Why Your Project Doesn't Need a Contributor Licensing Agreement

Get the latest update on our Vizio court case

●News

Press Releases

Press

Blog

Vizio Lawsuit in the News

Our Issues in the News

●About

Sustainers

Board of Directors

Staff

Evaluation Committee

Outside Counsel, et alia

Transparency

Contact

●Our Work

Copyleft Compliance

We defend and uphold the rights of software users and consumers under copyleft licenses.

Impact Litigation

We defend the legal rights of software users. Learn the details, status, and stakes of our court cases.

Give Up GitHub

We urge FOSS Developers to Give Up GitHub! Learn why.

Outreachy

We offer internships for anyone who faces underrepresentation, systemic bias, or discrimination in the tech industry.

FOSSY

Our annual community-oriented conference focused on the creation and impact of free and open source software. ●Tools

Member Projects

We provide non-profit infrastructure and services to our members creating Free/Libre and Open Source Software.

Use The Source

Our tool for evaluating the source code candidates companies must provide for GPLed software.

OpenWrt One

We designed and built the first ever wireless Internet router designed with software freedom and right to repair in mind. ●Learn

The Corresponding Source

A bi-weekly oggcast about legal, policy, and many other issues in the Free, Libre, and Open Source Software (FLOSS) world.

Glossary of Terms

A list of terms you might be unfamiliar with but occur frequently in our work.

FAQ About the Vizio Lawsuit

Your most frequently asked questions about the Vizio lawsuit, answered in one place. ● Donate

●News

Press Releases

Press

Blog

Vizio Lawsuit in the News

Our Issues in the News

●About

Sustainers

Board of Directors

Staff

Evaluation Committee

Outside Counsel, et alia

Transparency

Contact

●Our Work

Copyleft Compliance

We defend and uphold the rights of software users and consumers under copyleft licenses.

Impact Litigation

We defend the legal rights of software users. Learn the details, status, and stakes of our court cases.

Give Up GitHub

We urge FOSS Developers to Give Up GitHub! Learn why.

Outreachy

We offer internships for anyone who faces underrepresentation, systemic bias, or discrimination in the tech industry.

FOSSY

Our annual community-oriented conference focused on the creation and impact of free and open source software. ●Tools

Member Projects

We provide non-profit infrastructure and services to our members creating Free/Libre and Open Source Software.

Use The Source

Our tool for evaluating the source code candidates companies must provide for GPLed software.

OpenWrt One

We designed and built the first ever wireless Internet router designed with software freedom and right to repair in mind. ●Learn

The Corresponding Source

A bi-weekly oggcast about legal, policy, and many other issues in the Free, Libre, and Open Source Software (FLOSS) world.

Glossary of Terms

A list of terms you might be unfamiliar with but occur frequently in our work.

FAQ About the Vizio Lawsuit

Your most frequently asked questions about the Vizio lawsuit, answered in one place. ●Donate Thanks to so many donors, we met our largest match donation ever of $211,939. Two generous anonymous donors have provided another $40,012ofadditional matching funds. Give now to help us reach this stretch goal! For only 4 more days, the next $13,079offinancial support we receive will be matched! $26,933 matched! $13,079 to go! $211,927 fully matched! Home / News / Blog

Why Your Project Doesn't Need a Contributor Licensing Agreement

byBradley M. Kühn on June 9, 2014 For nearly a decade, a battle has raged between two distinct camps regarding something called Contributor Licensing Agreements (CLAs). In my personal capacity, I've written extensively on the issue. This article below is a summary on the basics of why CLA's aren't necessary, and on Conservancy's typical recommendations to its projects regarding the issue. In the most general sense, a CLA is a formal legal contract between a contributor to a FLOSS project and the “project” itself⁰. Ostensibly, this agreement seeks to assure the project, and/or its governing legal entity, has the appropriate permissions to incorporate contributed patches, changes, and/or improvements to the software and then distribute the resulting larger work. In practice, most CLAs in use today are (at best) overkill for that purpose. CLAs simply shift legal blame for any patent infringement, copyright infringement, or other bad acts from the project (or its legal entity) back onto its contributors. Meanwhile, since vetting every contribution for copyright and/or patent infringement is time-consuming and expensive, no existing organization actually does that work. Thus, no one knows (in the general case) if the contributors' assurances in the CLA are valid. Indeed, since it's so difficult to determine if a given work of software infringes a patent, it's highly likely that any contributor submitting a patent-infringing patch did so inadvertently and without any knowledge that the patent even existed — even regarding patents controlled by their own company¹. The undeniable benefit to CLAs relates to contributions from for-profit companies who likely do hold patents that read on the software. It's useful to receive from such companies (whenever possible) a patent license for any patents exercised in making, using or selling the FLOSS containing that company's contributions. I agree that such an assurance is nice to have, and I might consider supporting CLAs if there was no other cost associated with using them. However, maintenance of CLA-assent records requires massive administrative overhead. More importantly, CLAs require the first interaction between a FLOSS project and a new contributor to involve a complex legal negotiation and a formal legal agreement. CLAs twist the empowering, community-oriented, enjoyable experience of FLOSS contribution into an annoying exercise in pointless bureaucracy, which (if handled properly) requires a business-like, grating haggle between necessarily adverse parties. And, that's the best possible outcome. Admittedly, few contributors actually bother to negotiate about the CLA. CLAs frankly rely on our “Don't Read & Click ‘Agree’” culture — thereby tricking contributors into bearing legal risk. FLOSS project leaders shouldn't rely on “gotcha” fine print like car salespeople. Thus, I encourage those considering a CLA to look past the “nice assurances we'd like to have — all things being equal” and focus on the “what legal assurances our FLOSS project actually needs to assure its thrives”. We at Conservancy have spent years doing that analysis; we concluded quite simply: in this regard, all a project and its legal home actually need is a clear statement and/or assent from the contributor that they offer the contribution under the project's known FLOSS license. Long ago, the now famous Open Source lawyer Richard Fontana dubbed this legal policy with the name “inbound=outbound”. It's a powerful concept that shows clearly the redundancy of CLAs. Most importantly, “inbound=outbound” makes a strong and correct statement about the FLOSS license the project chooses. FLOSS licenses must contain all the legal terms that are necessary for a project to thrive. If the project is unwilling to accept (inbound) contribution of code under the terms of the license it chose, that's a clear indication that the project's (outbound) license has serious deficiencies that require immediate remedy. This is precisely why Conservancy advises² that our projects select a FLOSS license with a strong patent clause, such as the GPLv3 or the Apache License, Version 2.0. With a license like those, Conservancy believes that CLAs are unnecessary. Meanwhile, the issue of requesting the contributors' assent to the projects' license is orthogonal to the issue of CLAs. Conservancy does encourage use of clear systems (either formal or informal) for that purpose. One popular option is called the Developer Certificate of Origin (DCO). Originally designed for the Linux project and published by the OSDL under the CC-By-SA license, the DCO is a mechanism to assure contributors have confirmed their right to license their contribution under the project's license. Typically, developers indicate their agreement to the DCO with a specially-formed tag in their DVCS commit log. Conservancy's Evergreen, phpMyAdmin, and Samba projects all use modified versions of the DCO. Conservancy's Selenium project uses a license assent mechanism somewhat closer to a formal CLA. In this method, the contributors must complete a special online form wherein they formally assent to the license of the project. The project keeps careful records of all assents separately from the code repository itself. This mechanism is a bit heavy-weight, but ultimately simply formally implements the same inbound=outbound concept. However, most Conservancy projects use the same time-honored and successful mechanism used throughout the 35 year history of the Free Software community. Simply, they publish clearly in their developer documentation and/or other key places (such as mailing list subscription notices) that submissions using the normal means to contribute to the project — such as patches to the mailing list or pull and merge requests — indicate the contributors' assent for inclusion of that software in the canonical version under the project's license. Ultimately, CLAs are much ado about nothing. Lawyers are trained to zealously represent their clients, and as such they often seek to an outcome that maximizes leverage of clients' legal rights, but they typically ignore the other important benefits that are outside of their profession. The most ardent supporters of CLAs have yet to experience first-hand the arduous daily work required to manage a queue of incoming FLOSS contributions. Those of us who have done the latter easily see that avoiding additional barriers to entry is paramount. While a beautifully crafted CLA — jam-packed with legalese that artfully shifts all the blame off to the contributors — may make some corporate attorneys smile, but I've never seen such bring anything but a frown and a sigh from FLOSS developers.

⁰Only rarely does an unincorporated, unaffiliated project request CLAs. Typically, CLAs name a corporate entity — a non-profit charity (like Conservancy), a trade association (like OpenStack Foundation), or a for-profit company, as its ultimate beneficiary. On rare occasions, the beneficiary of a CLA is a single individual developer. ¹I've yet to meet any FLOSS developer who has read their own employer's entire patent portfolio. ²Conservancy doesn't mandate any specific Open Source and Free Software license for our projects. That's just not our style. Any license that appears as both an Open Source license on the OSI-approved list and as a Free Software license on FSF's license list is good enough for Conservancy. [permalink] Tags: conservancy, GPL, CLA Please email any comments on this entry to info@sfconservancy.org. Other Conservancy Blog entries…

See all blog posts…

Blog Index by Year

●2026 ●2025 ●2024 ●2023 ●2022 ●2021 ●2020 ●2019 ●2018 ●2017 ●2016 ●2015 ●2014 ●2013 ●2012 ●2011 ●2010

Blogs by Tag

●conservancy ●GPL ●supporter ●licensing ●conferences ●law ●events ●software freedom for everyone ●Member Projects ●Outreachy ●FOSS Sustainability ●diversity ●resources ●Copyleft Conf ●ContractPatch ●Filings ●Godot ●Reproducible Builds ●Year In Review 2016 ●fundraiser ●CLA ●Wine ●Year In Review 2015 ●Kallithea ●QEMU ●Selenium ●Google Summer of Code ●Homebrew ●inkscape ●patent ●security ●Clojars ●Git ●Hackfests ●Racket ●cyborg ●phpMyAdmin ●pypy ●volunteer ●Accounting ●LibreHealth ●Shotwell ●inclusion ●jQuery ●microblocks ●sourceware

Blogs by Author

●Vladimir Bejdo ●Kate Chapman ●Pamela Chestek ●Denver Gingerich ●Bradley M. Kühn and Denver Gingerich ●Will Hawkins ●Fred Jennings ●Deb and Karen ●Jeff King ●Bradley M. Kühn ●Conservancy + Bro LT ●Christine Lemmer-Webber ●Deb Nicholson ●Sourceware PLC ●Rick Sanders ●Bradley M. Kühn and Karen M. Sandler ●Karen Sandler ●Tony Sebro ●Sage A. Sharp ●Brett Smith ●Conservancy's Staff ●Daniel Takamori ●Outreachy Team ●Marina Zhurakhinskaya ●Molly deBlanc ●Main Page ●Contact ●Sponsors ●RSS Feed ● Software Freedom Conservancy is a 501(c)(3) non-profit charity. Privacy Policy last updated 22 December 2020. This page and its contents are licensed under a Creative Commons Attribution-Share Alike 4.0 International License.