Proposal: Use and Require CLA for QA Devel Project Contributions
Tim Flink
tflink at redhat.com
Thu May 22 17:50:10 UTC 2014
On Wed, 21 May 2014 08:16:15 +1000
Dan Callaghan <dcallagh at redhat.com> wrote:
> Just some food for thought... You might consider adopting a
> "Developer Certificate of Origin" (with agreement indicated by a
> Signed-off-by footer in git commit messages) like the Linux kernel,
> rather than a CLA. A good summary here:
>
> http://lwn.net/Articles/592503/
I hadn't heard of that before, thanks for the link.
> The wording of the Linux DCO doesn't give permission to re-license
> but if new code is contributed under GPLv2+ it seems like that should
> give you enough leeway to deal with the GPLv3-only stuff.
From what I've been reading, DCO may not be so legally enforceable for
similar reasons why CLAs can be a mess. They do have a good trail of
who did what when to remove problematic code if something does come up,
though.
> It also has the advantage of avoiding the dread "CLA" phrase which in
> many people's minds conjures up unpleasant images of copyright
> assignment and proprietary re-licensing.
Yeah, my statement about not trying to do anything sneaky was an
attempt to acknowledge that. After reading a bunch of the stuff linked
in the comments on that lwn article, I'm convinced that CLAs pretty
much always have the potential for sneaky-ness and even if they don't,
it's overhead and un-levels the playing field between the
organization/group requiring CLAs and the contributors who sign them.
Tim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/qa-devel/attachments/20140522/f37bfe58/attachment.sig>
More information about the qa-devel
mailing list