[thisislife2]

Note that they can't "take it away" completely. The AGPL ensures that the community AGPL licensed code will always have to be open source, and that anybody else can use it too. So a developer who has contributed to an AGPL codebase cannot be denied access to it. Due to the AGPL license, any code will always be open source and thus the CLA cannot claim exclusivity over the contributed code and prevent its (re)use by the developer in any manner.

The only concern then is ethical - will the developer be monetarily compensated if the product makes money? I believe they should be. Other open source developers may disagree.

Note also that for a commercial open source project, a CLA can offer some legal protection - by signing a CLA a developer declares that they own the copyright on the code, which reduces the liability of the commercial venture behind the open source product if someone contributes "pirated" code.

[trueismywork]

You don't need CLA for legal protection, Developer certificate of origin is enough. https://en.m.wikipedia.org/wiki/Developer_Certificate_of_Ori...

[quectophoton]

Is this actually legally binding? What would be the difference w.r.t. informed consent, between DCOs and the "I have read and accept the terms and conditions" checkboxes from most websites?

It also gives me similar vibes to the Do-Not-Track HTTP header since both can be enabled by default.

[thyristan]

DCO is something like "Signed-of-by: me myself <me@example.com>" you have to actively add to your contributions, which is usually a conscious and willful act that is far more complex than blindly ticking a box (or even leaving a pre-ticked box ticked). Since that bar is higher, I think the legal weight should be higher.

CLA-Assistant is also similarly simple to fill out, so that can't be the difference there...

[johnny22]

The linux kernel relies upon one, so I can't imagine it wouldn't be.

[philippemnoel]

We've looked into the DCO before. It turns out CLAs are more common and easier to deal with, thanks to a tool like cla-assistant.io. We ended up opting for it for the sake of simplicity.

[saul-paterson]

It's not a good argument, smoking was once very common and still is common in many parts of the world.

https://drewdevault.com/2018/10/05/Dont-sign-a-CLA.html

[notpushkin]

You can use DCO legal text with CLA Assistant though!

[the_mitsuhiko]

> The AGPL ensures that the community AGPL licensed code will always have to be open source, and that anybody else can use it too.

That's true in the sense that there will always be an AGPL version, but it's not true that "anybody else" can use it to. In many situations you need to acquire a non AGPL license from the original copyright holder to be legally able to use the software in certain environments. That's why CLAs are important so that there is always a copyright holder that can give you a non AGPL version.

[thisislife2]

If your business depends on some form of closed-source codebase, than yes, an AGPL codebase will not suit your need. But from an opensource developer perspective it doesn't matter. For example, if you release your source code under the more freer license (like BSD, MIT or Apache), you can indeed close source your code. But so can others. I can use your source code, add more features to it, and close source it. I would be under no obligation to share my code with you, while also having the right to use your code as I please. This is not so with the AGPL. An AGPL + CLA makes this explicit - a developer has to voluntarily give away this right with a CLA. (And this gives developers some additional leverage).

[the_mitsuhiko]

Unless you define Open Source developer as Hobby only licenses matter. I’m an Open Source developer and I want to be able to use software no matter the situation.