ESF Individual Contributor License Agreement



  • Ref: https://www.pfsense.org/ESF_Individual_Contributor_License_Agreement.pdf
    I had looked at this when it was mentioned in the forum, then all this pfsense-tools stuff happened and I decided not to bother with it unless asked. Initially I thought, what the heck, may as well just sign one, this is a great project and the legal stuff will just be rubber-stamps to cover the bases. My "employer" (volunteer agency) has already approved its IT guys contributing to Open-Source projects. Now many feel the legal stuff matters!
    In many other Open-Source projects, the project is co-ordinated by a non-profit foundation. And I guess contributors sign an agreement to contribute their code/documentation… to the foundation, and the foundation publishes it under whatever open-source license scheme they are using.
    In the pfSense and ESF case, there is no non-profit entity. We are being asked to sign over to ESF the (non-exclusive) right for them to use our submitted code. I guess that is the case anyway with the non-profit foundations - the submitted code is published and then can be used by others for profit.
    Can ESF please give:
    a) Some examples of other for-profit companies that are closely associated with Open-Source projects and have a similar contributor license agreement.
    b) What will be the ESF policy on requiring the agreement - does every person who makes a pull request on x, y, z repo have to have an agreement in place before the pull request will be committed? or?
    Thanks



  • Hi Phil

    a) Some examples of other for-profit companies that are closely associated with Open-Source projects and have a similar contributor license agreement.

    I can only point you to the CLA that the for-profit Joyent (node.js, SmartOS) has set up for SmartOS: https://download.joyent.com/pub/cla_smartos.pdf
    SmartOS itself is released under the CDDL license, which is also an OSI-approved open source license.

    I'm not a lawyer nor have I compared every sentence, word or interpunction, but the part about terms looks very very close, if not even almost 1:1 same as the SmartOS CLA. Comparing it to the Sun Contributor Agreement (OpenSolaris) they both don't contain ownership transfer if your jurisdiction allows that (US seems to know that concept, a lot of EU countries don't alow copyright ownership transfer). (This way Oracle could basically close back OpenSolaris while not being required to mention contributors since they got ownership on external code through the SCA). Even Fedora, being backed by the for-profit Red Hat, Inc. has a not-so different CLA: https://fedoraproject.org/wiki/Legal:Licenses/CLA?rd=Legal/Licenses/CLA

    Let's get the ESF guys some sleep and time to get out with the correct statements. I hope it doesn't shy away the right contributors, and while I am personally not that excited
    about a CLA, I do see why sometimes it becomes important. - Especially the parts on patents when it comes to ESF being a US company where patent trolls are doing a lot of damage.



  • I think the CLA is ok. It offers protections to the project. I wouldn't lump it in with any of the other changes going on. It is rather standard looking. I read through a bunch of other ones before I signed this one.



  • it was intended to be friendly, while maintaining the ability of the project to not be subject to an attack by a contributor.


Log in to reply