search

anvilresearch / connect

A modern authorization server built to authenticate your users and protect your APIs
http://anvil.io
MIT License
363 stars 86 forks source link

Contributors License Agreement #67

Open christiansmith opened 9 years ago

christiansmith commented 9 years ago

As open source software used within commercial organizations, Anvil Connect may in some cases be subject to legal scrutiny over intellectual property and licensing requirements. We want this code to be easy to adopt and deployed in production as widely as possible. That's why Anvil Connect is MIT licensed. The question has arisen over whether or not employing a Contributors Agreement, or Contributors License Agreement (CLA), has merit for this project.

The purpose of a CLA is to ensure that the guardian of a project's outputs has the necessary ownership or grants of rights over all contributions to allow them to distribute under the chosen licence. In some cases this will mean that the contributor will assign the copyright in all contributions to the project owner; in other cases, they will grant an irrevocable licence to allow the project maintainer to use the contribution. CLAs also have roles in raising awareness of IPR issues within a project. _– Contributors Licence Agreement, Wikipedia_

If we do eventually choose to require a CLA, Project Harmony provides agreement templates and explanations worth considering.

We also want the project to attract a group of active contributors. This type of agreement adds a bit of friction for developers who want to give back. So before we commit to using one, we'd like to hear from existing users, contributors and other friends of the project.

Please share your thoughts, questions, and anything else that matters to you. Thanks in advance!

dazzaji commented 9 years ago

Hi Christian,

Any progress on this issue? Just heard your interview on The Web Platform Podcast - nice one!

Personally, I'd be fine either way but all things being equal it's probably a good idea to have a contributor agreement to firm up the legal foundations of Anvil's open source-ness.

adi-ads commented 9 years ago

Believe the consensus is anyone can contribute without the need of signing a CLA for now and will add CLA in the future if required.

The project is under MIT license nonetheless.

christiansmith commented 9 years ago

@dazzaji glad you liked the podcast!

I don't have a strong opinion on CLAs. There are many good arguments both in favor and against them. They seem to be unpopular with many developers these days. On the other hand, I can see large enterprise users wanting assurances there is no GPL-type code copied and pasted in.

@adi-ads is correct. I would add that code reviews on pull requests are going to become increasingly important and can serve to mitigate at least some of the concerns for the time being.

Eventually I'd like to get some legal advice on this issue, keeping in mind that lawyers are biased in favor of paying their mortgages :)

Until then, everyone please continue to weigh in. It's very helpful to get a read on what people want. Thanks again!

bnb commented 9 years ago

I've discussed it briefly with you, @christiansmith, but others might be interested in it as well.

I've been a member of several of the io.js/Node Foundation Working Groups, and they have adopted something called an open governance model. Basically, people are free to submit whatever they want, which will be evaluated and merged or rejected. If someone demonstrates a dedication to the project (WG, in my case), they are added as a contributor and given commit access.

A very common view is that this is a huge risk, they could throw the code down the shitter, and so on. Surprisingly enough, people that get involved at this level are amazing people, They are completely responsible, kind, thoughtful people, and there's a level of trust that builds an extremely strong community.

Some of the documents that support this model: nodejs/io.js/COLLABORATOR_GUIDE.md nodejs/io.js/CONTRIBUTING.md nodejs/io.js/GOVERNANCE.md nodejs/io.js/WORKING_GROUPS.md

Cynfusion commented 9 years ago

Cyn here, hi to everyone I've not met yet!

Open Governance is similar to other community development models I've implemented, and they generally work quite well until you have to scale.

There's an interesting (and brief) article on OS governance we might want to review: http://oss-watch.ac.uk/resources/governancemodels The most pertinent point is that whatever model you chose, if you implement a governance model early on it gives new and potential contributors a clear pathway to start adding to the project without a ton of other interaction.

Having an idea of what we want is a good idea. Then we can start the conversation sooner rather than later as we move forward. At this small stage we don't want to overload ourselves with reviews and etc, but the philosophy can still exist and grow with us.

christiansmith commented 9 years ago

@bnb + @Cynfusion these are excellent things to take into consideration. Thanks.

adalinesimonian commented 9 years ago

If we ever go along the route of creating a CLA, I would recommend using something like https://github.com/datastax/cla-enforcer which would simplify the process of checking whether or not anyone has signed it and guiding them through the process.