Proposal: Use and Require CLA for QA Devel Project Contributions

Tim Flink tflink at
Thu May 22 17:50:10 UTC 2014

On Wed, 21 May 2014 08:16:15 +1000
Dan Callaghan <dcallagh at> wrote:

> Just some food for thought... You might consider adopting a
> "Developer Certificate of Origin" (with agreement indicated by a
> Signed-off-by footer in git commit messages) like the Linux kernel,
> rather than a CLA. A good summary here:

I hadn't heard of that before, thanks for the link.

> The wording of the Linux DCO doesn't give permission to re-license
> but if new code is contributed under GPLv2+ it seems like that should
> give you enough leeway to deal with the GPLv3-only stuff.

From what I've been reading, DCO may not be so legally enforceable for
similar reasons why CLAs can be a mess. They do have a good trail of
who did what when to remove problematic code if something does come up,

> It also has the advantage of avoiding the dread "CLA" phrase which in 
> many people's minds conjures up unpleasant images of copyright 
> assignment and proprietary re-licensing.

Yeah, my statement about not trying to do anything sneaky was an
attempt to acknowledge that. After reading a bunch of the stuff linked
in the comments on that lwn article, I'm convinced that CLAs pretty
much always have the potential for sneaky-ness and even if they don't,
it's overhead and un-levels the playing field between the
organization/group requiring CLAs and the contributors who sign them.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <>

More information about the qa-devel mailing list