ntop / n2n

Peer-to-peer VPN
GNU General Public License v3.0
6.31k stars 946 forks source link

Please clarify the intent and details of the Contributor License Agreement #1156

Open hamishcoleman opened 1 year ago

hamishcoleman commented 1 year ago

I was quite surprised yesterday to discover that there appears to have been an addition of a contributor license agreement expectation for contributions to this project.

As I have not heard anything about this previously, I do not know what the intent is, nor do I know what the actual details of the implementation are (as a non lawyer, I need someone to explain the legalese represented in the CLA document)

I am concerned that the addition of a CLA (to any project) is a step towards having the license and conditions of my contributions changed without my say or support. It definitely dilutes the open source nature of the project and is a change with a chilling effect.

lucaderi commented 1 year ago

As described in the CLA (taken from Apache) a CLA protects ntop and n2n users while not changing your rights to use your own Contributions for any other purpose. In essence

Hope this clarifies the idea

hamishcoleman commented 1 year ago

I am concerned that the use of a CLA is an instrument to bypass my original intent when I contribute under an open source licence as it appears that it could give ntop a way to sublicence.

I'm unsure as to how the addition of the CLA is in any way beneficial to me and my rights - it appears to be weighted towards protecting ntop and the ntop commercial interests.

Can you explain why this was added and what value it has for me as a contributor? Especially since it has a clear negative impact on my desire to volunteer my time and effort.

hamishcoleman commented 1 year ago

@lucaderi , I was hoping that you would be able to explain the reasoning behind the sudden addition of this CLA. It would be good if you could try and sell the volunteers on the idea that it is worth adding to this project.

I personally dont want to suddenly find out that by signing a CLA, I am allowing my contributions to be reused in a way that I did not intend - which seems to be a common feature of CLAs.

Logan007 commented 10 months ago

I appreciate the effort to ensure the project's legal clarity but do not understand the importance of having contributors fill out and sign a Contributor License Agreement (CLA).

It is actually more like I have some strong reservations about signing the CLA as it seems to introduce terms that may differ from the original open-source license (GPL3.0) under which I initially contributed.

Furthermore, I am not able to give up pseudonomity.

Does that mean that I cannot contribute to n2n anymore?

hamishcoleman commented 8 months ago

In another ticket, lucaderi said:

@hamishcoleman Said that you are free to do what you like, the CLA protects contributors and developers that the code that is incorporated in n2n is original, is not copied violating the original coder's license, and that it is patent-free so users should not be concerned when using it. If making a fork for circumventing all this means more freedom to you, I have a different opinion.

Hi @lucaderi, I am still interested in getting some engagement on the conversation started above in October as I wanted to discuss it in more detail. In over four months, I have only had the one short message from you on it. So, I was very surprised to get a reply from you in my n3n announcement ticket (#1171) within 30 minutes.

The n2n project appears to be very close to abandon-ware as far as the ntop corporation is concerned - all the work done in the last three years was done by volunteers. From some conversations, my feeling is that these volunteers are all opposed to this CLA.

Personally - since I am volunteering my work on an open source basis - I am concerned about the history that CLA's have of subverting the spirit of the original contributions.

Of particular interest to me:

lucktu commented 6 months ago

As described in the CLA (taken from Apache) a CLA protects ntop and n2n users while not changing your rights to use your own Contributions for any other purpose. In essence

  • (article 6 and 8) it guarantees that contributions are original, and if you have taken third-party code this can be included in the project
  • (article 7) you are not responsible for your code contributions

Hope this clarifies the idea

It is recommended that the CLA agreement be revoked (or use dco instead), otherwise, the project could be lost to the sea unless the owner develops it himself.