[legal-discuss] Copyright statements in source
markmc at redhat.com
Thu Jan 23 12:38:10 UTC 2014
On Wed, 2014-01-22 at 11:52 -0500, Richard Fontana wrote:
> On Wed, Jan 22, 2014 at 11:27:28AM +0000, Mark McLoughlin wrote:
> > Contributors sign the CLA and this grants the OpenStack Foundation a
> > license (which is slightly more broad than ALv2) to the code. The
> > Foundation then distributes the code under ALv2.
> > You're saying that our copyright notices also signifies that
> > contributors are also granting a license under ALv2 directly to whomever
> > receives a copy of the code.
> Not 'signifies' but certainly gives the impression. If I see in a source file
> Copyright 2014 eNovance
> Licensed under the Apache License 2.0 [etc. boilerplate]
> That would reasonably be understood to mean eNovance is granting a
> license directly under ALv2. This is in part because AFAIK all other
> projects that use these kinds of CLAs only have copyright notices from
> the privileged entity, if there are copyright notices at all (ignoring
> third-party code from other projects).
> Now of course when looking at such things you always have to keep in
> mind that they may be bad approximations of whatever the truth
> is. Nonetheless when explicit legal notices like this are contained in
> source files there is a natural tendency to assume they mean what they
> But I also say this because a number of times I've heard it suggested
> that OpenStack has this deliberate duplicative licensing policy, which
> seems then to shape the meaning of 'Copyright eNovance, Licensed under
> the Apache License...'. That's partly why I've brought it up a few
> times, in the hopes that someone will tell me I'm wrong (or right). I
> think perhaps in the end this is all a matter of confusion but if so
> it might be useful to clear it up. Normally, a CLA is a substitute for
> direct licensing under the outbound project license. So with respect
> to a given copyright holder, if a CLA hasn't been signed, fine, the
> license is the outbound license. That's how most ALv2 projects work,
> after all. If a CLA has been signed, it is nonstandard for the
> contributor to be additionally granting a separate license under the
> Apache License. I will admit that at the moment I am confused about
> what is supposed to be going on in this respect in OpenStack. Maybe
> this supposition about duplicative licensing is a misunderstanding on
> my own part.
FWIW, if it's intentional, I've never heard it articulated or defended
I just had a quick look at Nova and Swift's early history. I've lost my
notes, so from memory:
- Swift just has Copyright OpenStack LLC or OpenStack Foundation
since the beginning, except for one tiny exception
- Nova originally was Copyright Anso Labs, then in June 2010 NASA
notices were added and in July 2010 the Anso notices were removed.
- In July/August 2010, OpenStack LLC, Citrix, FathomDB, etc. notices
started appearing gradually
So, my guess would be that the Anso guys naturally favoured direct
licensing when launching Nova and when Rackspace/OpenStack LLC came on
the scene with a CLA it was seen as a natural thing to add to the
existing copyright notices.
Whether a discussion about removing the copyright notices ever happened
when it was decided to add a CLA, I have no idea. But the CLA was there
from July 2010:
I struggle to imagine anyone in July 2010 recognizing what they were
doing as "duplicative licensing" and consciously deciding to take that
approach over the ASF approach. But maybe someone who was around then
can shed more light on it.
> > I'd agree with Sean that <20% of our contributors understand this
> > distinction (or its practical significance). In fact I'd guess it's
> > approaching 0% :)
> The distinction is ultimately minor, but there's something about it
> that bothers me if it turns out to be in some sense intentional. If
> there is a desire to have everyone sign a CLA, the project shouldn't
> have any expectation that CLA signers additionally grant a similar
> though overall slightly less permissive license. If there is some
> belief that everyone is granting Apache Licenses, then there shouldn't
> be any CLA.
I guess my interpretation is that yes, everyone is granting Apache
Licenses but we all also grant some additional rights (I don't know what
they are exactly) to the foundation (I don't know why exactly).
That's a pretty worthless defensive of our CLA regime though :)
> > Ok, wow - I never understood that most CLA-using projects don't have
> > individual per-file copyright notices.
> Yes, this is a key to my whole argument, even if I turn out to be the
> one who is confused, in which case I apologize for wasting anyone's
> time. If I'm confused, though, there's a good chance that some others
> are as well, and as unimportant as this all might be it seems better
> to have less confusion.
> Again to contrast things with ASF projects, I know what's going on
> there. For a given project, if you regard it as a set of Apache
> Licenses and a set of CLAs, the 'big' Apache License is granted by the
> ASF and some 'smaller' Apache Licenses are being granted by minor
I'm with you until here ...
However, I'm still struggling to understand the benefit of the ASF being
granted a special license. Why can't it be licensed the code under the
Or is the benefit of this situation that the vast bulk of code is
licensed outbound from a single licensor? Is that a benefit in terms of
a perception, or some "single throat to choke" legal benefit? or?
> Then you have a bunch of CLA-based licenses that are
> (nontransparently) granted to everyone, mostly granted by
> individuals. (You may also have 'software grants' licensed broadly to
> the ASF for large code donations.)
Say what? :)
> I don't have the same certainty
> about what's happening in OpenStack. But I don't want to exaggerate
> the importance or significance of this. It's more of an annoyance.
Am I right in saying you're being the dog with the proverbial bone on
this because clarifying this could help to undermine the need for our
More information about the legal-discuss