I have been notified of another very small patch that is left in a limbo, with the author not allowed to sign the CLA and the developers stuck in unknown legal territory. You can read more about it on
https://bugs.launchpad.net/bugs/1308984
From what I can see, the patch is trivial and shouldn't even be copyrightable but the person spotting the issue and fixing it is not comfortable signing the CLAs. Can any other developer copy the patch and put it into our trunk? Until when is this sort of behaviour safe?
We're getting more of these small blockers and I think it's already a
Hi Mark. I think there's enough language in the Bylaws to support ED authority in this particular circumstance and other circumstances that are this narrow. I would not personally advocate for more than that. I think the worry here is the "slippery slope." Given the constraints of the language in the Bylaws, the slope is not that slippery. Speaking from a pragmatic perspective - these kind of changes will probably find their way into the project via some completely unauthorized means. This is a bigger problem than setting up some sort of exception management. And sorry to go on and on, but. The Legal Affairs Committee has probably done a great job of exploring the legal risk, but I think it's a Board decision if they care to take it up. The Legal Affairs Committee is an advisory committee and I think it only includes representatives from the big contributors. I think the Board is the right body to weigh the legal risk against policy considerations. They are representative of the full range of perspectives in the community and are in the best position to understand the full significance to the community of turning away a contribution like this on these grounds. Thank you! Alice From: Radcliffe, Mark [mailto:Mark.Radcliffe@dlapiper.com] Sent: Wednesday, April 23, 2014 1:37 AM To: Alice King; 'Marc Ehrlich' Cc: legal-discuss@lists.openstack.org Subject: RE: [legal-discuss] Trivial contributions and CLAs We actually discussed this issue at the Legal Affairs committee meeting in January. The issues raised by Marc led the Committee to conclude that, at present, it would be very difficult to find a general rule and a case by case approach would be difficult to manage and potentially unfair to the major contributors. The fundamental issue raised at the Legal Affairs Committee meeting was that such a policy would be unfair to the major contributors because it would actually favor "small contributors" over the major contributors. I also don't think that the bylaws actually give the Executive Director that authority and it would be difficult to have the Board grant it to him. My memory was that the approach in drafting this section was consistent in minimizing discretion in the manner in which contributions could be accepted. Although I suggested giving the Board more flexibility, the decision was that method of contribution needed to tightly controlled. As currently drafted, the Bylaws always contemplate the use of a CLA. The bylaws set up the following hierarchy: (1) contributions under the OpenStack Contributor License Agreements in Appendix 7 (2) contributions under a modified CLA (or license) approved by the Board and (3) contributions under the OpenStack Contribution License Agreements with non-material amendments by the Executive Director if the Board grants such power to the Executive Director. The relevant section is: The Foundation shall generally accept contributions of software made pursuant to the terms of the Contributor License Agreements attached as Appendix 7. The Board of Directors may adopt additional contributor license agreements as may be appropriate for certain organizations or contributions to secure a license on terms which will permit distribution under the Apache License 2.0, and may require inclusion of the Apache License 2.0 license header in code contributions. The Board of Directors may delegate the authority to make non material amendments to the Contributor License Agreement to the Executive Director so long as such modifications permit distribution of the software under Apache License 2.0. From: Alice King [mailto:alice_king@att.net] Sent: Tuesday, April 22, 2014 6:57 PM To: 'Marc Ehrlich' Cc: legal-discuss@lists.openstack.org <mailto:legal-discuss@lists.openstack.org> Subject: Re: [legal-discuss] Trivial contributions and CLAs Hi Marc! In the order of your comments: I am fine and hope you are too!! I know all of you have been carefully working on these issues and it has been quite a while since I have been in the trenches. So apologies if I am speaking "out of school," but here are my thoughts: I think the Executive Director would make the call, and would probably want the advice of legal counsel. I want to stress that I am talking only about exceptional cases. The Board can set parameters for the ED and can set them as conservatively as they think wise. In any domain the application of rules with human judgment can lead to unintended and unwanted results. The Foundation does not have a judiciary, but the Bylaws do contemplate the ED having this type of discretion on intellectual property matters. On the patent risk - forgive me if I missing something, but I am not sure I see much additional risk here either. Any contributor can expose the project to the risk of a patent infringement claim by someone outside of the community. I don't think the CLA helps manage that risk. It only creates a disincentive for a contributor to make a patent claim based on their own contribution. Again, in this particular edge case I think the risk is low that a contributor would make that one slight change that then brings the technology under a patent that the very same contributor holds. But this would be a judgment call for the ED. Certainly the patent risk would be part of the equation in every case. Alice From: Marc Ehrlich [mailto:mehrlich@us.ibm.com] Sent: Tuesday, April 22, 2014 8:20 PM To: Alice King Cc: legal-discuss@lists.openstack.org <mailto:legal-discuss@lists.openstack.org> ; 'Richard Fontana' Subject: Re: [legal-discuss] Trivial contributions and CLAs Hi Alice!! Nice to know I am not the only one hanging out on this list and not responding much. Hope all's well with you! As it relates to IP I guess I do have a few concerns with the trajectory of this discussion. I apologize if I am missing something obvious and if so feel free to disregard this... For example how do we determine what "trivial contribution" is? Who makes that call? Would it be the same to all participants? Why are IBM and HP and others who have signed the CLA held to a different standard and denied the ability to make trivial contributions (not that I think we should be able to make them I don't think they should be made at all) but if some can make them why not all? Most importantly it is the patent IP I think we should be worried about. What if that line or two of code trivially contributed completes the steps of a patent claim held by the contributer's company that then makes open stack users infringers of that code? Remember our committee discussions about contributors licenses which extend not only to the code they contribute but its combination with the work? This is exactly the same point. Even a trivial contribution in terms of size or function can render a body of code infringing. I think that one of the great benefits of the CLA is that it addresses that scenario. So in my view we need to think long and hard about letting companies take a pass on what everyone else has agreed to lest we find ourselves facing patent claims based on trivial additions. I would not expect (though please correct me if I am wrong) that someone planning on doing a patent clearance against the contributor when such contributions are made before they are deemed trivial? I would think that would be more than a trivial undertaking. Sorry if I am missing something that covers us for patents but I think I have this right. Marc A. Ehrlich "Alice King" ---04/22/2014 08:55:37 PM---Thank you Richard. That helps put it in perspective. The process needs to permit a trusted person From: "Alice King" <alice@alicelkingpc.com <mailto:alice@alicelkingpc.com> > To: "'Richard Fontana'" <rfontana@redhat.com <mailto:rfontana@redhat.com> >, <legal-discuss@lists.openstack.org <mailto:legal-discuss@lists.openstack.org> >, Date: 04/22/2014 08:55 PM Subject: Re: [legal-discuss] Trivial contributions and CLAs _____ Thank you Richard. That helps put it in perspective. The process needs to permit a trusted person to exercise discretion in edge cases like this. That is true of every process involving human interaction. The Foundation Bylaws contemplate the Board giving this kind of edge-case discretion to the Executive Director. I don't see that there is much risk around intellectual property in this kind of contribution. Who would make a claim? There is a secondary risk that the project is viewed as being lax on IP issues generally, which would scare off some users. I think this is also unlikely. My impression is that the project is viewed as exercising an abundance of caution. The kind of participation represented by this contribution is valuable. Reward significantly outweighs risk. Still on the list and felt like chiming in! Alice -----Original Message----- From: Richard Fontana [mailto:rfontana@redhat.com] Sent: Tuesday, April 22, 2014 7:32 PM To: legal-discuss@lists.openstack.org <mailto:legal-discuss@lists.openstack.org> Subject: Re: [legal-discuss] Trivial contributions and CLAs For anyone on this list not accustomed to looking at such things, I think it might be interesting to point out what this patch actually is and what Stefano means by triviality (even though the CLA may not be the relevant issue in this instance, the issue of contribution process around trivial patches is the larger issue that Stefano was raising): The patch would cause one existing line in one file: options = sorted([(ip.id, ip.ip) for ip in ips if not ip.port_id]) to be replaced with this: options = sorted([(ip.id, ip.ip) for ip in ips if not ip.port_id], key=lambda ip: ip[1]) That is: all this patch does is add the following text to one line of a file: ", key=lambda ip: ip[1]" The file itself contains about ~100 lines of code, and Horizon, the relevant project, contains, I believe, about 2000 files. - RF Stefano wrote: problem. Having to sign a Corporate CLA and Individual CLA for a trivial patch, from an operator (whose job is to run clouds, resulting in small and rare patches, not to develop large features) can conflict with our effort to get more operators involved in OpenStack.
I'm not sure what solutions are available. If we can't change the CLA
processes easily, what else can we do to get small contributions like these? _______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org <mailto:legal-discuss@lists.openstack.org> http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss _______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org <mailto:legal-discuss@lists.openstack.org> http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss Please consider the environment before printing this email. The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com <mailto:postmaster@dlapiper.com> . Thank you.