Open Stack

On Wed, Jan 22, 2014 at 11:27:28AM +0000, Mark McLoughlin wrote:
> Contributors sign the CLA and this grants the OpenStack Foundation a
> license (which is slightly more broad than ALv2) to the code. The
> Foundation then distributes the code under ALv2.
> 
> You're saying that our copyright notices also signifies that
> contributors are also granting a license under ALv2 directly to whomever
> receives a copy of the code.

Not 'signifies' but certainly gives the impression. If I see in a source file 

  Copyright 2014 eNovance

  Licensed under the Apache License 2.0 [etc. boilerplate]

That would reasonably be understood to mean eNovance is granting a
license directly under ALv2. This is in part because AFAIK all other
projects that use these kinds of CLAs only have copyright notices from
the privileged entity, if there are copyright notices at all (ignoring
third-party code from other projects). 

Now of course when looking at such things you always have to keep in
mind that they may be bad approximations of whatever the truth
is. Nonetheless when explicit legal notices like this are contained in
source files there is a natural tendency to assume they mean what they
say.

But I also say this because a number of times I've heard it suggested
that OpenStack has this deliberate duplicative licensing policy, which
seems then to shape the meaning of 'Copyright eNovance, Licensed under
the Apache License...'. That's partly why I've brought it up a few
times, in the hopes that someone will tell me I'm wrong (or right). I
think perhaps in the end this is all a matter of confusion but if so
it might be useful to clear it up. Normally, a CLA is a substitute for
direct licensing under the outbound project license. So with respect
to a given copyright holder, if a CLA hasn't been signed, fine, the
license is the outbound license. That's how most ALv2 projects work,
after all. If a CLA has been signed, it is nonstandard for the
contributor to be additionally granting a separate license under the
Apache License. I will admit that at the moment I am confused about
what is supposed to be going on in this respect in OpenStack. Maybe
this supposition about duplicative licensing is a misunderstanding on
my own part.
 
> I'd agree with Sean that <20% of our contributors understand this
> distinction (or its practical significance). In fact I'd guess it's
> approaching 0% :)

The distinction is ultimately minor, but there's something about it
that bothers me if it turns out to be in some sense intentional. If
there is a desire to have everyone sign a CLA, the project shouldn't
have any expectation that CLA signers additionally grant a similar
though overall slightly less permissive license. If there is some
belief that everyone is granting Apache Licenses, then there shouldn't
be any CLA.

> Ok, wow - I never understood that most CLA-using projects don't have
> individual per-file copyright notices.

Yes, this is a key to my whole argument, even if I turn out to be the
one who is confused, in which case I apologize for wasting anyone's
time. If I'm confused, though, there's a good chance that some others
are as well, and as unimportant as this all might be it seems better
to have less confusion. 

Again to contrast things with ASF projects, I know what's going on
there. For a given project, if you regard it as a set of Apache
Licenses and a set of CLAs, the 'big' Apache License is granted by the
ASF and some 'smaller' Apache Licenses are being granted by minor
contributors, Then you have a bunch of CLA-based licenses that are
(nontransparently) granted to everyone, mostly granted by
individuals. (You may also have 'software grants' licensed broadly to
the ASF for large code donations.) I don't have the same certainty
about what's happening in OpenStack. But I don't want to exaggerate
the importance or significance of this. It's more of an annoyance. 

 - RF