Hacker News new | ask | show | jobs
by williamvds 1028 days ago
As soon as I see a CLA I'm turned off even using a piece of FOSS software.

I get it's usually just the lawyers protecting the company just in case a contributor tries something dodgy in the future. Out of principle however, I resent the broad assignment of copyright and granting them the right to relicense.

Of course I expect most of these projects would never exercise that right, but the mere fact that they _could_ take my Free work and make it non-Free is very disturbing.

So I'm simply not going to use it. I'm not going to get invested, then find a problem that I could theoretically submit a patch for. Rather than think of all the users who would benefit from my change, I'll just see it as free work for a megacorp.
4 comments
coldpie 1028 days ago
Just like cookie banners, CLAs are one of those idiot lawyer things where some jackass at a big corp invented the idea to justify their paycheck, and now everyone cargo cults it because they think they need it. 99% of projects do not need a CLA and 99% of websites do not need a cookie banner.
link
Spivak 1028 days ago
I think I would actually flip that for CLAs -- 99% of projects do need a CLA it's just annoying because assignment isn't the assumed default when contributing to other projects. The number of projects where there is more than one owner (be that a person, foundation, or llc) is insignificant. Almost all outside contributions are from people who have no expectations at all over their code and are just scratching their own itch. Plus unless you're a huge project the legal issues are just ignored when it comes to re-licensing.

So maybe you're right but "99% of projects have a CLA in the form of not giving a fuck" is far more accurate.

link
coldpie 1028 days ago
Yeah. I'm saying "not giving a fuck" is the correct solution for 99% of projects. CLAs are a solution in search of a problem.
link
stanleydrew 1028 days ago
This isn't a good analogy. Copyright is a real thing, and getting explicit consent from your contributors to use their copyrighted material is an important defensive measure.
link
coldpie 1028 days ago
Defensive against what? Can you provide some examples of a real-world (not hypothetical) problem that a CLA would have solved?
link
saulpw 1028 days ago
I have a CAA on my GPL project so that I have the right to start releasing it as MIT, that is, more Free. Also so I can dual-license it to a corporation and make a modicum of money from the software that is 98% my work. I absolutely never intend to make future versions non-free (and I don't even have the right to make already released versions non-free). Do you find this disturbing?
link
bkor 1028 days ago
> I have a CAA on my GPL project so that I have the right to start releasing it as MIT, that is, more Free.

That really depends on the CAA. It might allow way more. The text might be (legally) not applicable or have flaws, etc.

> Do you find this disturbing?

It is a barrier to contribute. I would not even bother trying to contribute.

Your statements here are already a bit conflicting to me. You partly might want to monetize the software. You partly might want to release it as MIT. I don't see how you'd still have a means to monetize if you'd release it as MIT. Feels like you want to keep all options open.

That all said, hey, you developed it, so cool if you'd listen to people with different opinions but I'd likely not need your software anyway I guess. Further, loads of non-CAA pure GPL software never receive any contributions. It takes quite a bit of effort to be noticed and get contributions.

FYI: If I reread above parts might come across as harsh but none is meant that way.

link
saulpw 1028 days ago
> Feels like you want to keep all options open.

Yeah, I've put 7 years and thousands of hours into it. I do want to keep my options open!

> loads of non-CAA pure GPL software never receive any contributions.

Yup, for several years before I had a CAA I received almost no contributions, except from people I had a direct personal relationship with. The CAA hasn't deterred people, in fact if you look at the timeline, I've gotten more contributors since I've put the CAA into place. (I'm sure it's not cause and effect, but still.)

> It is a barrier to contribute. I would not even bother trying to contribute.

I used to think that I would want any and all contributions to my project. But I've learned over time that, except for trivial changes, a PR from a new contributor is more effort than it's worth, by itself. I mean I can write code, and I do--lots of it. The real value in contributing is everything else: documentation, bugfixing, sincere attention on the problem. So I realized that I'm looking for repeat contributors, the ones who are going to invest in the project, and become active community members, maybe even maintainers. And the low-effort drive-by contributors who would be deterred by e.g. a CAA were never the contributors that were going to move the needle anyway.

In fact, and please correct me if I'm wrong, based on your general tone above, I'm guessing that you've never been an active contributor to any open source project, CLA/CAA or not. In which case, I consider the CAA to have been effective: you can feel self-righteous and I avoid the hassle.

link
Spivak 1028 days ago
> It is a barrier to contribute.

Most CLAs are a bot on the MR where you click sign, type your name, and it's done. If you don't really care about your code ownership then it's barely a speed bump compared to the rest of getting a PR merged.

link
remram 1028 days ago
You seem to have a single line at the bottom of your CONTRIBUTING.md stating that contributors assign copyright to you. I doubt that this is worth anything legally. You have probably received and merged many contributions whose author didn't have the right to assign it to you, and having put no effort in checking that, you would probably be the one found in the wrong.

https://github.com/saulpw/visidata/blob/develop/CONTRIBUTING...

Also take a look at GitHub's ToS, which explicitly states that "inbound=outbound" is the default. I don't think you can expect people to hunt down your little notice when there is a site-wide default. https://docs.github.com/en/site-policy/github-terms/github-t...

link
saulpw 1028 days ago
If you submit a PR of more than 3 lines changed, a bot asks you to e-sign the CAA before it can be merged.
link
remram 1028 days ago
I didn't see that on any PR when I took a look, that's probably much safer.

As someone who has been turned off by many CLAs before, I find yours [1] pretty clear and straightforward.

[1]: https://cla-assistant.io/saulpw/visidata

link
mook 1028 days ago
You'll probably never do things the people who contributed won't agree with. But someday you'll pass away, and the people who end up with your estate might not care about the intricacies of software and sell it off for cheap to somebody who'd rather do anything to get a return in investment.

Even if the CLA somehow said you could only relicense to MIT, they could simply do that without releasing anything, and immediately take it and use it in proprietary things :)

link
williamvds 1028 days ago
I respect your intentions, and if the CLA is truly restricted to relicensing as MIT or dual-licensing, I'd be more willing to use it.

I would hightlight that the dual licensing in particula introduces the issue of sharing any profits with other maintainers, if there are several. Personally if I'm submitting minor patches I would not bring this up, but it deter people from wanting to be more actively involved.

Depends on the size and scope of your project, I guess.

link
tpoacher 1025 days ago
indeed you could argue that a CLA makes it non-FOSS, since the idea is to restrict your freedoms and the degree of openness in the first place
link
bmitc 1028 days ago
Why? It's their project. If you're concerned, you can fork the project.
link