www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rezaei, Mohammad A." <Mohammad.Rez...@gs.com>
Subject When is a CCLA/ICLA required for a contributor?
Date Wed, 22 Mar 2017 21:06:53 GMT
Apologies if the answer to the question is obvious. After reading the
documentation on apache.org and searching through this mailing list, I
could not reach a definitive conclusion. I also apologize for the 
length of this inquiry. I had a hard time making it shorter.

Definitions: I'm only interested in a contributor, not a committer. 
In my understanding, a committer is someone who has commit rights to an
Apache hosted/owned repo. Everyone else who would like to affect a 
change in an Apache hosted/owned repo is a contributor.

I realize there are two questions here: 
For a contributor, when is an ICLA required? 
If an ICLA is required, when is a CCLA required?

For the sake of brevity, I'm going to assume that if a contributor is 
required to sign an ICLA, a CCLA would be required if they are employed 
under plain US law and the work is in any way relatable to their 
employer's business. I'd like to concentrate on the first question 
(ICLA) from this point on.

I'm basing my analysis on the following:

(A) on this page: http://www.apache.org/licenses/
the statement "The ASF desires that all contributors of ideas, code, 
or documentation to any Apache projects complete, sign, and submit 
(via fax or email) an Individual Contributor License Agreement (ICLA)"

(B) In the thread "code without an iCLA ..."
http://markmail.org/message/lv6vcnfqvygk2xv3
The consensus appears to be "ICLAs are required for everything 
that is non-trivial." (as explained by Sam Ruby). 

(C) On this page: http://www.apache.org/dev/contributors.html
there is no mention of any ICLA requirement. 

(D) In the thread "Re: Requiring CLAs for all contributions"
http://markmail.org/message/cnbxal5mheof2hmy
Mark Thomas (mar...@apache.org) said:
"I see lots of downsides to that policy and no upsides. 
The issues that concern me: 
- Unnecessary barriers to entry for new contributors 
- Legally unnecessary 
- Creates additional work for the secretary (not much now but if every
    TLP and podling did this it might) 
- Re-enforces the meme an iCLA is required to contribute at Apache 

I'm also don't believe that an iCLA is even desired for all 
contributions. The ALv2 provides all the legal cover we need and desire."

(E) In the thread "Re: FAQ: CCLA Optional?"
http://markmail.org/message/5ch6kvovjow32esk
Henri Yandell (bay...@apache.org) said:
"Committers sign ICLAs, contributors don't (typically - maybe a project
has a reason for requiring contributors to sign ICLAs but I don't recall
it being done)."

(F) on this page: http://apache.org/foundation/how-it-works/legal.html
5 possible paths for incoming code is outlined.
        1) "An existing third party project joining Apache"
              is about projects joining ASF, so not relevant
        2) "A large one off code contribution ... One off code donations
              can come in through a software grant". 
              appears to open the door for not requiring an ICLA, 
              but a software grant.
        3) "Repeated contributions applied directly to the source": for 
              committers, so not relevant.
        4) "Patches contributed via the issue trackers"
              seems to have no ICLA requirement. No size limit 
              is discussed.
        5) "Patches contributed via mailing lists are expected 
              to be simple." 
              No ICLA requirement, but an unspecified size limit.

(G) It also appears that different Apache projects interpret this 
    differently:
    http://flink.apache.org/how-to-contribute.html#submit-a-contributor-license-agreement
      requires an ICLA -- always.

    https://beam.apache.org/contribute/contribution-guide/#potentially-submit-contributor-license-agreement
      "We require you to have an ICLA on file with the Apache Secretary 
      for larger contributions only."


The 3 possible answers for the question of ICLA requirement are analyzed
below:

1) It's always required.
   (A) is strong evidence that ICLA is always required. There is no 
   procedure outlined for a contributor to opt-out of ASF's "desire", 
   rendering it a requirement.

   in (B), the distinction between trivial and non-trivial requires
   advanced degrees in law, philosophy, and information theory; therefore,
   any mere mortal should just sign the ICLA.

2) It depends...
   In (A) the word "desire" is not the same as "require". "Desire" signals
   a possibility to opt-out on the part of the contributor.
   (B), the determining factor being "non-trivial". Parts of (F-5) support this.
   (G) It may also depend on the particular project.

3) It's not required.
   (C), assuming such an important matter would not simply be left off.
   (D),(E)
   (F-4), so long as all the work is contributed via JIRA

Can a clear, simple answer be given to this question? I don't consider
"It depends" to be clear or simple, unless the rules could be enforced 
by a small piece of computer code with no room for interpretation.

Thanks
Moh Rezaei


---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message