On Wed, Jan 22, 2014 at 11:27:28AM +0000, Mark McLoughlin wrote:
Contributors sign the CLA and this grants the OpenStack Foundation a license (which is slightly more broad than ALv2) to the code. The Foundation then distributes the code under ALv2.
You're saying that our copyright notices also signifies that contributors are also granting a license under ALv2 directly to whomever receives a copy of the code.
Not 'signifies' but certainly gives the impression. If I see in a source file Copyright 2014 eNovance Licensed under the Apache License 2.0 [etc. boilerplate] That would reasonably be understood to mean eNovance is granting a license directly under ALv2. This is in part because AFAIK all other projects that use these kinds of CLAs only have copyright notices from the privileged entity, if there are copyright notices at all (ignoring third-party code from other projects). Now of course when looking at such things you always have to keep in mind that they may be bad approximations of whatever the truth is. Nonetheless when explicit legal notices like this are contained in source files there is a natural tendency to assume they mean what they say. But I also say this because a number of times I've heard it suggested that OpenStack has this deliberate duplicative licensing policy, which seems then to shape the meaning of 'Copyright eNovance, Licensed under the Apache License...'. That's partly why I've brought it up a few times, in the hopes that someone will tell me I'm wrong (or right). I think perhaps in the end this is all a matter of confusion but if so it might be useful to clear it up. Normally, a CLA is a substitute for direct licensing under the outbound project license. So with respect to a given copyright holder, if a CLA hasn't been signed, fine, the license is the outbound license. That's how most ALv2 projects work, after all. If a CLA has been signed, it is nonstandard for the contributor to be additionally granting a separate license under the Apache License. I will admit that at the moment I am confused about what is supposed to be going on in this respect in OpenStack. Maybe this supposition about duplicative licensing is a misunderstanding on my own part.
I'd agree with Sean that <20% of our contributors understand this distinction (or its practical significance). In fact I'd guess it's approaching 0% :)
The distinction is ultimately minor, but there's something about it that bothers me if it turns out to be in some sense intentional. If there is a desire to have everyone sign a CLA, the project shouldn't have any expectation that CLA signers additionally grant a similar though overall slightly less permissive license. If there is some belief that everyone is granting Apache Licenses, then there shouldn't be any CLA.
Ok, wow - I never understood that most CLA-using projects don't have individual per-file copyright notices.
Yes, this is a key to my whole argument, even if I turn out to be the one who is confused, in which case I apologize for wasting anyone's time. If I'm confused, though, there's a good chance that some others are as well, and as unimportant as this all might be it seems better to have less confusion. Again to contrast things with ASF projects, I know what's going on there. For a given project, if you regard it as a set of Apache Licenses and a set of CLAs, the 'big' Apache License is granted by the ASF and some 'smaller' Apache Licenses are being granted by minor contributors, Then you have a bunch of CLA-based licenses that are (nontransparently) granted to everyone, mostly granted by individuals. (You may also have 'software grants' licensed broadly to the ASF for large code donations.) I don't have the same certainty about what's happening in OpenStack. But I don't want to exaggerate the importance or significance of this. It's more of an annoyance. - RF