[yjftsjthsd-h]

> Although many people criticize RustFS, suggesting its CLA might be "bait," I don't think such a requirement is excessive for open source software, as it helps mitigate their own legal risks.

What legal risks does it help mitigate?

[everfrustrated]

RustFS has rug-pull written all over it. You can bookmark this comment for the future. 100% guaranteed it will happen. Only question is when.

[elvinagy]

I’m Elvin from the RustFS team in the U.S. Thanks for pointing out the issues with our initial CLA. We realized the original wording was overreaching and created a lot of distrust about the project's future.

We’ve officially updated the CLA to a standard License Grant model. Under these new terms, you retain full ownership of your contributions, and only grant us a non-exclusive license to use them. You can check the updated CLA here: https://github.com/rustfs/rustfs/blob/main/CLA.md.

More importantly, the RustFS team is officially pledging to keep our core repository permanently open-source. We are committed to an open-core engine for the long term, not a "bait and switch."

[yourpassword1]

It is better, but FYI for context:

  Subject to the terms and conditions of this Agreement, You hereby grant to RustFS and to recipients of software distributed by RustFS a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Your Contributions and such derivative works under any license, including proprietary or commercial licenses and open-source licenses, at RustFS's sole discretion.

[victormy]

Lol, maybe you should fund the RustFS team yourself or sponsor a top-tier legal team for them. If you can help them rewrite their CLAs and guarantee they'll never face any IP risks down the road, then sure, you're 100% right.

[everfrustrated]

Interesting that all your comments are shilling for RustFS

[victormy]

Fair point on the frequency of my comments, but there’s a nuance to the CLA discussion. Even with Apache 2.0, many major projects (like those under the CNCF or Apache Foundation) require a CLA to ensure the project has the legal right to distribute the code indefinitely.

My focus on the CLA is about building a solid foundation for RustFS so it doesn't face the licensing "re-branding" drama we've seen with other storage projects recently. It’s about long-term stability for the community, not just a marketing ploy.

[yjftsjthsd-h]

And again - what IP risk does a CLA solve, that a DCO wouldn't? Like, IANAL so I certainly could be missing something, but I'd like to hear what it might be.

[victormy]

I’m also maintaining an open-source project and have spent significant time drafting our CLA, so I completely understand the concerns surrounding them.

While DCO is excellent for tracking provenance, we opted for a CLA primarily to address explicit patent grants and sublicensing rights—areas where a standard DCO often lacks the comprehensive legal coverage that a formal agreement provides.

It’s a common and sustainable practice in the industry to keep the core code open-source while developing enterprise features. Without a solid CLA in place, a project faces massive legal hurdles later on—whether that’s for future commercialization or even the eventual donation of the project to an open-source foundation like the CNCF or Apache Foundation. We're just trying to ensure long-term legal clarity for everyone involved.