise a new license header since nobody
could reasonably claim to have contributed to the project without
noticing the header. If they proceed anyway, a signature is cold comfort.
--------------
An organization to sue those who violate the LGPL:
I'm not sure if this is necessary since copyright violations carry such
a ridiculous penalty that in the event of an LGPL violator, even one
developer could retroactively license his code to an organization which
means to sue the violator (the violator's competitors would probably be
lining up). In any case, an optional and limited license transfer would
be a good solution, even if only a few committers sign it, it would
cover a large amount of code.
--------------
Brand Management:
I'm not going to talk to this very much because the brand is a high
value item and I wouldn't do anything without consulting a lawyer.
FWIW I think Ludovic's current approach of holding it in his own name
is wise.
--------------
Donation management:
This is my addition, a Foundation would allow companies and people to
make tax deductible donations to support the development of XWiki and
could help with securing development grants. For a philanthropist,
that might mean cash but for an ISP that might mean a donation of
hosting or Jenkins machines. This is relatively complex but I am
thinking about starting such a foundation here in Massachusetts for
supporting many open projects instead of only one.
Of course this doesn't require a CLA.
-------------
The use case which I forgot:
Did I miss anything?
Is this a fair evaluation of the use cases and possibilities?
Is there anything to add?
Thanks,
Caleb
On 01/21/2013 10:41 AM, Vincent Massol wrote:
On Jan 21, 2013, at 4:27 PM, Ludovic Dubost <ludovic(a)xwiki.com> wrote:
Hi,
I agree Caleb, a CLA needs a purpose. Now we don't necessarly need to have
in the CLA what we usually find (a copyright assignment).
What we need is for instance an agreement to publish the code as open
source.
Now giving more rights to the "XWiki Project" (as a legal entity) could
have some benefits beyond changing the licence (which could be useful in
case the licence for any reasons has some legal issues).
These benefits are:
- have an entity that can defend wrongful usages of the code beyond the
initial copyright owners
- guarantee the rights of all users of XWiki
- clarify the way the XWiki brand is allowed to be used
On the subject of the XWiki Brand, currently the brand is owned by me
personally. As part for instance as setting up a foundation I could assign
a right to use the XWiki brand as part of the open source code for the
XWiki project, as long as the open source principles are still maintained.
This would clarify the rights and protect the committers and the project.
I'm +1 for a foundation, and a light CLA. The foundation should have it's
open source principles written in stone.
On the ability to change the licence it's something that is worth a
discussion.
Indeed, and the CLA is not just about changing the license, it's also about ensuring
that contributors have the right to contribute what they contribute and that the project
won't be endangered because of a commit that is not legal.
Thanks
-Vincent
Ludovic
2013/1/19 Caleb James DeLisle <calebdelisle(a)lavabit.com>
> Hi Vincent,
>
> The only reason I see for a CLA is to allow the organization to relicense
> the
> code under a different license. Being difficult to re-license makes the
> project more stable and I don't see any major problems with the LGPL.
>
> The idea that "every project needs a CLA" which seems to be implied by
> oss-watch.ac.uk/resources/cla is easily dispelled by the fact that Linux,
> one of the largest and most successful FOSS projects in the world, requires
> only a promise that the contributor are able to license the code under GPL.
>
> What are your reasons for the CLA proposal?
>
> In the case of the node.js license, you are forced to grant Joyent inc
> permission to license your work any way they see fit, including
> proprietary.
> This makes node.js project subject to the whim of Joyent's directors.
>
> From a technical perspective, extracting a signature from everyone who has
> ever contributed a patch to XWiki would be very difficult and there would
> inevitably remain code within the codebase which was not transferred.
>
> On the point of SF Conservancy and SPI, I would be guarded about
> transferring a license to an organization until I knew the organization
> (who runs it, what internal controls does it have) and had an assessment of
> the dollar value of such a transfer. Just to pull out a number, the
> codebase is probably worth somewhere in the 10's of millions of $.
>
>
>
> Fortunately we're all pretty friendly in this community so a lot of the
> darker what-if's just never come up but I think we should still remain
> vigilant about new legal structures, especially if they involve putting
> trust in people who none of us know.
>
> Thanks,
> Caleb
>
>
>
>
> On 01/17/2013 05:19 AM, Vincent Massol wrote:
>> Hi devs,
>>
>> I'd like to propose the following:
>> * That we start asking for a CLA for contributions (and also for current
> committers)
>> * That we keep the process lightweight in order to not make it harder to
> contribute to the xwiki project. For this I propose to use
> http://www.clahub.com/
>>
>> In order to understand why we need a CLA read:
>> * http://www.oss-watch.ac.uk/resources/cla
>> * http://en.wikipedia.org/wiki/Contributor_License_Agreement
>>
>> If we agree we then need to define our CLA. I think a good starting
> point could be the Node.js one:
>> http://nodejs.org/cla.html
>>
>> Now I don't think the CLA will have any legal value if we cannot define
> "the XWiki project" as a legal entity.
>>
>> Thus I believe we need to start by joining some foundation or creating
> one.
>>
>> I'll list some easy possibilities:
>> * SF Conservancy: http://sfconservancy.org/members/current/
>> * SPI: http://www.spi-inc.org/projects/
>> * Create our own Not for profit association
>>
>> Harder possibilities (need to change license, rename project, etc):
>> * Join ASF
>> * Join Eclipse (and be forced to use bugzilla as the issue tracker ;))
>>
>> We also need to check if OW2 could offer that service of being a legal
> entity for XWiki.
>>
>> Personally I'm tempted more by our own association (it's quite easy to
> create one if we don't need to accept money and a bit more complex if we
> want to accept money but still doable). My second choice goes to SFC.
>>
>> WDYT?
>>
>> Thanks
>> -Vincent
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs