Corporate Contributors License Agreement

  • I saw the blog post ( in July saying that pfSense was moving to the Apache License 2.0. I think the Apache license is good and applaud ESF in going in that direction. I'm wondering if the same standard will ever be applied to the Corporate Contributors License Agreement (CLA). The pfSense one is nearly the same as the Apache one now with a few exceptions.

    The specific wording our legal counsel says we should not agree to is this:
    "You agree to hold harmless, indemnify, and defend ESF from any and all claims and causes of action (including for costs and attorneys’ fees) that may be asserted against ESF and that arise from or are related to Your Contributions, including but not limited to claims or causes of action for infringement of third party rights, the combination of Your Contributions with the Work, etc."

    That text is not in the Apache CLA. Of course we have no intention of submitting any contributions that would infringe on anyone else's rights, but our lawyer says we should not agree to pay all legal fees for ESF should a dispute arise.

    Is there a chance the ESF folks would be willing to adhere to a CLA that more-closely resembles the Apache one found here: We've developed a package that monitors DHCP leases and/or ARP tables to find previously-unknown devices, nmap them, and notify someone if a new "rogue" device is found. We'd love to release it to the rest of the world.