You know that cringey feeling you get when a politician who never read a line of code talks about cryptography?
Now you can imagine how a lawyer must feel when an engineer who never read an appellate opinion talks about law.
Conversation
In today’s instance of the above, #1 on HN is an article about CLAs which is dead wrong for any project with a permissive license (like MIT, BSD, and Apache), but which will certainly cause grief to Open Source maintainers for years.
4
2
13
Replying to
Can you elaborate on what you mean by "dead wrong"? Just that even without CLA the upstream can always do that if it's a permissive license?
1
1
A project having a CLA doesn't imply copyright assignment anyway. For example, cla.developers.google.com/about/google-i is just an explicit license and patent grant.
Most of their open source projects use Apache 2 so it usually does little more than making the terms more formal and explicit.
1
While I don't disagree, it doesn't seem to answer any part of my question..
1
1
I'm trying to say that there are many reasons for using a CLA besides combining a copyleft license with copyright assignment. I don't think that's even a particularly common approach overall. Google, Microsoft, etc. avoid copyleft in the first place and aren't trying to do that.
1
For example, opensource.microsoft.com/pdf/microsoft- is the same thing as Google's agreement: an explicit permissive license grant (their projects all use permissive licenses anyway) and a scoped patent grant. It's a bit more fair with Google due to them using Apache 2 though.
1
It makes very little sense to ask for copyright assignment if an extremely permissive license like MIT is used. In fact, asking for copyright assignment and then licensing it as Apache 2 would result in the project owner giving away patent licenses for code contributed by others.
1
The author of the post states they wouldn't sign Apache's CLA due to explicitly granting a permissive license but yet they are using MIT licensing for their own projects and the Apache projects are similarly permissively licensed in the first place. I don't understand the point.
1
A good example of why companies do this are the people claiming they are revoking the licenses for their Linux kernel contributions due to the addition of the Code of Conduct. Google's CLA is pretty much just an explicit agreement to something resembling the Apache 2 license.
1
Google's CLA means that if Sony contributes codec code to AOSP they have granted a patent license to downstream users of the code like myself even if the files involved were marked as BSD / MIT licensed. It's a good thing to handle it like that as far as I'm concerned.