Open Stack

On Wed, 2014-04-23 at 07:03 +0000, Radcliffe, Mark wrote:
>  
>  
> -----Original Message-----
> From: Mark McLoughlin [mailto:markmc at redhat.com] 
> Sent: Tuesday, April 22, 2014 11:10 PM
> To: Radcliffe, Mark
> Cc: Tom Fifield; Stefano Maffulli; legal-discuss at lists.openstack.org
> Subject: Re: [legal-discuss] Trivial contributions and CLAs
>  
> On Wed, 2014-04-23 at 00:22 +0000, Radcliffe, Mark wrote:
> > Mark:
> > 
> > I don't understand your first comment.   The OpenStack Foundation
> has
> > adopted the Apache model. The Apache Software Foundation uses a CLA 
> > for all of its projects.  The OpenStack LLC also used a CLA.  The
> CLA 
> > has been used as long as OpenStack has been a project.  Moreover,
> the 
> > form of the  CLA is hardwired into the Bylaws of the Foundation.
>  
> ≫You said "all projects require a license to the code". In our case,
> the OpenStack Foundation requires a license to the code which allows
> us to redistribute the ≫code under the terms of the Apache License.
> That does not explain why the OpenStack Foundation requires the code
> to be submitted under the terms of ≫the CLA rather than under the
> terms of the Apache License.
>  
> ≫Yes, the Apache Foundation uses a CLA and yes we currently follow a
> similar model. That doesn't mean its use is justified.
>  
> Although I am happy to continue this conversation at a philosophical
> level, I think that we need to be aware that the Foundation made this
> choice when it was formed and "hardwired" the decision in the Bylaws.

Yes, and there are a number of other decisions hardwired into the bylaws
which we are re-evaluating now. I understand that a change to this
policy requires a bylaws change.

>  As currently drafted, the Bylaws always contemplate the use of a CLA.
> The bylaws set up the following hierarchy: (1) contributions under the
> OpenStack Contributor License Agreements in Appendix 7 (2)
> contributions under a modified CLA  (or license) approved by the Board
> and (3) contributions under the OpenStack Contribution License
> Agreements with non-material  amendments by the Executive Director if
> the Board grants such power to the Executive Director.  The relevant
> section is:
>  
> The Foundation shall generally accept contributions of software made
> pursuant to the terms of the Contributor License Agreements attached
> as Appendix 7. The Board of Directors may adopt additional contributor
> license agreements as may be appropriate for certain organizations or
> contributions to secure a license on terms which will permit
> distribution under the Apache License 2.0, and may require inclusion
> of the Apache License 2.0 license header in code contributions. The
> Board of Directors may delegate the authority to make non material
> amendments to the Contributor License Agreement to the Executive
> Director so long as such modifications permit distribution of the
> software under Apache License 2.0. 

Sure, I understand.

I think this was a mistake. The goal here is twofold - (1) ensure the
OpenStack Foundation can distribute the project's code under the Apache
License and (2) ensure that an appropriate level of due diligence and
process is in place to mitigate against any risks to (1).

I don't see why the specifics of the CLA needed to be in the bylaws.
This is a question of policy and practice that we should be prepared to
evolve as we go.

> > I also disagree with your second point. Many lawyers would feel
> more 
> > comfortable if the agreement is widely used because that like open 
> > source code, they believe that if many lawyers have reviewed the 
> > agreement it is likely to be acceptable.
>  
> ≫You said "the potential contributor should be able to derive comfort"
> in response to Tom's example case of a contributor not having access
> to counsel. So ≫we're not talking about what makes lawyers feel more
> comfortable.
>  
> ≫In cases such as that, I don't think "trust us, many others do" cuts
> it.
>  
> ≫Mark.
>  
> Let me broaden my comment to include lawyers and non-lawyers.
> Individuals and companies agree to legal terms on a frequent basis
> without any legal review. Virtually every website has terms and
> conditions which apply to both individuals and companies.  Individuals
> sign up to legal terms whenever they order a book from Amazon or open
> an Gmail account and I doubt that many individuals have lawyers review
> the terms.  Moreover, every person and every company who wants to use
> cloud services from any vendor, from Amazon to HP to Microsoft  will
> sign up to their terms of service and many times without legal review
> (I know because I have had to deal with the consequences).  I believe
> that "trust us, many others do" does work:

I believe we should not ignore those who seek to understand the legal
agreements they are entering into.

>  both individuals and lawyers should take comfort from the Apache
> approach which has been in place for over fifteen years with no
> complaints of which I am aware.

Our approach is not exactly the same as the approach of the Apache
Foundation (see the subject of this thread) and we are also a different
community with different values and viewpoints.

Mark.

>  
> > -----Original Message-----
> > From: Mark McLoughlin [mailto:markmc at redhat.com]
> > Sent: Tuesday, April 22, 2014 3:16 PM
> > To: Radcliffe, Mark
> > Cc: Tom Fifield; Stefano Maffulli; legal-discuss at lists.openstack.org
> > Subject: Re: [legal-discuss] Trivial contributions and CLAs
> > 
> > On Tue, 2014-04-22 at 15:28 +0000, Radcliffe, Mark wrote:
> > > Thanks.  The more critical issue is that we need to be sensitive
> to 
> > > our users to ensure that we have the right necessary to include
> the 
> > > "trivial contribution" in OpenStack under the Apache license. If
> the 
> > > "trivial contribution" is code is likely to be copyrightable (a
> very 
> > > low standard).  All projects require a license to the code, even
> if 
> > > they choose to use the project "license" as the license (such as 
> > > Linux).
> > 
> > I don't feel I can explain to contributors why they need to do
> anything other than license the code (to the world) under the Apache
> License in order for the contribution to be included in OpenStack
> under the Apache License.
> > 
> > > The potential contributor should be able to derive comfort from
> the 
> > > fact that hundreds of companies have signed the OpenStack CLA 
> > > without changes (we have never agreed to any changes and Apache
> has 
> > > also not agreed to changes in its CLA on which our CLA is based)
> and 
> > > thousands (maybe tens of thousands) have signed the Apache CLA.
> My 
> > > experience is that many "legal" agreements are signed without
> legal 
> > > review particularly if the agreement cannot be changed, so I
> think 
> > > that your proposed scenario is not as common as you suggest.
> > 
> > Don't worry about this agreement you're being asked to sign with the
> OpenStack Foundation because many others have already signed it?
> > 
> > That's not an approach I feel we should be recommending to potential
> contributors.
> > 
> > Mark.
> > 
> > 
> > > -----Original Message-----
> > > From: Tom Fifield [mailto:tom at openstack.org]
> > > Sent: Tuesday, April 22, 2014 8:08 AM
> > > To: Radcliffe, Mark; Stefano Maffulli; 
> > > legal-discuss at lists.openstack.org
> > > Subject: Re: [legal-discuss] Trivial contributions and CLAs
> > > 
> > > On 22/04/14 22:53, Radcliffe, Mark wrote:
> > > > Why can't they sign the CLA?  IBM and HP are very sensitive to
> their IP and they have signed it.
> > > 
> > > This may be completely irrelevant, but I just feel like noting
> that 
> > > IBM and HP also have in-house counsel, who can probably look at 
> > > these things
> > > :) It's probably also worth their while, given the scale of their
> contributions.
> > > 
> > > However, picture a much smaller organisation. One without a lawyer
> on tap.
> > > 
> > > Picture a system administrator, having discovered a small flaw in
> OpenStack, and having goodwill to want to work with the community.
> > > 
> > > What happens in this case?
> > > 
> > > Three theories:
> > > - sysadmin asks the manager to sign the corporate CLA, who balks
> at 
> > > the legalese, and weighs up whether it's worth forking out
> x-hundred 
> > > per hour for the external counsel to merely entertain their star 
> > > sysadmin's pet project
> > > - sysadmin just signs CLA without approval from anyone in the 
> > > organisation
> > > - sysadmin gives up, assuming manager won't approve
> > > 
> > > It's late, and I may be missing several other potential outcomes
> to this case, but these seem like poor outcomes, which are plausibly
> happening more frequently than we record.
> > > 
> > > We really want to encourage these kind of users to contribute, and
> I don't think the big problem is being sensitive to IP.
> > > 
> > > Regards,
> > > 
> > > 
> > > Tom
> > > 
> > > 
> > > 
> > > 
> > > > -----Original Message-----
> > > > From: Stefano Maffulli [mailto:stefano at openstack.org]
> > > > Sent: Tuesday, April 22, 2014 7:35 AM
> > > > To: legal-discuss at lists.openstack.org
> > > > Subject: [legal-discuss] Trivial contributions and CLAs
> > > >
> > > > I have been notified of another very small patch that is left in
> a 
> > > > limbo, with the author not allowed to sign the CLA and the 
> > > > developers stuck in unknown legal territory. You can read more 
> > > > about it on
> > > >
> > > > https://bugs.launchpad.net/bugs/1308984
> > > >
> > > >  From what I can see, the patch is trivial and shouldn't even be
> copyrightable but the person spotting the issue and fixing it is not
> comfortable signing the CLAs. Can any other developer copy the patch
> and put it into our trunk? Until when is this sort of behaviour safe?
> > > >
> > > > We're getting more of these small blockers and I think it's
> already a problem. Having to sign a Corporate CLA and Individual CLA
> for a trivial patch, from an operator (whose job is to run clouds,
> resulting in small and rare patches, not to develop large features)
> can conflict with our effort to get more operators involved in
> OpenStack.
> > > >
> > > > I'm not sure what solutions are available. If we can't change
> the CLA processes easily, what else can we do to get small
> contributions like these?
> > > >
> > > > thanks,
> > > > /stef
> > > >
> > > > --
> > > > Ask and answer questions on https://ask.openstack.org
> > > >
> > > > _______________________________________________
> > > > legal-discuss mailing list
> > > > legal-discuss at lists.openstack.org
> > > >
> http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
> > > > Please consider the environment before printing this email.
> > > >
> > > > The information contained in this email may be confidential
> and/or legally privileged. It has been sent for the sole use of the
> intended recipient(s). If the reader of this message is not an
> intended recipient, you are hereby notified that any unauthorized
> review, use, disclosure, dissemination, distribution, or copying of
> this communication, or any of its contents, is strictly prohibited. If
> you have received this communication in error, please reply to the
> sender and destroy all copies of the message. To contact us directly,
> send to postmaster at dlapiper.com. Thank you.
> > > >
> > > >
> > > > _______________________________________________
> > > > legal-discuss mailing list
> > > > legal-discuss at lists.openstack.org
> > > >
> http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
> > > >
> > > 
> > > Please consider the environment before printing this email.
> > > 
> > > The information contained in this email may be confidential and/or
> legally privileged. It has been sent for the sole use of the intended
> recipient(s). If the reader of this message is not an intended
> recipient, you are hereby notified that any unauthorized review, use,
> disclosure, dissemination, distribution, or copying of this
> communication, or any of its contents, is strictly prohibited. If you
> have received this communication in error, please reply to the sender
> and destroy all copies of the message. To contact us directly, send to
> postmaster at dlapiper.com. Thank you.
> > > 
> > > 
> > > _______________________________________________
> > > legal-discuss mailing list
> > > legal-discuss at lists.openstack.org
> > > http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
> > 
> > 
> > Please consider the environment before printing this email.
> > 
> > The information contained in this email may be confidential and/or
> legally privileged. It has been sent for the sole use of the intended
> recipient(s). If the reader of this message is not an intended
> recipient, you are hereby notified that any unauthorized review, use,
> disclosure, dissemination, distribution, or copying of this
> communication, or any of its contents, is strictly prohibited. If you
> have received this communication in error, please reply to the sender
> and destroy all copies of the message. To contact us directly, send to
> postmaster at dlapiper.com. Thank you.
>  
>  
>  
> Please consider the environment before printing this email.
> 
> The information contained in this email may be confidential and/or
> legally privileged. It has been sent for the sole use of the intended
> recipient(s). If the reader of this message is not an intended
> recipient, you are hereby notified that any unauthorized review, use,
> disclosure, dissemination, distribution, or copying of this
> communication, or any of its contents, is strictly prohibited. If you
> have received this communication in error, please reply to the sender
> and destroy all copies of the message. To contact us directly, send to
> postmaster at dlapiper.com. Thank you.