Trivial contributions and CLAs
From what I can see, the patch is trivial and shouldn't even be copyrightable but the person spotting the issue and fixing it is not comfortable signing the CLAs. Can any other developer copy the patch and
I have been notified of another very small patch that is left in a limbo, with the author not allowed to sign the CLA and the developers stuck in unknown legal territory. You can read more about it on https://bugs.launchpad.net/bugs/1308984 put it into our trunk? Until when is this sort of behaviour safe? We're getting more of these small blockers and I think it's already a problem. Having to sign a Corporate CLA and Individual CLA for a trivial patch, from an operator (whose job is to run clouds, resulting in small and rare patches, not to develop large features) can conflict with our effort to get more operators involved in OpenStack. I'm not sure what solutions are available. If we can't change the CLA processes easily, what else can we do to get small contributions like these? thanks, /stef -- Ask and answer questions on https://ask.openstack.org
Why can't they sign the CLA? IBM and HP are very sensitive to their IP and they have signed it. -----Original Message----- From: Stefano Maffulli [mailto:stefano@openstack.org] Sent: Tuesday, April 22, 2014 7:35 AM To: legal-discuss@lists.openstack.org Subject: [legal-discuss] Trivial contributions and CLAs I have been notified of another very small patch that is left in a limbo, with the author not allowed to sign the CLA and the developers stuck in unknown legal territory. You can read more about it on https://bugs.launchpad.net/bugs/1308984
From what I can see, the patch is trivial and shouldn't even be copyrightable but the person spotting the issue and fixing it is not comfortable signing the CLAs. Can any other developer copy the patch and put it into our trunk? Until when is this sort of behaviour safe?
We're getting more of these small blockers and I think it's already a problem. Having to sign a Corporate CLA and Individual CLA for a trivial patch, from an operator (whose job is to run clouds, resulting in small and rare patches, not to develop large features) can conflict with our effort to get more operators involved in OpenStack. I'm not sure what solutions are available. If we can't change the CLA processes easily, what else can we do to get small contributions like these? thanks, /stef -- Ask and answer questions on https://ask.openstack.org _______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss Please consider the environment before printing this email. The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
On 22/04/14 22:53, Radcliffe, Mark wrote:
Why can't they sign the CLA? IBM and HP are very sensitive to their IP and they have signed it.
This may be completely irrelevant, but I just feel like noting that IBM and HP also have in-house counsel, who can probably look at these things :) It's probably also worth their while, given the scale of their contributions. However, picture a much smaller organisation. One without a lawyer on tap. Picture a system administrator, having discovered a small flaw in OpenStack, and having goodwill to want to work with the community. What happens in this case? Three theories: - sysadmin asks the manager to sign the corporate CLA, who balks at the legalese, and weighs up whether it's worth forking out x-hundred per hour for the external counsel to merely entertain their star sysadmin's pet project - sysadmin just signs CLA without approval from anyone in the organisation - sysadmin gives up, assuming manager won't approve It's late, and I may be missing several other potential outcomes to this case, but these seem like poor outcomes, which are plausibly happening more frequently than we record. We really want to encourage these kind of users to contribute, and I don't think the big problem is being sensitive to IP. Regards, Tom
-----Original Message----- From: Stefano Maffulli [mailto:stefano@openstack.org] Sent: Tuesday, April 22, 2014 7:35 AM To: legal-discuss@lists.openstack.org Subject: [legal-discuss] Trivial contributions and CLAs
I have been notified of another very small patch that is left in a limbo, with the author not allowed to sign the CLA and the developers stuck in unknown legal territory. You can read more about it on
https://bugs.launchpad.net/bugs/1308984
From what I can see, the patch is trivial and shouldn't even be copyrightable but the person spotting the issue and fixing it is not comfortable signing the CLAs. Can any other developer copy the patch and put it into our trunk? Until when is this sort of behaviour safe?
We're getting more of these small blockers and I think it's already a problem. Having to sign a Corporate CLA and Individual CLA for a trivial patch, from an operator (whose job is to run clouds, resulting in small and rare patches, not to develop large features) can conflict with our effort to get more operators involved in OpenStack.
I'm not sure what solutions are available. If we can't change the CLA processes easily, what else can we do to get small contributions like these?
thanks, /stef
-- Ask and answer questions on https://ask.openstack.org
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss Please consider the environment before printing this email.
The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
Thanks. The more critical issue is that we need to be sensitive to our users to ensure that we have the right necessary to include the "trivial contribution" in OpenStack under the Apache license. If the "trivial contribution" is code is likely to be copyrightable (a very low standard). All projects require a license to the code, even if they choose to use the project "license" as the license (such as Linux). The potential contributor should be able to derive comfort from the fact that hundreds of companies have signed the OpenStack CLA without changes (we have never agreed to any changes and Apache has also not agreed to changes in its CLA on which our CLA is based) and thousands (maybe tens of thousands) have signed the Apache CLA. My experience is that many "legal" agreements are signed without legal review particularly if the agreement cannot be changed, so I think that your proposed scenario is not as common as you suggest. -----Original Message----- From: Tom Fifield [mailto:tom@openstack.org] Sent: Tuesday, April 22, 2014 8:08 AM To: Radcliffe, Mark; Stefano Maffulli; legal-discuss@lists.openstack.org Subject: Re: [legal-discuss] Trivial contributions and CLAs On 22/04/14 22:53, Radcliffe, Mark wrote:
Why can't they sign the CLA? IBM and HP are very sensitive to their IP and they have signed it.
This may be completely irrelevant, but I just feel like noting that IBM and HP also have in-house counsel, who can probably look at these things :) It's probably also worth their while, given the scale of their contributions. However, picture a much smaller organisation. One without a lawyer on tap. Picture a system administrator, having discovered a small flaw in OpenStack, and having goodwill to want to work with the community. What happens in this case? Three theories: - sysadmin asks the manager to sign the corporate CLA, who balks at the legalese, and weighs up whether it's worth forking out x-hundred per hour for the external counsel to merely entertain their star sysadmin's pet project - sysadmin just signs CLA without approval from anyone in the organisation - sysadmin gives up, assuming manager won't approve It's late, and I may be missing several other potential outcomes to this case, but these seem like poor outcomes, which are plausibly happening more frequently than we record. We really want to encourage these kind of users to contribute, and I don't think the big problem is being sensitive to IP. Regards, Tom
-----Original Message----- From: Stefano Maffulli [mailto:stefano@openstack.org] Sent: Tuesday, April 22, 2014 7:35 AM To: legal-discuss@lists.openstack.org Subject: [legal-discuss] Trivial contributions and CLAs
I have been notified of another very small patch that is left in a limbo, with the author not allowed to sign the CLA and the developers stuck in unknown legal territory. You can read more about it on
https://bugs.launchpad.net/bugs/1308984
From what I can see, the patch is trivial and shouldn't even be copyrightable but the person spotting the issue and fixing it is not comfortable signing the CLAs. Can any other developer copy the patch and put it into our trunk? Until when is this sort of behaviour safe?
We're getting more of these small blockers and I think it's already a problem. Having to sign a Corporate CLA and Individual CLA for a trivial patch, from an operator (whose job is to run clouds, resulting in small and rare patches, not to develop large features) can conflict with our effort to get more operators involved in OpenStack.
I'm not sure what solutions are available. If we can't change the CLA processes easily, what else can we do to get small contributions like these?
thanks, /stef
-- Ask and answer questions on https://ask.openstack.org
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss Please consider the environment before printing this email.
The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
Please consider the environment before printing this email. The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
On Tue, 2014-04-22 at 15:28 +0000, Radcliffe, Mark wrote:
Thanks. The more critical issue is that we need to be sensitive to our users to ensure that we have the right necessary to include the "trivial contribution" in OpenStack under the Apache license. If the "trivial contribution" is code is likely to be copyrightable (a very low standard). All projects require a license to the code, even if they choose to use the project "license" as the license (such as Linux).
I don't feel I can explain to contributors why they need to do anything other than license the code (to the world) under the Apache License in order for the contribution to be included in OpenStack under the Apache License.
The potential contributor should be able to derive comfort from the fact that hundreds of companies have signed the OpenStack CLA without changes (we have never agreed to any changes and Apache has also not agreed to changes in its CLA on which our CLA is based) and thousands (maybe tens of thousands) have signed the Apache CLA. My experience is that many "legal" agreements are signed without legal review particularly if the agreement cannot be changed, so I think that your proposed scenario is not as common as you suggest.
Don't worry about this agreement you're being asked to sign with the OpenStack Foundation because many others have already signed it? That's not an approach I feel we should be recommending to potential contributors. Mark.
-----Original Message----- From: Tom Fifield [mailto:tom@openstack.org] Sent: Tuesday, April 22, 2014 8:08 AM To: Radcliffe, Mark; Stefano Maffulli; legal-discuss@lists.openstack.org Subject: Re: [legal-discuss] Trivial contributions and CLAs
On 22/04/14 22:53, Radcliffe, Mark wrote:
Why can't they sign the CLA? IBM and HP are very sensitive to their IP and they have signed it.
This may be completely irrelevant, but I just feel like noting that IBM and HP also have in-house counsel, who can probably look at these things :) It's probably also worth their while, given the scale of their contributions.
However, picture a much smaller organisation. One without a lawyer on tap.
Picture a system administrator, having discovered a small flaw in OpenStack, and having goodwill to want to work with the community.
What happens in this case?
Three theories: - sysadmin asks the manager to sign the corporate CLA, who balks at the legalese, and weighs up whether it's worth forking out x-hundred per hour for the external counsel to merely entertain their star sysadmin's pet project - sysadmin just signs CLA without approval from anyone in the organisation - sysadmin gives up, assuming manager won't approve
It's late, and I may be missing several other potential outcomes to this case, but these seem like poor outcomes, which are plausibly happening more frequently than we record.
We really want to encourage these kind of users to contribute, and I don't think the big problem is being sensitive to IP.
Regards,
Tom
-----Original Message----- From: Stefano Maffulli [mailto:stefano@openstack.org] Sent: Tuesday, April 22, 2014 7:35 AM To: legal-discuss@lists.openstack.org Subject: [legal-discuss] Trivial contributions and CLAs
I have been notified of another very small patch that is left in a limbo, with the author not allowed to sign the CLA and the developers stuck in unknown legal territory. You can read more about it on
https://bugs.launchpad.net/bugs/1308984
From what I can see, the patch is trivial and shouldn't even be copyrightable but the person spotting the issue and fixing it is not comfortable signing the CLAs. Can any other developer copy the patch and put it into our trunk? Until when is this sort of behaviour safe?
We're getting more of these small blockers and I think it's already a problem. Having to sign a Corporate CLA and Individual CLA for a trivial patch, from an operator (whose job is to run clouds, resulting in small and rare patches, not to develop large features) can conflict with our effort to get more operators involved in OpenStack.
I'm not sure what solutions are available. If we can't change the CLA processes easily, what else can we do to get small contributions like these?
thanks, /stef
-- Ask and answer questions on https://ask.openstack.org
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss Please consider the environment before printing this email.
The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
Please consider the environment before printing this email.
The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
Mark: I don't understand your first comment. The OpenStack Foundation has adopted the Apache model. The Apache Software Foundation uses a CLA for all of its projects. The OpenStack LLC also used a CLA. The CLA has been used as long as OpenStack has been a project. Moreover, the form of the CLA is hardwired into the Bylaws of the Foundation. I also disagree with your second point. Many lawyers would feel more comfortable if the agreement is widely used because that like open source code, they believe that if many lawyers have reviewed the agreement it is likely to be acceptable. -----Original Message----- From: Mark McLoughlin [mailto:markmc@redhat.com] Sent: Tuesday, April 22, 2014 3:16 PM To: Radcliffe, Mark Cc: Tom Fifield; Stefano Maffulli; legal-discuss@lists.openstack.org Subject: Re: [legal-discuss] Trivial contributions and CLAs On Tue, 2014-04-22 at 15:28 +0000, Radcliffe, Mark wrote:
Thanks. The more critical issue is that we need to be sensitive to our users to ensure that we have the right necessary to include the "trivial contribution" in OpenStack under the Apache license. If the "trivial contribution" is code is likely to be copyrightable (a very low standard). All projects require a license to the code, even if they choose to use the project "license" as the license (such as Linux).
I don't feel I can explain to contributors why they need to do anything other than license the code (to the world) under the Apache License in order for the contribution to be included in OpenStack under the Apache License.
The potential contributor should be able to derive comfort from the fact that hundreds of companies have signed the OpenStack CLA without changes (we have never agreed to any changes and Apache has also not agreed to changes in its CLA on which our CLA is based) and thousands (maybe tens of thousands) have signed the Apache CLA. My experience is that many "legal" agreements are signed without legal review particularly if the agreement cannot be changed, so I think that your proposed scenario is not as common as you suggest.
Don't worry about this agreement you're being asked to sign with the OpenStack Foundation because many others have already signed it? That's not an approach I feel we should be recommending to potential contributors. Mark.
-----Original Message----- From: Tom Fifield [mailto:tom@openstack.org] Sent: Tuesday, April 22, 2014 8:08 AM To: Radcliffe, Mark; Stefano Maffulli; legal-discuss@lists.openstack.org Subject: Re: [legal-discuss] Trivial contributions and CLAs
On 22/04/14 22:53, Radcliffe, Mark wrote:
Why can't they sign the CLA? IBM and HP are very sensitive to their IP and they have signed it.
This may be completely irrelevant, but I just feel like noting that IBM and HP also have in-house counsel, who can probably look at these things :) It's probably also worth their while, given the scale of their contributions.
However, picture a much smaller organisation. One without a lawyer on tap.
Picture a system administrator, having discovered a small flaw in OpenStack, and having goodwill to want to work with the community.
What happens in this case?
Three theories: - sysadmin asks the manager to sign the corporate CLA, who balks at the legalese, and weighs up whether it's worth forking out x-hundred per hour for the external counsel to merely entertain their star sysadmin's pet project - sysadmin just signs CLA without approval from anyone in the organisation - sysadmin gives up, assuming manager won't approve
It's late, and I may be missing several other potential outcomes to this case, but these seem like poor outcomes, which are plausibly happening more frequently than we record.
We really want to encourage these kind of users to contribute, and I don't think the big problem is being sensitive to IP.
Regards,
Tom
-----Original Message----- From: Stefano Maffulli [mailto:stefano@openstack.org] Sent: Tuesday, April 22, 2014 7:35 AM To: legal-discuss@lists.openstack.org Subject: [legal-discuss] Trivial contributions and CLAs
I have been notified of another very small patch that is left in a limbo, with the author not allowed to sign the CLA and the developers stuck in unknown legal territory. You can read more about it on
https://bugs.launchpad.net/bugs/1308984
From what I can see, the patch is trivial and shouldn't even be copyrightable but the person spotting the issue and fixing it is not comfortable signing the CLAs. Can any other developer copy the patch and put it into our trunk? Until when is this sort of behaviour safe?
We're getting more of these small blockers and I think it's already a problem. Having to sign a Corporate CLA and Individual CLA for a trivial patch, from an operator (whose job is to run clouds, resulting in small and rare patches, not to develop large features) can conflict with our effort to get more operators involved in OpenStack.
I'm not sure what solutions are available. If we can't change the CLA processes easily, what else can we do to get small contributions like these?
thanks, /stef
-- Ask and answer questions on https://ask.openstack.org
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss Please consider the environment before printing this email.
The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
Please consider the environment before printing this email.
The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
Please consider the environment before printing this email. The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
On Wed, 2014-04-23 at 00:22 +0000, Radcliffe, Mark wrote:
Mark:
I don't understand your first comment. The OpenStack Foundation has adopted the Apache model. The Apache Software Foundation uses a CLA for all of its projects. The OpenStack LLC also used a CLA. The CLA has been used as long as OpenStack has been a project. Moreover, the form of the CLA is hardwired into the Bylaws of the Foundation.
You said "all projects require a license to the code". In our case, the OpenStack Foundation requires a license to the code which allows us to redistribute the code under the terms of the Apache License. That does not explain why the OpenStack Foundation requires the code to be submitted under the terms of the CLA rather than under the terms of the Apache License. Yes, the Apache Foundation uses a CLA and yes we currently follow a similar model. That doesn't mean its use is justified.
I also disagree with your second point. Many lawyers would feel more comfortable if the agreement is widely used because that like open source code, they believe that if many lawyers have reviewed the agreement it is likely to be acceptable.
You said "the potential contributor should be able to derive comfort" in response to Tom's example case of a contributor not having access to counsel. So we're not talking about what makes lawyers feel more comfortable. In cases such as that, I don't think "trust us, many others do" cuts it. Mark.
-----Original Message----- From: Mark McLoughlin [mailto:markmc@redhat.com] Sent: Tuesday, April 22, 2014 3:16 PM To: Radcliffe, Mark Cc: Tom Fifield; Stefano Maffulli; legal-discuss@lists.openstack.org Subject: Re: [legal-discuss] Trivial contributions and CLAs
On Tue, 2014-04-22 at 15:28 +0000, Radcliffe, Mark wrote:
Thanks. The more critical issue is that we need to be sensitive to our users to ensure that we have the right necessary to include the "trivial contribution" in OpenStack under the Apache license. If the "trivial contribution" is code is likely to be copyrightable (a very low standard). All projects require a license to the code, even if they choose to use the project "license" as the license (such as Linux).
I don't feel I can explain to contributors why they need to do anything other than license the code (to the world) under the Apache License in order for the contribution to be included in OpenStack under the Apache License.
The potential contributor should be able to derive comfort from the fact that hundreds of companies have signed the OpenStack CLA without changes (we have never agreed to any changes and Apache has also not agreed to changes in its CLA on which our CLA is based) and thousands (maybe tens of thousands) have signed the Apache CLA. My experience is that many "legal" agreements are signed without legal review particularly if the agreement cannot be changed, so I think that your proposed scenario is not as common as you suggest.
Don't worry about this agreement you're being asked to sign with the OpenStack Foundation because many others have already signed it?
That's not an approach I feel we should be recommending to potential contributors.
Mark.
-----Original Message----- From: Tom Fifield [mailto:tom@openstack.org] Sent: Tuesday, April 22, 2014 8:08 AM To: Radcliffe, Mark; Stefano Maffulli; legal-discuss@lists.openstack.org Subject: Re: [legal-discuss] Trivial contributions and CLAs
On 22/04/14 22:53, Radcliffe, Mark wrote:
Why can't they sign the CLA? IBM and HP are very sensitive to their IP and they have signed it.
This may be completely irrelevant, but I just feel like noting that IBM and HP also have in-house counsel, who can probably look at these things :) It's probably also worth their while, given the scale of their contributions.
However, picture a much smaller organisation. One without a lawyer on tap.
Picture a system administrator, having discovered a small flaw in OpenStack, and having goodwill to want to work with the community.
What happens in this case?
Three theories: - sysadmin asks the manager to sign the corporate CLA, who balks at the legalese, and weighs up whether it's worth forking out x-hundred per hour for the external counsel to merely entertain their star sysadmin's pet project - sysadmin just signs CLA without approval from anyone in the organisation - sysadmin gives up, assuming manager won't approve
It's late, and I may be missing several other potential outcomes to this case, but these seem like poor outcomes, which are plausibly happening more frequently than we record.
We really want to encourage these kind of users to contribute, and I don't think the big problem is being sensitive to IP.
Regards,
Tom
-----Original Message----- From: Stefano Maffulli [mailto:stefano@openstack.org] Sent: Tuesday, April 22, 2014 7:35 AM To: legal-discuss@lists.openstack.org Subject: [legal-discuss] Trivial contributions and CLAs
I have been notified of another very small patch that is left in a limbo, with the author not allowed to sign the CLA and the developers stuck in unknown legal territory. You can read more about it on
https://bugs.launchpad.net/bugs/1308984
From what I can see, the patch is trivial and shouldn't even be copyrightable but the person spotting the issue and fixing it is not comfortable signing the CLAs. Can any other developer copy the patch and put it into our trunk? Until when is this sort of behaviour safe?
We're getting more of these small blockers and I think it's already a problem. Having to sign a Corporate CLA and Individual CLA for a trivial patch, from an operator (whose job is to run clouds, resulting in small and rare patches, not to develop large features) can conflict with our effort to get more operators involved in OpenStack.
I'm not sure what solutions are available. If we can't change the CLA processes easily, what else can we do to get small contributions like these?
thanks, /stef
-- Ask and answer questions on https://ask.openstack.org
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss Please consider the environment before printing this email.
The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
Please consider the environment before printing this email.
The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
Please consider the environment before printing this email.
The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
-----Original Message----- From: Mark McLoughlin [mailto:markmc@redhat.com] Sent: Tuesday, April 22, 2014 11:10 PM To: Radcliffe, Mark Cc: Tom Fifield; Stefano Maffulli; legal-discuss@lists.openstack.org Subject: Re: [legal-discuss] Trivial contributions and CLAs On Wed, 2014-04-23 at 00:22 +0000, Radcliffe, Mark wrote:
Mark:
I don't understand your first comment. The OpenStack Foundation has adopted the Apache model. The Apache Software Foundation uses a CLA for all of its projects. The OpenStack LLC also used a CLA. The CLA has been used as long as OpenStack has been a project. Moreover, the form of the CLA is hardwired into the Bylaws of the Foundation.
≫You said "all projects require a license to the code". In our case, the OpenStack Foundation requires a license to the code which allows us to redistribute the ≫code under the terms of the Apache License. That does not explain why the OpenStack Foundation requires the code to be submitted under the terms of ≫the CLA rather than under the terms of the Apache License. ≫Yes, the Apache Foundation uses a CLA and yes we currently follow a similar model. That doesn't mean its use is justified. Although I am happy to continue this conversation at a philosophical level, I think that we need to be aware that the Foundation made this choice when it was formed and "hardwired" the decision in the Bylaws. As currently drafted, the Bylaws always contemplate the use of a CLA. The bylaws set up the following hierarchy: (1) contributions under the OpenStack Contributor License Agreements in Appendix 7 (2) contributions under a modified CLA (or license) approved by the Board and (3) contributions under the OpenStack Contribution License Agreements with non-material amendments by the Executive Director if the Board grants such power to the Executive Director. The relevant section is: The Foundation shall generally accept contributions of software made pursuant to the terms of the Contributor License Agreements attached as Appendix 7. The Board of Directors may adopt additional contributor license agreements as may be appropriate for certain organizations or contributions to secure a license on terms which will permit distribution under the Apache License 2.0, and may require inclusion of the Apache License 2.0 license header in code contributions. The Board of Directors may delegate the authority to make non material amendments to the Contributor License Agreement to the Executive Director so long as such modifications permit distribution of the software under Apache License 2.0.
I also disagree with your second point. Many lawyers would feel more comfortable if the agreement is widely used because that like open source code, they believe that if many lawyers have reviewed the agreement it is likely to be acceptable.
≫You said "the potential contributor should be able to derive comfort" in response to Tom's example case of a contributor not having access to counsel. So ≫we're not talking about what makes lawyers feel more comfortable. ≫In cases such as that, I don't think "trust us, many others do" cuts it. ≫Mark. Let me broaden my comment to include lawyers and non-lawyers. Individuals and companies agree to legal terms on a frequent basis without any legal review. Virtually every website has terms and conditions which apply to both individuals and companies. Individuals sign up to legal terms whenever they order a book from Amazon or open an Gmail account and I doubt that many individuals have lawyers review the terms. Moreover, every person and every company who wants to use cloud services from any vendor, from Amazon to HP to Microsoft will sign up to their terms of service and many times without legal review (I know because I have had to deal with the consequences). I believe that "trust us, many others do" does work: both individuals and lawyers should take comfort from the Apache approach which has been in place for over fifteen years with no complaints of which I am aware.
-----Original Message----- From: Mark McLoughlin [mailto:markmc@redhat.com] Sent: Tuesday, April 22, 2014 3:16 PM To: Radcliffe, Mark Cc: Tom Fifield; Stefano Maffulli; legal-discuss@lists.openstack.org<mailto:legal-discuss@lists.openstack.org> Subject: Re: [legal-discuss] Trivial contributions and CLAs
On Tue, 2014-04-22 at 15:28 +0000, Radcliffe, Mark wrote:
Thanks. The more critical issue is that we need to be sensitive to our users to ensure that we have the right necessary to include the "trivial contribution" in OpenStack under the Apache license. If the "trivial contribution" is code is likely to be copyrightable (a very low standard). All projects require a license to the code, even if they choose to use the project "license" as the license (such as Linux).
I don't feel I can explain to contributors why they need to do anything other than license the code (to the world) under the Apache License in order for the contribution to be included in OpenStack under the Apache License.
The potential contributor should be able to derive comfort from the fact that hundreds of companies have signed the OpenStack CLA without changes (we have never agreed to any changes and Apache has also not agreed to changes in its CLA on which our CLA is based) and thousands (maybe tens of thousands) have signed the Apache CLA. My experience is that many "legal" agreements are signed without legal review particularly if the agreement cannot be changed, so I think that your proposed scenario is not as common as you suggest.
Don't worry about this agreement you're being asked to sign with the OpenStack Foundation because many others have already signed it?
That's not an approach I feel we should be recommending to potential contributors.
Mark.
-----Original Message----- From: Tom Fifield [mailto:tom@openstack.org] Sent: Tuesday, April 22, 2014 8:08 AM To: Radcliffe, Mark; Stefano Maffulli; legal-discuss@lists.openstack.org<mailto:legal-discuss@lists.openstack.org> Subject: Re: [legal-discuss] Trivial contributions and CLAs
On 22/04/14 22:53, Radcliffe, Mark wrote:
Why can't they sign the CLA? IBM and HP are very sensitive to their IP and they have signed it.
This may be completely irrelevant, but I just feel like noting that IBM and HP also have in-house counsel, who can probably look at these things :) It's probably also worth their while, given the scale of their contributions.
However, picture a much smaller organisation. One without a lawyer on tap.
Picture a system administrator, having discovered a small flaw in OpenStack, and having goodwill to want to work with the community.
What happens in this case?
Three theories: - sysadmin asks the manager to sign the corporate CLA, who balks at the legalese, and weighs up whether it's worth forking out x-hundred per hour for the external counsel to merely entertain their star sysadmin's pet project - sysadmin just signs CLA without approval from anyone in the organisation - sysadmin gives up, assuming manager won't approve
It's late, and I may be missing several other potential outcomes to this case, but these seem like poor outcomes, which are plausibly happening more frequently than we record.
We really want to encourage these kind of users to contribute, and I don't think the big problem is being sensitive to IP.
Regards,
Tom
-----Original Message----- From: Stefano Maffulli [mailto:stefano@openstack.org] Sent: Tuesday, April 22, 2014 7:35 AM To: legal-discuss@lists.openstack.org<mailto:legal-discuss@lists.openstack.org> Subject: [legal-discuss] Trivial contributions and CLAs
I have been notified of another very small patch that is left in a limbo, with the author not allowed to sign the CLA and the developers stuck in unknown legal territory. You can read more about it on
https://bugs.launchpad.net/bugs/1308984
From what I can see, the patch is trivial and shouldn't even be copyrightable but the person spotting the issue and fixing it is not comfortable signing the CLAs. Can any other developer copy the patch and put it into our trunk? Until when is this sort of behaviour safe?
We're getting more of these small blockers and I think it's already a problem. Having to sign a Corporate CLA and Individual CLA for a trivial patch, from an operator (whose job is to run clouds, resulting in small and rare patches, not to develop large features) can conflict with our effort to get more operators involved in OpenStack.
I'm not sure what solutions are available. If we can't change the CLA processes easily, what else can we do to get small contributions like these?
thanks, /stef
-- Ask and answer questions on https://ask.openstack.org
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org<mailto:legal-discuss@lists.openstack.org> http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss Please consider the environment before printing this email.
The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com<mailto:postmaster@dlapiper.com>. Thank you.
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org<mailto:legal-discuss@lists.openstack.org> http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
Please consider the environment before printing this email.
The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com<mailto:postmaster@dlapiper.com>. Thank you.
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org<mailto:legal-discuss@lists.openstack.org> http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
Please consider the environment before printing this email.
The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com<mailto:postmaster@dlapiper.com>. Thank you.
Please consider the environment before printing this email. The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
On Wed, 2014-04-23 at 07:03 +0000, Radcliffe, Mark wrote:
-----Original Message----- From: Mark McLoughlin [mailto:markmc@redhat.com] Sent: Tuesday, April 22, 2014 11:10 PM To: Radcliffe, Mark Cc: Tom Fifield; Stefano Maffulli; legal-discuss@lists.openstack.org Subject: Re: [legal-discuss] Trivial contributions and CLAs
Mark:
I don't understand your first comment. The OpenStack Foundation has adopted the Apache model. The Apache Software Foundation uses a CLA for all of its projects. The OpenStack LLC also used a CLA. The CLA has been used as long as OpenStack has been a project. Moreover,
On Wed, 2014-04-23 at 00:22 +0000, Radcliffe, Mark wrote: the
form of the CLA is hardwired into the Bylaws of the Foundation.
≫You said "all projects require a license to the code". In our case, the OpenStack Foundation requires a license to the code which allows us to redistribute the ≫code under the terms of the Apache License. That does not explain why the OpenStack Foundation requires the code to be submitted under the terms of ≫the CLA rather than under the terms of the Apache License.
≫Yes, the Apache Foundation uses a CLA and yes we currently follow a similar model. That doesn't mean its use is justified.
Although I am happy to continue this conversation at a philosophical level, I think that we need to be aware that the Foundation made this choice when it was formed and "hardwired" the decision in the Bylaws.
Yes, and there are a number of other decisions hardwired into the bylaws which we are re-evaluating now. I understand that a change to this policy requires a bylaws change.
As currently drafted, the Bylaws always contemplate the use of a CLA. The bylaws set up the following hierarchy: (1) contributions under the OpenStack Contributor License Agreements in Appendix 7 (2) contributions under a modified CLA (or license) approved by the Board and (3) contributions under the OpenStack Contribution License Agreements with non-material amendments by the Executive Director if the Board grants such power to the Executive Director. The relevant section is:
The Foundation shall generally accept contributions of software made pursuant to the terms of the Contributor License Agreements attached as Appendix 7. The Board of Directors may adopt additional contributor license agreements as may be appropriate for certain organizations or contributions to secure a license on terms which will permit distribution under the Apache License 2.0, and may require inclusion of the Apache License 2.0 license header in code contributions. The Board of Directors may delegate the authority to make non material amendments to the Contributor License Agreement to the Executive Director so long as such modifications permit distribution of the software under Apache License 2.0.
Sure, I understand. I think this was a mistake. The goal here is twofold - (1) ensure the OpenStack Foundation can distribute the project's code under the Apache License and (2) ensure that an appropriate level of due diligence and process is in place to mitigate against any risks to (1). I don't see why the specifics of the CLA needed to be in the bylaws. This is a question of policy and practice that we should be prepared to evolve as we go.
I also disagree with your second point. Many lawyers would feel more comfortable if the agreement is widely used because that like open source code, they believe that if many lawyers have reviewed the agreement it is likely to be acceptable.
≫You said "the potential contributor should be able to derive comfort" in response to Tom's example case of a contributor not having access to counsel. So ≫we're not talking about what makes lawyers feel more comfortable.
≫In cases such as that, I don't think "trust us, many others do" cuts it.
≫Mark.
Let me broaden my comment to include lawyers and non-lawyers. Individuals and companies agree to legal terms on a frequent basis without any legal review. Virtually every website has terms and conditions which apply to both individuals and companies. Individuals sign up to legal terms whenever they order a book from Amazon or open an Gmail account and I doubt that many individuals have lawyers review the terms. Moreover, every person and every company who wants to use cloud services from any vendor, from Amazon to HP to Microsoft will sign up to their terms of service and many times without legal review (I know because I have had to deal with the consequences). I believe that "trust us, many others do" does work:
I believe we should not ignore those who seek to understand the legal agreements they are entering into.
both individuals and lawyers should take comfort from the Apache approach which has been in place for over fifteen years with no complaints of which I am aware.
Our approach is not exactly the same as the approach of the Apache Foundation (see the subject of this thread) and we are also a different community with different values and viewpoints. Mark.
-----Original Message----- From: Mark McLoughlin [mailto:markmc@redhat.com] Sent: Tuesday, April 22, 2014 3:16 PM To: Radcliffe, Mark Cc: Tom Fifield; Stefano Maffulli; legal-discuss@lists.openstack.org Subject: Re: [legal-discuss] Trivial contributions and CLAs
Thanks. The more critical issue is that we need to be sensitive to our users to ensure that we have the right necessary to include
"trivial contribution" in OpenStack under the Apache license. If
On Tue, 2014-04-22 at 15:28 +0000, Radcliffe, Mark wrote: the the
"trivial contribution" is code is likely to be copyrightable (a very low standard). All projects require a license to the code, even if they choose to use the project "license" as the license (such as Linux).
I don't feel I can explain to contributors why they need to do anything other than license the code (to the world) under the Apache License in order for the contribution to be included in OpenStack under the Apache License.
The potential contributor should be able to derive comfort from the fact that hundreds of companies have signed the OpenStack CLA without changes (we have never agreed to any changes and Apache has also not agreed to changes in its CLA on which our CLA is based) and thousands (maybe tens of thousands) have signed the Apache CLA. My experience is that many "legal" agreements are signed without legal review particularly if the agreement cannot be changed, so I think that your proposed scenario is not as common as you suggest.
Don't worry about this agreement you're being asked to sign with the OpenStack Foundation because many others have already signed it?
That's not an approach I feel we should be recommending to potential contributors.
Mark.
-----Original Message----- From: Tom Fifield [mailto:tom@openstack.org] Sent: Tuesday, April 22, 2014 8:08 AM To: Radcliffe, Mark; Stefano Maffulli; legal-discuss@lists.openstack.org Subject: Re: [legal-discuss] Trivial contributions and CLAs
Why can't they sign the CLA? IBM and HP are very sensitive to
On 22/04/14 22:53, Radcliffe, Mark wrote: their IP and they have signed it.
This may be completely irrelevant, but I just feel like noting that IBM and HP also have in-house counsel, who can probably look at these things :) It's probably also worth their while, given the scale of their contributions.
However, picture a much smaller organisation. One without a lawyer on tap.
Picture a system administrator, having discovered a small flaw in OpenStack, and having goodwill to want to work with the community.
What happens in this case?
Three theories: - sysadmin asks the manager to sign the corporate CLA, who balks at the legalese, and weighs up whether it's worth forking out x-hundred per hour for the external counsel to merely entertain their star sysadmin's pet project - sysadmin just signs CLA without approval from anyone in the organisation - sysadmin gives up, assuming manager won't approve
It's late, and I may be missing several other potential outcomes to this case, but these seem like poor outcomes, which are plausibly happening more frequently than we record.
We really want to encourage these kind of users to contribute, and I don't think the big problem is being sensitive to IP.
Regards,
Tom
-----Original Message----- From: Stefano Maffulli [mailto:stefano@openstack.org] Sent: Tuesday, April 22, 2014 7:35 AM To: legal-discuss@lists.openstack.org Subject: [legal-discuss] Trivial contributions and CLAs
I have been notified of another very small patch that is left in a limbo, with the author not allowed to sign the CLA and the developers stuck in unknown legal territory. You can read more about it on
https://bugs.launchpad.net/bugs/1308984
From what I can see, the patch is trivial and shouldn't even be copyrightable but the person spotting the issue and fixing it is not comfortable signing the CLAs. Can any other developer copy the patch and put it into our trunk? Until when is this sort of behaviour safe?
We're getting more of these small blockers and I think it's already a problem. Having to sign a Corporate CLA and Individual CLA for a trivial patch, from an operator (whose job is to run clouds, resulting in small and rare patches, not to develop large features) can conflict with our effort to get more operators involved in OpenStack.
I'm not sure what solutions are available. If we can't change the CLA processes easily, what else can we do to get small contributions like these?
thanks, /stef
-- Ask and answer questions on https://ask.openstack.org
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org
Please consider the environment before printing this email.
The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of
http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
Please consider the environment before printing this email.
The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
Please consider the environment before printing this email.
The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
Please consider the environment before printing this email.
The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
For anyone on this list not accustomed to looking at such things, I think it might be interesting to point out what this patch actually is and what Stefano means by triviality (even though the CLA may not be the relevant issue in this instance, the issue of contribution process around trivial patches is the larger issue that Stefano was raising): The patch would cause one existing line in one file: options = sorted([(ip.id, ip.ip) for ip in ips if not ip.port_id]) to be replaced with this: options = sorted([(ip.id, ip.ip) for ip in ips if not ip.port_id], key=lambda ip: ip[1]) That is: all this patch does is add the following text to one line of a file: ", key=lambda ip: ip[1]" The file itself contains about ~100 lines of code, and Horizon, the relevant project, contains, I believe, about 2000 files. - RF Stefano wrote:
I have been notified of another very small patch that is left in a limbo, with the author not allowed to sign the CLA and the developers stuck in unknown legal territory. You can read more about it on
https://bugs.launchpad.net/bugs/1308984
From what I can see, the patch is trivial and shouldn't even be copyrightable but the person spotting the issue and fixing it is not comfortable signing the CLAs. Can any other developer copy the patch and put it into our trunk? Until when is this sort of behaviour safe?
We're getting more of these small blockers and I think it's already a problem. Having to sign a Corporate CLA and Individual CLA for a trivial patch, from an operator (whose job is to run clouds, resulting in small and rare patches, not to develop large features) can conflict with our effort to get more operators involved in OpenStack.
I'm not sure what solutions are available. If we can't change the CLA processes easily, what else can we do to get small contributions like these?
I have been notified of another very small patch that is left in a limbo, with the author not allowed to sign the CLA and the developers stuck in unknown legal territory. You can read more about it on
https://bugs.launchpad.net/bugs/1308984
From what I can see, the patch is trivial and shouldn't even be copyrightable but the person spotting the issue and fixing it is not comfortable signing the CLAs. Can any other developer copy the patch and put it into our trunk? Until when is this sort of behaviour safe?
We're getting more of these small blockers and I think it's already a
Thank you Richard. That helps put it in perspective. The process needs to permit a trusted person to exercise discretion in edge cases like this. That is true of every process involving human interaction. The Foundation Bylaws contemplate the Board giving this kind of edge-case discretion to the Executive Director. I don't see that there is much risk around intellectual property in this kind of contribution. Who would make a claim? There is a secondary risk that the project is viewed as being lax on IP issues generally, which would scare off some users. I think this is also unlikely. My impression is that the project is viewed as exercising an abundance of caution. The kind of participation represented by this contribution is valuable. Reward significantly outweighs risk. Still on the list and felt like chiming in! Alice -----Original Message----- From: Richard Fontana [mailto:rfontana@redhat.com] Sent: Tuesday, April 22, 2014 7:32 PM To: legal-discuss@lists.openstack.org Subject: Re: [legal-discuss] Trivial contributions and CLAs For anyone on this list not accustomed to looking at such things, I think it might be interesting to point out what this patch actually is and what Stefano means by triviality (even though the CLA may not be the relevant issue in this instance, the issue of contribution process around trivial patches is the larger issue that Stefano was raising): The patch would cause one existing line in one file: options = sorted([(ip.id, ip.ip) for ip in ips if not ip.port_id]) to be replaced with this: options = sorted([(ip.id, ip.ip) for ip in ips if not ip.port_id], key=lambda ip: ip[1]) That is: all this patch does is add the following text to one line of a file: ", key=lambda ip: ip[1]" The file itself contains about ~100 lines of code, and Horizon, the relevant project, contains, I believe, about 2000 files. - RF Stefano wrote: problem. Having to sign a Corporate CLA and Individual CLA for a trivial patch, from an operator (whose job is to run clouds, resulting in small and rare patches, not to develop large features) can conflict with our effort to get more operators involved in OpenStack.
I'm not sure what solutions are available. If we can't change the CLA
processes easily, what else can we do to get small contributions like these? _______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
I have been notified of another very small patch that is left in a limbo, with the author not allowed to sign the CLA and the developers stuck in unknown legal territory. You can read more about it on
https://bugs.launchpad.net/bugs/1308984
From what I can see, the patch is trivial and shouldn't even be copyrightable but the person spotting the issue and fixing it is not comfortable signing the CLAs. Can any other developer copy the patch and
Hi Alice!! Nice to know I am not the only one hanging out on this list and not responding much. Hope all's well with you! As it relates to IP I guess I do have a few concerns with the trajectory of this discussion. I apologize if I am missing something obvious and if so feel free to disregard this... For example how do we determine what "trivial contribution" is? Who makes that call? Would it be the same to all participants? Why are IBM and HP and others who have signed the CLA held to a different standard and denied the ability to make trivial contributions (not that I think we should be able to make them I don't think they should be made at all) but if some can make them why not all? Most importantly it is the patent IP I think we should be worried about. What if that line or two of code trivially contributed completes the steps of a patent claim held by the contributer's company that then makes open stack users infringers of that code? Remember our committee discussions about contributors licenses which extend not only to the code they contribute but its combination with the work? This is exactly the same point. Even a trivial contribution in terms of size or function can render a body of code infringing. I think that one of the great benefits of the CLA is that it addresses that scenario. So in my view we need to think long and hard about letting companies take a pass on what everyone else has agreed to lest we find ourselves facing patent claims based on trivial additions. I would not expect (though please correct me if I am wrong) that someone planning on doing a patent clearance against the contributor when such contributions are made before they are deemed trivial? I would think that would be more than a trivial undertaking. Sorry if I am missing something that covers us for patents but I think I have this right. Marc A. Ehrlich From: "Alice King" <alice@alicelkingpc.com> To: "'Richard Fontana'" <rfontana@redhat.com>, <legal-discuss@lists.openstack.org>, Date: 04/22/2014 08:55 PM Subject: Re: [legal-discuss] Trivial contributions and CLAs Thank you Richard. That helps put it in perspective. The process needs to permit a trusted person to exercise discretion in edge cases like this. That is true of every process involving human interaction. The Foundation Bylaws contemplate the Board giving this kind of edge-case discretion to the Executive Director. I don't see that there is much risk around intellectual property in this kind of contribution. Who would make a claim? There is a secondary risk that the project is viewed as being lax on IP issues generally, which would scare off some users. I think this is also unlikely. My impression is that the project is viewed as exercising an abundance of caution. The kind of participation represented by this contribution is valuable. Reward significantly outweighs risk. Still on the list and felt like chiming in! Alice -----Original Message----- From: Richard Fontana [mailto:rfontana@redhat.com] Sent: Tuesday, April 22, 2014 7:32 PM To: legal-discuss@lists.openstack.org Subject: Re: [legal-discuss] Trivial contributions and CLAs For anyone on this list not accustomed to looking at such things, I think it might be interesting to point out what this patch actually is and what Stefano means by triviality (even though the CLA may not be the relevant issue in this instance, the issue of contribution process around trivial patches is the larger issue that Stefano was raising): The patch would cause one existing line in one file: options = sorted([(ip.id, ip.ip) for ip in ips if not ip.port_id]) to be replaced with this: options = sorted([(ip.id, ip.ip) for ip in ips if not ip.port_id], key=lambda ip: ip[1]) That is: all this patch does is add the following text to one line of a file: ", key=lambda ip: ip[1]" The file itself contains about ~100 lines of code, and Horizon, the relevant project, contains, I believe, about 2000 files. - RF Stefano wrote: put it into our trunk? Until when is this sort of behaviour safe?
We're getting more of these small blockers and I think it's already a
problem. Having to sign a Corporate CLA and Individual CLA for a trivial patch, from an operator (whose job is to run clouds, resulting in small and rare patches, not to develop large features) can conflict with our effort to get more operators involved in OpenStack.
I'm not sure what solutions are available. If we can't change the CLA
processes easily, what else can we do to get small contributions like these? _______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss _______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
On Tue, Apr 22, 2014 at 09:19:44PM -0400, Marc Ehrlich wrote:
Most importantly it is the patent IP I think we should be worried about. What if that line or two of code trivially contributed completes the steps of a patent claim held by the contributer's company that then makes open stack users infringers of that code?
No one's argued (as far as I am aware) that contributions should enter an OpenStack project under no legal terms; the issue has really been whether those terms should be the CLA (or more than one CLA), or the Apache License (or, I wondered for a while, both), and how much formality or ceremoniality is needed for any of those things to happen.
Even a trivial contribution in terms of size or function can render a body of code infringing. I think that one of the great benefits of the CLA is that it addresses that scenario.
As does the Apache License. Therefore:
So in my view we need to think long and hard about letting companies take a pass on what everyone else has agreed to lest we find ourselves facing patent claims based on trivial additions.
It isn't about allowing anyone to "take a pass". Rather it's whether the license is the CLA or the Apache License.
Sorry if I am missing something that covers us for patents
The Apache License, which I've been hearing people praise for years as a superior permissive open source license because it contains a patent license grant. - RF
From: "Alice King" <alice@alicelkingpc.com> To: "'Richard Fontana'" <rfontana@redhat.com>, <legal-discuss@lists.openstack.org>, Date: 04/22/2014 08:55 PM Subject: Re: [legal-discuss] Trivial contributions and CLAs ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Thank you Richard. That helps put it in perspective.
The process needs to permit a trusted person to exercise discretion in edge cases like this. That is true of every process involving human interaction. The Foundation Bylaws contemplate the Board giving this kind of edge-case discretion to the Executive Director.
I don't see that there is much risk around intellectual property in this kind of contribution. Who would make a claim? There is a secondary risk that the project is viewed as being lax on IP issues generally, which would scare off some users. I think this is also unlikely. My impression is that the project is viewed as exercising an abundance of caution.
The kind of participation represented by this contribution is valuable. Reward significantly outweighs risk.
Still on the list and felt like chiming in!
Alice
-----Original Message----- From: Richard Fontana [mailto:rfontana@redhat.com] Sent: Tuesday, April 22, 2014 7:32 PM To: legal-discuss@lists.openstack.org Subject: Re: [legal-discuss] Trivial contributions and CLAs
For anyone on this list not accustomed to looking at such things, I think it might be interesting to point out what this patch actually is and what Stefano means by triviality (even though the CLA may not be the relevant issue in this instance, the issue of contribution process around trivial patches is the larger issue that Stefano was raising):
The patch would cause one existing line in one file:
options = sorted([(ip.id, ip.ip) for ip in ips if not ip.port_id])
to be replaced with this:
options = sorted([(ip.id, ip.ip) for ip in ips if not ip.port_id], key=lambda ip: ip[1])
That is: all this patch does is add the following text to one line of a file: ", key=lambda ip: ip[1]" The file itself contains about ~100 lines of code, and Horizon, the relevant project, contains, I believe, about 2000 files.
- RF
I have been notified of another very small patch that is left in a limbo, with the author not allowed to sign the CLA and the developers stuck in unknown legal territory. You can read more about it on
https://bugs.launchpad.net/bugs/1308984
From what I can see, the patch is trivial and shouldn't even be copyrightable but the person spotting the issue and fixing it is not comfortable signing the CLAs. Can any other developer copy the patch and put it into our trunk? Until when is this sort of behaviour safe?
We're getting more of these small blockers and I think it's already a
Stefano wrote: problem. Having to sign a Corporate CLA and Individual CLA for a trivial patch, from an operator (whose job is to run clouds, resulting in small and rare patches, not to develop large features) can conflict with our effort to get more operators involved in OpenStack.
I'm not sure what solutions are available. If we can't change the CLA
processes easily, what else can we do to get small contributions like these?
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
I have been notified of another very small patch that is left in a limbo, with the author not allowed to sign the CLA and the developers stuck in unknown legal territory. You can read more about it on
https://bugs.launchpad.net/bugs/1308984
From what I can see, the patch is trivial and shouldn't even be copyrightable but the person spotting the issue and fixing it is not comfortable signing the CLAs. Can any other developer copy the patch and put it into our trunk? Until when is this sort of behaviour safe?
We're getting more of these small blockers and I think it's already a
Hi Marc! In the order of your comments: I am fine and hope you are too!! I know all of you have been carefully working on these issues and it has been quite a while since I have been in the trenches. So apologies if I am speaking "out of school," but here are my thoughts: I think the Executive Director would make the call, and would probably want the advice of legal counsel. I want to stress that I am talking only about exceptional cases. The Board can set parameters for the ED and can set them as conservatively as they think wise. In any domain the application of rules with human judgment can lead to unintended and unwanted results. The Foundation does not have a judiciary, but the Bylaws do contemplate the ED having this type of discretion on intellectual property matters. On the patent risk - forgive me if I missing something, but I am not sure I see much additional risk here either. Any contributor can expose the project to the risk of a patent infringement claim by someone outside of the community. I don't think the CLA helps manage that risk. It only creates a disincentive for a contributor to make a patent claim based on their own contribution. Again, in this particular edge case I think the risk is low that a contributor would make that one slight change that then brings the technology under a patent that the very same contributor holds. But this would be a judgment call for the ED. Certainly the patent risk would be part of the equation in every case. Alice From: Marc Ehrlich [mailto:mehrlich@us.ibm.com] Sent: Tuesday, April 22, 2014 8:20 PM To: Alice King Cc: legal-discuss@lists.openstack.org; 'Richard Fontana' Subject: Re: [legal-discuss] Trivial contributions and CLAs Hi Alice!! Nice to know I am not the only one hanging out on this list and not responding much. Hope all's well with you! As it relates to IP I guess I do have a few concerns with the trajectory of this discussion. I apologize if I am missing something obvious and if so feel free to disregard this... For example how do we determine what "trivial contribution" is? Who makes that call? Would it be the same to all participants? Why are IBM and HP and others who have signed the CLA held to a different standard and denied the ability to make trivial contributions (not that I think we should be able to make them I don't think they should be made at all) but if some can make them why not all? Most importantly it is the patent IP I think we should be worried about. What if that line or two of code trivially contributed completes the steps of a patent claim held by the contributer's company that then makes open stack users infringers of that code? Remember our committee discussions about contributors licenses which extend not only to the code they contribute but its combination with the work? This is exactly the same point. Even a trivial contribution in terms of size or function can render a body of code infringing. I think that one of the great benefits of the CLA is that it addresses that scenario. So in my view we need to think long and hard about letting companies take a pass on what everyone else has agreed to lest we find ourselves facing patent claims based on trivial additions. I would not expect (though please correct me if I am wrong) that someone planning on doing a patent clearance against the contributor when such contributions are made before they are deemed trivial? I would think that would be more than a trivial undertaking. Sorry if I am missing something that covers us for patents but I think I have this right. Marc A. Ehrlich "Alice King" ---04/22/2014 08:55:37 PM---Thank you Richard. That helps put it in perspective. The process needs to permit a trusted person From: "Alice King" <alice@alicelkingpc.com <mailto:alice@alicelkingpc.com> > To: "'Richard Fontana'" <rfontana@redhat.com <mailto:rfontana@redhat.com> >, <legal-discuss@lists.openstack.org <mailto:legal-discuss@lists.openstack.org> >, Date: 04/22/2014 08:55 PM Subject: Re: [legal-discuss] Trivial contributions and CLAs _____ Thank you Richard. That helps put it in perspective. The process needs to permit a trusted person to exercise discretion in edge cases like this. That is true of every process involving human interaction. The Foundation Bylaws contemplate the Board giving this kind of edge-case discretion to the Executive Director. I don't see that there is much risk around intellectual property in this kind of contribution. Who would make a claim? There is a secondary risk that the project is viewed as being lax on IP issues generally, which would scare off some users. I think this is also unlikely. My impression is that the project is viewed as exercising an abundance of caution. The kind of participation represented by this contribution is valuable. Reward significantly outweighs risk. Still on the list and felt like chiming in! Alice -----Original Message----- From: Richard Fontana [mailto:rfontana@redhat.com] Sent: Tuesday, April 22, 2014 7:32 PM To: legal-discuss@lists.openstack.org <mailto:legal-discuss@lists.openstack.org> Subject: Re: [legal-discuss] Trivial contributions and CLAs For anyone on this list not accustomed to looking at such things, I think it might be interesting to point out what this patch actually is and what Stefano means by triviality (even though the CLA may not be the relevant issue in this instance, the issue of contribution process around trivial patches is the larger issue that Stefano was raising): The patch would cause one existing line in one file: options = sorted([(ip.id, ip.ip) for ip in ips if not ip.port_id]) to be replaced with this: options = sorted([(ip.id, ip.ip) for ip in ips if not ip.port_id], key=lambda ip: ip[1]) That is: all this patch does is add the following text to one line of a file: ", key=lambda ip: ip[1]" The file itself contains about ~100 lines of code, and Horizon, the relevant project, contains, I believe, about 2000 files. - RF Stefano wrote: problem. Having to sign a Corporate CLA and Individual CLA for a trivial patch, from an operator (whose job is to run clouds, resulting in small and rare patches, not to develop large features) can conflict with our effort to get more operators involved in OpenStack.
I'm not sure what solutions are available. If we can't change the CLA
processes easily, what else can we do to get small contributions like these? _______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org <mailto:legal-discuss@lists.openstack.org> http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss _______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
On Tue, 2014-04-22 at 20:57 -0500, Alice King wrote:
I think the Executive Director would make the call, and would probably want the advice of legal counsel. I want to stress that I am talking only about exceptional cases. The Board can set parameters for the ED and can set them as conservatively as they think wise. In any domain the application of rules with human judgment can lead to unintended and unwanted results. The Foundation does not have a judiciary, but the Bylaws do contemplate the ED having this type of discretion on intellectual property matters.
A process whereby the project's lead developers must ask for permission from the ED in order to accept these sort of contributions wouldn't be much less intolerable than the current situation IMO. The goal here should be to eliminate any such friction so that we can encourage these types of contributions from the wider operators community. Mark.
On Wed, Apr 23 2014, Mark McLoughlin wrote:
On Tue, 2014-04-22 at 20:57 -0500, Alice King wrote:
I think the Executive Director would make the call, and would probably want the advice of legal counsel. I want to stress that I am talking only about exceptional cases. The Board can set parameters for the ED and can set them as conservatively as they think wise. In any domain the application of rules with human judgment can lead to unintended and unwanted results. The Foundation does not have a judiciary, but the Bylaws do contemplate the ED having this type of discretion on intellectual property matters.
A process whereby the project's lead developers must ask for permission from the ED in order to accept these sort of contributions wouldn't be much less intolerable than the current situation IMO.
The goal here should be to eliminate any such friction so that we can encourage these types of contributions from the wider operators community.
+1 to all of that. It's a real pain to have to sign CLA or any kind of legal agreements before sending a trivial patch, and that is a lot of frictions for people just passing by in the project. And as the project grows, this is going to happen more and more often. FWIW, GNU's using a rough limit of ~15 SLOC to determine what could be trivial or no: http://www.gnu.org/prep/maintain/maintain.html#Legally-Significant -- Julien Danjou // Free Software hacker // http://julien.danjou.info
I have been notified of another very small patch that is left in a limbo, with the author not allowed to sign the CLA and the developers stuck in unknown legal territory. You can read more about it on
https://bugs.launchpad.net/bugs/1308984
From what I can see, the patch is trivial and shouldn't even be copyrightable but the person spotting the issue and fixing it is not comfortable signing the CLAs. Can any other developer copy the patch and put it into our trunk? Until when is this sort of behaviour safe?
We're getting more of these small blockers and I think it's already a
We actually discussed this issue at the Legal Affairs committee meeting in January. The issues raised by Marc led the Committee to conclude that, at present, it would be very difficult to find a general rule and a case by case approach would be difficult to manage and potentially unfair to the major contributors. The fundamental issue raised at the Legal Affairs Committee meeting was that such a policy would be unfair to the major contributors because it would actually favor "small contributors" over the major contributors. I also don't think that the bylaws actually give the Executive Director that authority and it would be difficult to have the Board grant it to him. My memory was that the approach in drafting this section was consistent in minimizing discretion in the manner in which contributions could be accepted. Although I suggested giving the Board more flexibility, the decision was that method of contribution needed to tightly controlled. As currently drafted, the Bylaws always contemplate the use of a CLA. The bylaws set up the following hierarchy: (1) contributions under the OpenStack Contributor License Agreements in Appendix 7 (2) contributions under a modified CLA (or license) approved by the Board and (3) contributions under the OpenStack Contribution License Agreements with non-material amendments by the Executive Director if the Board grants such power to the Executive Director. The relevant section is: The Foundation shall generally accept contributions of software made pursuant to the terms of the Contributor License Agreements attached as Appendix 7. The Board of Directors may adopt additional contributor license agreements as may be appropriate for certain organizations or contributions to secure a license on terms which will permit distribution under the Apache License 2.0, and may require inclusion of the Apache License 2.0 license header in code contributions. The Board of Directors may delegate the authority to make non material amendments to the Contributor License Agreement to the Executive Director so long as such modifications permit distribution of the software under Apache License 2.0. From: Alice King [mailto:alice_king@att.net] Sent: Tuesday, April 22, 2014 6:57 PM To: 'Marc Ehrlich' Cc: legal-discuss@lists.openstack.org Subject: Re: [legal-discuss] Trivial contributions and CLAs Hi Marc! In the order of your comments: I am fine and hope you are too!! I know all of you have been carefully working on these issues and it has been quite a while since I have been in the trenches. So apologies if I am speaking "out of school," but here are my thoughts: I think the Executive Director would make the call, and would probably want the advice of legal counsel. I want to stress that I am talking only about exceptional cases. The Board can set parameters for the ED and can set them as conservatively as they think wise. In any domain the application of rules with human judgment can lead to unintended and unwanted results. The Foundation does not have a judiciary, but the Bylaws do contemplate the ED having this type of discretion on intellectual property matters. On the patent risk - forgive me if I missing something, but I am not sure I see much additional risk here either. Any contributor can expose the project to the risk of a patent infringement claim by someone outside of the community. I don't think the CLA helps manage that risk. It only creates a disincentive for a contributor to make a patent claim based on their own contribution. Again, in this particular edge case I think the risk is low that a contributor would make that one slight change that then brings the technology under a patent that the very same contributor holds. But this would be a judgment call for the ED. Certainly the patent risk would be part of the equation in every case. Alice From: Marc Ehrlich [mailto:mehrlich@us.ibm.com] Sent: Tuesday, April 22, 2014 8:20 PM To: Alice King Cc: legal-discuss@lists.openstack.org<mailto:legal-discuss@lists.openstack.org>; 'Richard Fontana' Subject: Re: [legal-discuss] Trivial contributions and CLAs Hi Alice!! Nice to know I am not the only one hanging out on this list and not responding much. Hope all's well with you! As it relates to IP I guess I do have a few concerns with the trajectory of this discussion. I apologize if I am missing something obvious and if so feel free to disregard this... For example how do we determine what "trivial contribution" is? Who makes that call? Would it be the same to all participants? Why are IBM and HP and others who have signed the CLA held to a different standard and denied the ability to make trivial contributions (not that I think we should be able to make them I don't think they should be made at all) but if some can make them why not all? Most importantly it is the patent IP I think we should be worried about. What if that line or two of code trivially contributed completes the steps of a patent claim held by the contributer's company that then makes open stack users infringers of that code? Remember our committee discussions about contributors licenses which extend not only to the code they contribute but its combination with the work? This is exactly the same point. Even a trivial contribution in terms of size or function can render a body of code infringing. I think that one of the great benefits of the CLA is that it addresses that scenario. So in my view we need to think long and hard about letting companies take a pass on what everyone else has agreed to lest we find ourselves facing patent claims based on trivial additions. I would not expect (though please correct me if I am wrong) that someone planning on doing a patent clearance against the contributor when such contributions are made before they are deemed trivial? I would think that would be more than a trivial undertaking. Sorry if I am missing something that covers us for patents but I think I have this right. Marc A. Ehrlich [Inactive hide details for "Alice King" ---04/22/2014 08:55:37 PM---Thank you Richard. That helps put it in perspective. The]"Alice King" ---04/22/2014 08:55:37 PM---Thank you Richard. That helps put it in perspective. The process needs to permit a trusted person From: "Alice King" <alice@alicelkingpc.com<mailto:alice@alicelkingpc.com>> To: "'Richard Fontana'" <rfontana@redhat.com<mailto:rfontana@redhat.com>>, <legal-discuss@lists.openstack.org<mailto:legal-discuss@lists.openstack.org>>, Date: 04/22/2014 08:55 PM Subject: Re: [legal-discuss] Trivial contributions and CLAs ________________________________ Thank you Richard. That helps put it in perspective. The process needs to permit a trusted person to exercise discretion in edge cases like this. That is true of every process involving human interaction. The Foundation Bylaws contemplate the Board giving this kind of edge-case discretion to the Executive Director. I don't see that there is much risk around intellectual property in this kind of contribution. Who would make a claim? There is a secondary risk that the project is viewed as being lax on IP issues generally, which would scare off some users. I think this is also unlikely. My impression is that the project is viewed as exercising an abundance of caution. The kind of participation represented by this contribution is valuable. Reward significantly outweighs risk. Still on the list and felt like chiming in! Alice -----Original Message----- From: Richard Fontana [mailto:rfontana@redhat.com] Sent: Tuesday, April 22, 2014 7:32 PM To: legal-discuss@lists.openstack.org<mailto:legal-discuss@lists.openstack.org> Subject: Re: [legal-discuss] Trivial contributions and CLAs For anyone on this list not accustomed to looking at such things, I think it might be interesting to point out what this patch actually is and what Stefano means by triviality (even though the CLA may not be the relevant issue in this instance, the issue of contribution process around trivial patches is the larger issue that Stefano was raising): The patch would cause one existing line in one file: options = sorted([(ip.id, ip.ip) for ip in ips if not ip.port_id]) to be replaced with this: options = sorted([(ip.id, ip.ip) for ip in ips if not ip.port_id], key=lambda ip: ip[1]) That is: all this patch does is add the following text to one line of a file: ", key=lambda ip: ip[1]" The file itself contains about ~100 lines of code, and Horizon, the relevant project, contains, I believe, about 2000 files. - RF Stefano wrote: problem. Having to sign a Corporate CLA and Individual CLA for a trivial patch, from an operator (whose job is to run clouds, resulting in small and rare patches, not to develop large features) can conflict with our effort to get more operators involved in OpenStack.
I'm not sure what solutions are available. If we can't change the CLA
processes easily, what else can we do to get small contributions like these? _______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org<mailto:legal-discuss@lists.openstack.org> http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss _______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org<mailto:legal-discuss@lists.openstack.org> http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss Please consider the environment before printing this email. The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
Honestly, I think the current model provides a lot less additional guarantees than people believe it does. OpenStack currently has ~100 runtime requirements dependencies that are additional python libraries - https://github.com/openstack/requirements/blob/master/global-requirements.tx... In order to build a functioning OpenStack system, you must have most of these. They are under various licenses, with various upstream inclusion criteria. If that trivial fix happened in a dependent library, it would just be merged. The large contributors would be at exactly the same risk, as they are shipping this new code. They probably have a code scan mechanism to find the worst of this, but that's clearly not going to find every instance. The assumption that the CLA is a massively time saving and protective shield breaks down the moment that you actually try to ship real OpenStack as part of a product. In my experience, most people unfamiliar with the details of OpenStack get taken by surprise on OpenStack the project vs. OpenStack the code needed to run a cloud (most of which isn't actually OpenStack "the project" code). It would be good to know if this level of detail came up in the Legal Affairs committee, because I can see without it people might come to different conclusions than with it. So the material impact of the CLA right now is creating friction for growing the contributor base from anything other than large entities with legal teams. It doesn't materially impact the risk for an entity that wants to productize OpenStack, given the library hole. -Sean On 04/23/2014 02:37 AM, Radcliffe, Mark wrote:
We actually discussed this issue at the Legal Affairs committee meeting in January. The issues raised by Marc led the Committee to conclude that, at present, it would be very difficult to find a general rule and a case by case approach would be difficult to manage and potentially unfair to the major contributors. The fundamental issue raised at the Legal Affairs Committee meeting was that such a policy would be unfair to the major contributors because it would actually favor “small contributors” over the major contributors.
I also don’t think that the bylaws actually give the Executive Director that authority and it would be difficult to have the Board grant it to him. My memory was that the approach in drafting this section was consistent in minimizing discretion in the manner in which contributions could be accepted. Although I suggested giving the Board more flexibility, the decision was that method of contribution needed to tightly controlled. As currently drafted, the Bylaws always contemplate the use of a CLA. The bylaws set up the following hierarchy: (1) contributions under the OpenStack Contributor License Agreements in Appendix 7 (2) contributions under a modified CLA (or license) approved by the Board and (3) contributions under the OpenStack Contribution License Agreements with non-material amendments by the Executive Director if the Board grants such power to the Executive Director. The relevant section is:
/The Foundation shall generally accept contributions of software made pursuant to the terms of the Contributor License Agreements attached as Appendix 7. The Board of Directors may adopt additional contributor license agreements as may be appropriate for certain organizations or contributions to secure a license on terms which will permit distribution under the Apache License 2.0, and may require inclusion of the Apache License 2.0 license header in code contributions. The Board of Directors may delegate the authority to make non material amendments to the Contributor License Agreement to the Executive Director so long as such modifications permit distribution of the software under Apache License 2.0./
*From:*Alice King [mailto:alice_king@att.net] *Sent:* Tuesday, April 22, 2014 6:57 PM *To:* 'Marc Ehrlich' *Cc:* legal-discuss@lists.openstack.org *Subject:* Re: [legal-discuss] Trivial contributions and CLAs
Hi Marc! In the order of your comments:
I am fine and hope you are too!! I know all of you have been carefully working on these issues and it has been quite a while since I have been in the trenches. So apologies if I am speaking “out of school,” but here are my thoughts:
I think the Executive Director would make the call, and would probably want the advice of legal counsel. I want to stress that I am talking only about exceptional cases. The Board can set parameters for the ED and can set them as conservatively as they think wise. In any domain the application of rules with human judgment can lead to unintended and unwanted results. The Foundation does not have a judiciary, but the Bylaws do contemplate the ED having this type of discretion on intellectual property matters.
On the patent risk – forgive me if I missing something, but I am not sure I see much additional risk here either. Any contributor can expose the project to the risk of a patent infringement claim by someone outside of the community. I don’t think the CLA helps manage that risk. It only creates a disincentive for a contributor to make a patent claim based on their own contribution. Again, in this particular edge case I think the risk is low that a contributor would make that one slight change that then brings the technology under a patent that the very same contributor holds. But this would be a judgment call for the ED. Certainly the patent risk would be part of the equation in every case.
Alice
*From:*Marc Ehrlich [mailto:mehrlich@us.ibm.com] *Sent:* Tuesday, April 22, 2014 8:20 PM *To:* Alice King *Cc:* legal-discuss@lists.openstack.org <mailto:legal-discuss@lists.openstack.org>; 'Richard Fontana' *Subject:* Re: [legal-discuss] Trivial contributions and CLAs
Hi Alice!! Nice to know I am not the only one hanging out on this list and not responding much. Hope all's well with you!
As it relates to IP I guess I do have a few concerns with the trajectory of this discussion. I apologize if I am missing something obvious and if so feel free to disregard this...
For example how do we determine what "trivial contribution" is? Who makes that call? Would it be the same to all participants? Why are IBM and HP and others who have signed the CLA held to a different standard and denied the ability to make trivial contributions (not that I think we should be able to make them I don't think they should be made at all) but if some can make them why not all?
Most importantly it is the patent IP I think we should be worried about. What if that line or two of code trivially contributed completes the steps of a patent claim held by the contributer's company that then makes open stack users infringers of that code? Remember our committee discussions about contributors licenses which extend not only to the code they contribute but its combination with the work? This is exactly the same point. Even a trivial contribution in terms of size or function can render a body of code infringing. I think that one of the great benefits of the CLA is that it addresses that scenario. So in my view we need to think long and hard about letting companies take a pass on what everyone else has agreed to lest we find ourselves facing patent claims based on trivial additions. I would not expect (though please correct me if I am wrong) that someone planning on doing a patent clearance against the contributor when such contributions are made before they are deemed trivial? I would think that would be more than a trivial undertaking.
Sorry if I am missing something that covers us for patents but I think I have this right.
Marc A. Ehrlich
Inactive hide details for "Alice King" ---04/22/2014 08:55:37 PM---Thank you Richard. That helps put it in perspective. The "Alice King" ---04/22/2014 08:55:37 PM---Thank you Richard. That helps put it in perspective. The process needs to permit a trusted person
From: "Alice King" <alice@alicelkingpc.com <mailto:alice@alicelkingpc.com>> To: "'Richard Fontana'" <rfontana@redhat.com <mailto:rfontana@redhat.com>>, <legal-discuss@lists.openstack.org <mailto:legal-discuss@lists.openstack.org>>, Date: 04/22/2014 08:55 PM Subject: Re: [legal-discuss] Trivial contributions and CLAs
------------------------------------------------------------------------
Thank you Richard. That helps put it in perspective.
The process needs to permit a trusted person to exercise discretion in edge cases like this. That is true of every process involving human interaction. The Foundation Bylaws contemplate the Board giving this kind of edge-case discretion to the Executive Director.
I don't see that there is much risk around intellectual property in this kind of contribution. Who would make a claim? There is a secondary risk that the project is viewed as being lax on IP issues generally, which would scare off some users. I think this is also unlikely. My impression is that the project is viewed as exercising an abundance of caution.
The kind of participation represented by this contribution is valuable. Reward significantly outweighs risk.
Still on the list and felt like chiming in!
Alice
-----Original Message----- From: Richard Fontana [mailto:rfontana@redhat.com] Sent: Tuesday, April 22, 2014 7:32 PM To: legal-discuss@lists.openstack.org <mailto:legal-discuss@lists.openstack.org> Subject: Re: [legal-discuss] Trivial contributions and CLAs
For anyone on this list not accustomed to looking at such things, I think it might be interesting to point out what this patch actually is and what Stefano means by triviality (even though the CLA may not be the relevant issue in this instance, the issue of contribution process around trivial patches is the larger issue that Stefano was raising):
The patch would cause one existing line in one file:
options = sorted([(ip.id, ip.ip) for ip in ips if not ip.port_id])
to be replaced with this:
options = sorted([(ip.id, ip.ip) for ip in ips if not ip.port_id], key=lambda ip: ip[1])
That is: all this patch does is add the following text to one line of a file: ", key=lambda ip: ip[1]" The file itself contains about ~100 lines of code, and Horizon, the relevant project, contains, I believe, about 2000 files.
- RF
I have been notified of another very small patch that is left in a limbo, with the author not allowed to sign the CLA and the developers stuck in unknown legal territory. You can read more about it on
https://bugs.launchpad.net/bugs/1308984
From what I can see, the patch is trivial and shouldn't even be copyrightable but the person spotting the issue and fixing it is not comfortable signing the CLAs. Can any other developer copy the patch and put it into our trunk? Until when is this sort of behaviour safe?
We're getting more of these small blockers and I think it's already a
Stefano wrote: problem. Having to sign a Corporate CLA and Individual CLA for a trivial patch, from an operator (whose job is to run clouds, resulting in small and rare patches, not to develop large features) can conflict with our effort to get more operators involved in OpenStack.
I'm not sure what solutions are available. If we can't change the CLA
processes easily, what else can we do to get small contributions like these?
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org <mailto:legal-discuss@lists.openstack.org> http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org <mailto:legal-discuss@lists.openstack.org> http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
Please consider the environment before printing this email.
The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
-- Sean Dague http://dague.net
I have been notified of another very small patch that is left in a limbo, with the author not allowed to sign the CLA and the developers stuck in unknown legal territory. You can read more about it on
https://bugs.launchpad.net/bugs/1308984
From what I can see, the patch is trivial and shouldn't even be copyrightable but the person spotting the issue and fixing it is not comfortable signing the CLAs. Can any other developer copy the patch and put it into our trunk? Until when is this sort of behaviour safe?
We're getting more of these small blockers and I think it's already a
Hi Mark. I think there's enough language in the Bylaws to support ED authority in this particular circumstance and other circumstances that are this narrow. I would not personally advocate for more than that. I think the worry here is the "slippery slope." Given the constraints of the language in the Bylaws, the slope is not that slippery. Speaking from a pragmatic perspective - these kind of changes will probably find their way into the project via some completely unauthorized means. This is a bigger problem than setting up some sort of exception management. And sorry to go on and on, but. The Legal Affairs Committee has probably done a great job of exploring the legal risk, but I think it's a Board decision if they care to take it up. The Legal Affairs Committee is an advisory committee and I think it only includes representatives from the big contributors. I think the Board is the right body to weigh the legal risk against policy considerations. They are representative of the full range of perspectives in the community and are in the best position to understand the full significance to the community of turning away a contribution like this on these grounds. Thank you! Alice From: Radcliffe, Mark [mailto:Mark.Radcliffe@dlapiper.com] Sent: Wednesday, April 23, 2014 1:37 AM To: Alice King; 'Marc Ehrlich' Cc: legal-discuss@lists.openstack.org Subject: RE: [legal-discuss] Trivial contributions and CLAs We actually discussed this issue at the Legal Affairs committee meeting in January. The issues raised by Marc led the Committee to conclude that, at present, it would be very difficult to find a general rule and a case by case approach would be difficult to manage and potentially unfair to the major contributors. The fundamental issue raised at the Legal Affairs Committee meeting was that such a policy would be unfair to the major contributors because it would actually favor "small contributors" over the major contributors. I also don't think that the bylaws actually give the Executive Director that authority and it would be difficult to have the Board grant it to him. My memory was that the approach in drafting this section was consistent in minimizing discretion in the manner in which contributions could be accepted. Although I suggested giving the Board more flexibility, the decision was that method of contribution needed to tightly controlled. As currently drafted, the Bylaws always contemplate the use of a CLA. The bylaws set up the following hierarchy: (1) contributions under the OpenStack Contributor License Agreements in Appendix 7 (2) contributions under a modified CLA (or license) approved by the Board and (3) contributions under the OpenStack Contribution License Agreements with non-material amendments by the Executive Director if the Board grants such power to the Executive Director. The relevant section is: The Foundation shall generally accept contributions of software made pursuant to the terms of the Contributor License Agreements attached as Appendix 7. The Board of Directors may adopt additional contributor license agreements as may be appropriate for certain organizations or contributions to secure a license on terms which will permit distribution under the Apache License 2.0, and may require inclusion of the Apache License 2.0 license header in code contributions. The Board of Directors may delegate the authority to make non material amendments to the Contributor License Agreement to the Executive Director so long as such modifications permit distribution of the software under Apache License 2.0. From: Alice King [mailto:alice_king@att.net] Sent: Tuesday, April 22, 2014 6:57 PM To: 'Marc Ehrlich' Cc: legal-discuss@lists.openstack.org <mailto:legal-discuss@lists.openstack.org> Subject: Re: [legal-discuss] Trivial contributions and CLAs Hi Marc! In the order of your comments: I am fine and hope you are too!! I know all of you have been carefully working on these issues and it has been quite a while since I have been in the trenches. So apologies if I am speaking "out of school," but here are my thoughts: I think the Executive Director would make the call, and would probably want the advice of legal counsel. I want to stress that I am talking only about exceptional cases. The Board can set parameters for the ED and can set them as conservatively as they think wise. In any domain the application of rules with human judgment can lead to unintended and unwanted results. The Foundation does not have a judiciary, but the Bylaws do contemplate the ED having this type of discretion on intellectual property matters. On the patent risk - forgive me if I missing something, but I am not sure I see much additional risk here either. Any contributor can expose the project to the risk of a patent infringement claim by someone outside of the community. I don't think the CLA helps manage that risk. It only creates a disincentive for a contributor to make a patent claim based on their own contribution. Again, in this particular edge case I think the risk is low that a contributor would make that one slight change that then brings the technology under a patent that the very same contributor holds. But this would be a judgment call for the ED. Certainly the patent risk would be part of the equation in every case. Alice From: Marc Ehrlich [mailto:mehrlich@us.ibm.com] Sent: Tuesday, April 22, 2014 8:20 PM To: Alice King Cc: legal-discuss@lists.openstack.org <mailto:legal-discuss@lists.openstack.org> ; 'Richard Fontana' Subject: Re: [legal-discuss] Trivial contributions and CLAs Hi Alice!! Nice to know I am not the only one hanging out on this list and not responding much. Hope all's well with you! As it relates to IP I guess I do have a few concerns with the trajectory of this discussion. I apologize if I am missing something obvious and if so feel free to disregard this... For example how do we determine what "trivial contribution" is? Who makes that call? Would it be the same to all participants? Why are IBM and HP and others who have signed the CLA held to a different standard and denied the ability to make trivial contributions (not that I think we should be able to make them I don't think they should be made at all) but if some can make them why not all? Most importantly it is the patent IP I think we should be worried about. What if that line or two of code trivially contributed completes the steps of a patent claim held by the contributer's company that then makes open stack users infringers of that code? Remember our committee discussions about contributors licenses which extend not only to the code they contribute but its combination with the work? This is exactly the same point. Even a trivial contribution in terms of size or function can render a body of code infringing. I think that one of the great benefits of the CLA is that it addresses that scenario. So in my view we need to think long and hard about letting companies take a pass on what everyone else has agreed to lest we find ourselves facing patent claims based on trivial additions. I would not expect (though please correct me if I am wrong) that someone planning on doing a patent clearance against the contributor when such contributions are made before they are deemed trivial? I would think that would be more than a trivial undertaking. Sorry if I am missing something that covers us for patents but I think I have this right. Marc A. Ehrlich "Alice King" ---04/22/2014 08:55:37 PM---Thank you Richard. That helps put it in perspective. The process needs to permit a trusted person From: "Alice King" <alice@alicelkingpc.com <mailto:alice@alicelkingpc.com> > To: "'Richard Fontana'" <rfontana@redhat.com <mailto:rfontana@redhat.com> >, <legal-discuss@lists.openstack.org <mailto:legal-discuss@lists.openstack.org> >, Date: 04/22/2014 08:55 PM Subject: Re: [legal-discuss] Trivial contributions and CLAs _____ Thank you Richard. That helps put it in perspective. The process needs to permit a trusted person to exercise discretion in edge cases like this. That is true of every process involving human interaction. The Foundation Bylaws contemplate the Board giving this kind of edge-case discretion to the Executive Director. I don't see that there is much risk around intellectual property in this kind of contribution. Who would make a claim? There is a secondary risk that the project is viewed as being lax on IP issues generally, which would scare off some users. I think this is also unlikely. My impression is that the project is viewed as exercising an abundance of caution. The kind of participation represented by this contribution is valuable. Reward significantly outweighs risk. Still on the list and felt like chiming in! Alice -----Original Message----- From: Richard Fontana [mailto:rfontana@redhat.com] Sent: Tuesday, April 22, 2014 7:32 PM To: legal-discuss@lists.openstack.org <mailto:legal-discuss@lists.openstack.org> Subject: Re: [legal-discuss] Trivial contributions and CLAs For anyone on this list not accustomed to looking at such things, I think it might be interesting to point out what this patch actually is and what Stefano means by triviality (even though the CLA may not be the relevant issue in this instance, the issue of contribution process around trivial patches is the larger issue that Stefano was raising): The patch would cause one existing line in one file: options = sorted([(ip.id, ip.ip) for ip in ips if not ip.port_id]) to be replaced with this: options = sorted([(ip.id, ip.ip) for ip in ips if not ip.port_id], key=lambda ip: ip[1]) That is: all this patch does is add the following text to one line of a file: ", key=lambda ip: ip[1]" The file itself contains about ~100 lines of code, and Horizon, the relevant project, contains, I believe, about 2000 files. - RF Stefano wrote: problem. Having to sign a Corporate CLA and Individual CLA for a trivial patch, from an operator (whose job is to run clouds, resulting in small and rare patches, not to develop large features) can conflict with our effort to get more operators involved in OpenStack.
I'm not sure what solutions are available. If we can't change the CLA
processes easily, what else can we do to get small contributions like these? _______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org <mailto:legal-discuss@lists.openstack.org> http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss _______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org <mailto:legal-discuss@lists.openstack.org> http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss Please consider the environment before printing this email. The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com <mailto:postmaster@dlapiper.com> . Thank you.
I have been notified of another very small patch that is left in a limbo, with the author not allowed to sign the CLA and the developers stuck in unknown legal territory. You can read more about it on
https://bugs.launchpad.net/bugs/1308984
From what I can see, the patch is trivial and shouldn't even be copyrightable but the person spotting the issue and fixing it is not comfortable signing the CLAs. Can any other developer copy the patch and put it into our trunk? Until when is this sort of behaviour safe?
We're getting more of these small blockers and I think it's already a
I agree that we need to deal with the problem on a pragmatic basis. I think that education is a first step and ensuring that the project is properly managed. I also acknowledge that the Legal Affairs Committee is only advisory and that ultimately the Board should make the decision, but the Board has not yet addressed this issue. And the Board is limited by the Bylaws. I prefer flexibility and leaving discretion to the Board. For example, I have been an advocate of that flexibility on trademark use issues. However, the bylaws are fairly clear on the limits imposed on contributions. If you have a different interpretation of the bylaws on this point, I would be interested in understanding it in more detail. From: Alice King [mailto:alice_king@att.net] Sent: Wednesday, April 23, 2014 4:37 AM To: Radcliffe, Mark; 'Marc Ehrlich' Cc: legal-discuss@lists.openstack.org Subject: RE: [legal-discuss] Trivial contributions and CLAs Hi Mark. I think there's enough language in the Bylaws to support ED authority in this particular circumstance and other circumstances that are this narrow. I would not personally advocate for more than that. I think the worry here is the "slippery slope." Given the constraints of the language in the Bylaws, the slope is not that slippery. Speaking from a pragmatic perspective - these kind of changes will probably find their way into the project via some completely unauthorized means. This is a bigger problem than setting up some sort of exception management. And sorry to go on and on, but... The Legal Affairs Committee has probably done a great job of exploring the legal risk, but I think it's a Board decision if they care to take it up. The Legal Affairs Committee is an advisory committee and I think it only includes representatives from the big contributors. I think the Board is the right body to weigh the legal risk against policy considerations. They are representative of the full range of perspectives in the community and are in the best position to understand the full significance to the community of turning away a contribution like this on these grounds. Thank you! Alice From: Radcliffe, Mark [mailto:Mark.Radcliffe@dlapiper.com] Sent: Wednesday, April 23, 2014 1:37 AM To: Alice King; 'Marc Ehrlich' Cc: legal-discuss@lists.openstack.org<mailto:legal-discuss@lists.openstack.org> Subject: RE: [legal-discuss] Trivial contributions and CLAs We actually discussed this issue at the Legal Affairs committee meeting in January. The issues raised by Marc led the Committee to conclude that, at present, it would be very difficult to find a general rule and a case by case approach would be difficult to manage and potentially unfair to the major contributors. The fundamental issue raised at the Legal Affairs Committee meeting was that such a policy would be unfair to the major contributors because it would actually favor "small contributors" over the major contributors. I also don't think that the bylaws actually give the Executive Director that authority and it would be difficult to have the Board grant it to him. My memory was that the approach in drafting this section was consistent in minimizing discretion in the manner in which contributions could be accepted. Although I suggested giving the Board more flexibility, the decision was that method of contribution needed to tightly controlled. As currently drafted, the Bylaws always contemplate the use of a CLA. The bylaws set up the following hierarchy: (1) contributions under the OpenStack Contributor License Agreements in Appendix 7 (2) contributions under a modified CLA (or license) approved by the Board and (3) contributions under the OpenStack Contribution License Agreements with non-material amendments by the Executive Director if the Board grants such power to the Executive Director. The relevant section is: The Foundation shall generally accept contributions of software made pursuant to the terms of the Contributor License Agreements attached as Appendix 7. The Board of Directors may adopt additional contributor license agreements as may be appropriate for certain organizations or contributions to secure a license on terms which will permit distribution under the Apache License 2.0, and may require inclusion of the Apache License 2.0 license header in code contributions. The Board of Directors may delegate the authority to make non material amendments to the Contributor License Agreement to the Executive Director so long as such modifications permit distribution of the software under Apache License 2.0. From: Alice King [mailto:alice_king@att.net] Sent: Tuesday, April 22, 2014 6:57 PM To: 'Marc Ehrlich' Cc: legal-discuss@lists.openstack.org<mailto:legal-discuss@lists.openstack.org> Subject: Re: [legal-discuss] Trivial contributions and CLAs Hi Marc! In the order of your comments: I am fine and hope you are too!! I know all of you have been carefully working on these issues and it has been quite a while since I have been in the trenches. So apologies if I am speaking "out of school," but here are my thoughts: I think the Executive Director would make the call, and would probably want the advice of legal counsel. I want to stress that I am talking only about exceptional cases. The Board can set parameters for the ED and can set them as conservatively as they think wise. In any domain the application of rules with human judgment can lead to unintended and unwanted results. The Foundation does not have a judiciary, but the Bylaws do contemplate the ED having this type of discretion on intellectual property matters. On the patent risk - forgive me if I missing something, but I am not sure I see much additional risk here either. Any contributor can expose the project to the risk of a patent infringement claim by someone outside of the community. I don't think the CLA helps manage that risk. It only creates a disincentive for a contributor to make a patent claim based on their own contribution. Again, in this particular edge case I think the risk is low that a contributor would make that one slight change that then brings the technology under a patent that the very same contributor holds. But this would be a judgment call for the ED. Certainly the patent risk would be part of the equation in every case. Alice From: Marc Ehrlich [mailto:mehrlich@us.ibm.com] Sent: Tuesday, April 22, 2014 8:20 PM To: Alice King Cc: legal-discuss@lists.openstack.org<mailto:legal-discuss@lists.openstack.org>; 'Richard Fontana' Subject: Re: [legal-discuss] Trivial contributions and CLAs Hi Alice!! Nice to know I am not the only one hanging out on this list and not responding much. Hope all's well with you! As it relates to IP I guess I do have a few concerns with the trajectory of this discussion. I apologize if I am missing something obvious and if so feel free to disregard this... For example how do we determine what "trivial contribution" is? Who makes that call? Would it be the same to all participants? Why are IBM and HP and others who have signed the CLA held to a different standard and denied the ability to make trivial contributions (not that I think we should be able to make them I don't think they should be made at all) but if some can make them why not all? Most importantly it is the patent IP I think we should be worried about. What if that line or two of code trivially contributed completes the steps of a patent claim held by the contributer's company that then makes open stack users infringers of that code? Remember our committee discussions about contributors licenses which extend not only to the code they contribute but its combination with the work? This is exactly the same point. Even a trivial contribution in terms of size or function can render a body of code infringing. I think that one of the great benefits of the CLA is that it addresses that scenario. So in my view we need to think long and hard about letting companies take a pass on what everyone else has agreed to lest we find ourselves facing patent claims based on trivial additions. I would not expect (though please correct me if I am wrong) that someone planning on doing a patent clearance against the contributor when such contributions are made before they are deemed trivial? I would think that would be more than a trivial undertaking. Sorry if I am missing something that covers us for patents but I think I have this right. Marc A. Ehrlich [Inactive hide details for "Alice King" ---04/22/2014 08:55:37 PM---Thank you Richard. That helps put it in perspective. The]"Alice King" ---04/22/2014 08:55:37 PM---Thank you Richard. That helps put it in perspective. The process needs to permit a trusted person From: "Alice King" <alice@alicelkingpc.com<mailto:alice@alicelkingpc.com>> To: "'Richard Fontana'" <rfontana@redhat.com<mailto:rfontana@redhat.com>>, <legal-discuss@lists.openstack.org<mailto:legal-discuss@lists.openstack.org>>, Date: 04/22/2014 08:55 PM Subject: Re: [legal-discuss] Trivial contributions and CLAs ________________________________ Thank you Richard. That helps put it in perspective. The process needs to permit a trusted person to exercise discretion in edge cases like this. That is true of every process involving human interaction. The Foundation Bylaws contemplate the Board giving this kind of edge-case discretion to the Executive Director. I don't see that there is much risk around intellectual property in this kind of contribution. Who would make a claim? There is a secondary risk that the project is viewed as being lax on IP issues generally, which would scare off some users. I think this is also unlikely. My impression is that the project is viewed as exercising an abundance of caution. The kind of participation represented by this contribution is valuable. Reward significantly outweighs risk. Still on the list and felt like chiming in! Alice -----Original Message----- From: Richard Fontana [mailto:rfontana@redhat.com] Sent: Tuesday, April 22, 2014 7:32 PM To: legal-discuss@lists.openstack.org<mailto:legal-discuss@lists.openstack.org> Subject: Re: [legal-discuss] Trivial contributions and CLAs For anyone on this list not accustomed to looking at such things, I think it might be interesting to point out what this patch actually is and what Stefano means by triviality (even though the CLA may not be the relevant issue in this instance, the issue of contribution process around trivial patches is the larger issue that Stefano was raising): The patch would cause one existing line in one file: options = sorted([(ip.id, ip.ip) for ip in ips if not ip.port_id]) to be replaced with this: options = sorted([(ip.id, ip.ip) for ip in ips if not ip.port_id], key=lambda ip: ip[1]) That is: all this patch does is add the following text to one line of a file: ", key=lambda ip: ip[1]" The file itself contains about ~100 lines of code, and Horizon, the relevant project, contains, I believe, about 2000 files. - RF Stefano wrote: problem. Having to sign a Corporate CLA and Individual CLA for a trivial patch, from an operator (whose job is to run clouds, resulting in small and rare patches, not to develop large features) can conflict with our effort to get more operators involved in OpenStack.
I'm not sure what solutions are available. If we can't change the CLA
processes easily, what else can we do to get small contributions like these? _______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org<mailto:legal-discuss@lists.openstack.org> http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss _______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org<mailto:legal-discuss@lists.openstack.org> http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss Please consider the environment before printing this email. The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com<mailto:postmaster@dlapiper.com>. Thank you. Please consider the environment before printing this email. The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
On Tue, 2014-04-22 at 20:32 -0400, Richard Fontana wrote:
For anyone on this list not accustomed to looking at such things, I think it might be interesting to point out what this patch actually is and what Stefano means by triviality (even though the CLA may not be the relevant issue in this instance, the issue of contribution process around trivial patches is the larger issue that Stefano was raising):
The patch would cause one existing line in one file:
options = sorted([(ip.id, ip.ip) for ip in ips if not ip.port_id])
to be replaced with this:
options = sorted([(ip.id, ip.ip) for ip in ips if not ip.port_id], key=lambda ip: ip[1])
That is: all this patch does is add the following text to one line of a file: ", key=lambda ip: ip[1]" The file itself contains about ~100 lines of code, and Horizon, the relevant project, contains, I believe, about 2000 files.
And further, we mean "trivial" in the context of copyright law and whether the contribution is "copyrightable" (hand wavy, imprecise legal term I'm sure). In technical terms a single character change can be non-trivial - perhaps the result of days debugging work - and potentially hugely valuable to the project. Mark.
Stefano wrote:
I have been notified of another very small patch that is left in a limbo, with the author not allowed to sign the CLA and the developers stuck in unknown legal territory. You can read more about it on
https://bugs.launchpad.net/bugs/1308984
From what I can see, the patch is trivial and shouldn't even be copyrightable but the person spotting the issue and fixing it is not comfortable signing the CLAs. Can any other developer copy the patch and put it into our trunk? Until when is this sort of behaviour safe?
We're getting more of these small blockers and I think it's already a problem. Having to sign a Corporate CLA and Individual CLA for a trivial patch, from an operator (whose job is to run clouds, resulting in small and rare patches, not to develop large features) can conflict with our effort to get more operators involved in OpenStack.
I'm not sure what solutions are available. If we can't change the CLA processes easily, what else can we do to get small contributions like these?
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
On Tue, Apr 22, 2014 at 5:16 PM, Mark McLoughlin <markmc@redhat.com> wrote:
On Tue, 2014-04-22 at 15:28 +0000, Radcliffe, Mark wrote:
Thanks. The more critical issue is that we need to be sensitive to our users to ensure that we have the right necessary to include the "trivial contribution" in OpenStack under the Apache license. If the "trivial contribution" is code is likely to be copyrightable (a very low standard). All projects require a license to the code, even if they choose to use the project "license" as the license (such as Linux).
I don't feel I can explain to contributors why they need to do anything other than license the code (to the world) under the Apache License in order for the contribution to be included in OpenStack under the Apache License.
How do authors contribute patches through Launchpad explicitly under the Apache License? I'd like this to be clearly documented as an alternative to the CLA section on https://wiki.openstack.org/wiki/How_To_Contribute so that we can ask authors to simply copy/paste a licensing statement into Launchpad (or whatever it takes), and then we can carry the patch through gerrit on their behalf. I'd rather avoid needing to consider some subjective measure of "triviality," especially if authors are willing/able to license their patches as OpenStack requires outside of the CLA.
On Wed, Apr 23, 2014 at 09:21:28AM -0500, Dolph Mathews wrote:
How do authors contribute patches through Launchpad explicitly under the Apache License? I'd like this to be clearly documented as an alternative to the CLA section on https://wiki.openstack.org/wiki/How_To_Contribute so that we can ask authors to simply copy/paste a licensing statement into Launchpad (or whatever it takes), and then we can carry the patch through gerrit on their behalf.
I'd rather avoid needing to consider some subjective measure of "triviality," especially if authors are willing/able to license their patches as OpenStack requires outside of the CLA.
For OpenStack, this cannot be done under the current rules. - RF
I agree with Mark McLoughlin that the CLA may seem redundant and I also see how changing that mechanism is too complicated, at the moment. I think it's better to focus on improving what we have and consider it a tech debt, to be fixed in the future. On 04/22/2014 05:28 PM, Radcliffe, Mark wrote:
The potential contributor should be able to derive comfort from the fact that hundreds of companies have signed the OpenStack CLA without changes (we have never agreed to any changes and Apache has also not agreed to changes in its CLA on which our CLA is based) and thousands (maybe tens of thousands) have signed the Apache CLA. My experience is that many "legal" agreements are signed without legal review particularly if the agreement cannot be changed, so I think that your proposed scenario is not as common as you suggest.
That's good to know, Mark. If I understand you correctly, one possible response to small shops feeling uneasy about the Corporate/Individual CLA is to reassure them that our agreement is a standard, never modified, and it's very safe to sign without much questions... I'm not sure how to put it down in a safe, reassuring way though. Would a brief paragraph in an email be enough? Mark (Radcliffe): can you help draft a standard response to people like the one quoted before? Maybe we want to add something like the 'license deed' provided by Creative Commons somewhere on our pages? Given that developers/operators seem to be afraid of diving into a legal nightmare with strange contracts to sign, "human-readable summary of (and not a substitute for) the license" may help, too. http://creativecommons.org/licenses/by/4.0/ Thoughts? /stef -- Ask and answer questions on https://ask.openstack.org
I think that we should have a plain language explanation. We can certainly do something similar to the "license deed". -----Original Message----- From: Stefano Maffulli [mailto:stefano@openstack.org] Sent: Wednesday, April 23, 2014 2:07 AM To: legal-discuss@lists.openstack.org Subject: Re: [legal-discuss] Trivial contributions and CLAs I agree with Mark McLoughlin that the CLA may seem redundant and I also see how changing that mechanism is too complicated, at the moment. I think it's better to focus on improving what we have and consider it a tech debt, to be fixed in the future. On 04/22/2014 05:28 PM, Radcliffe, Mark wrote:
The potential contributor should be able to derive comfort from the fact that hundreds of companies have signed the OpenStack CLA without changes (we have never agreed to any changes and Apache has also not agreed to changes in its CLA on which our CLA is based) and thousands (maybe tens of thousands) have signed the Apache CLA. My experience is that many "legal" agreements are signed without legal review particularly if the agreement cannot be changed, so I think that your proposed scenario is not as common as you suggest.
That's good to know, Mark. If I understand you correctly, one possible response to small shops feeling uneasy about the Corporate/Individual CLA is to reassure them that our agreement is a standard, never modified, and it's very safe to sign without much questions... I'm not sure how to put it down in a safe, reassuring way though. Would a brief paragraph in an email be enough? Mark (Radcliffe): can you help draft a standard response to people like the one quoted before? Maybe we want to add something like the 'license deed' provided by Creative Commons somewhere on our pages? Given that developers/operators seem to be afraid of diving into a legal nightmare with strange contracts to sign, "human-readable summary of (and not a substitute for) the license" may help, too. http://creativecommons.org/licenses/by/4.0/ Thoughts? /stef -- Ask and answer questions on https://ask.openstack.org _______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss Please consider the environment before printing this email. The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
On Tue, Apr 22, 2014 at 04:34:37PM +0200, Stefano Maffulli wrote:
I have been notified of another very small patch that is left in a limbo, with the author not allowed to sign the CLA and the developers stuck in unknown legal territory. You can read more about it on
https://bugs.launchpad.net/bugs/1308984
From what I can see, the patch is trivial and shouldn't even be copyrightable but the person spotting the issue and fixing it is not comfortable signing the CLAs. Can any other developer copy the patch and put it into our trunk? Until when is this sort of behaviour safe?
If I'm reading the bug discussion correctly it sounds like the author in this specific case claims not to have any corporate affiliation, which is conceivable. The obstacle here then seems not to be the CLA but rather to be the same as something that was recently noted at: http://www.alexconrad.org/2014/04/the-painful-process-of-submitting-your.htm... As you and a few other subscribers to this list know I have recently expressed some puzzlement and concern about the apparent requirement (which I had not previously known about) that one must be (or be employed by) an OpenStack Foundation member as a prerequisite for submitting a patch to an OpenStack project. I think the OpenStack Foundation *can* impose this requirement, but I don't understand why this is seen as desirable. We now have two known cases where it has caused problems. For that reason I don't believe the specific issue noted there is a legal issue as such, but a development process and Foundation-membership-promotion policy issue. (It probably should be discussed by people involved with the OpenStack Foundation and the OpenStack developer community somewhere.) - RF
Richard Fontana wrote:
[...] As you and a few other subscribers to this list know I have recently expressed some puzzlement and concern about the apparent requirement (which I had not previously known about) that one must be (or be employed by) an OpenStack Foundation member as a prerequisite for submitting a patch to an OpenStack project.
I think the OpenStack Foundation *can* impose this requirement, but I don't understand why this is seen as desirable. We now have two known cases where it has caused problems.
For that reason I don't believe the specific issue noted there is a legal issue as such, but a development process and Foundation-membership-promotion policy issue. (It probably should be discussed by people involved with the OpenStack Foundation and the OpenStack developer community somewhere.)
Maybe I can shine some light in that grey area. The origin of this requirement is the definition of 'ATC' (active technical contributor). Pre-foundation it was simply equivalent to code contributor. You contribute, you are an active technical contributor, and therefore you're allowed to vote in PTL and PPB/TC elections. Unfortunately, the Foundation bylaws state (in Appendix 4) that ATCs must be individual members of the Foundation. There are two ways to read that -- all contributors must be individual members, or "ATCs" are the subset of contributors that happen to also be individual members. Since it was quite difficult to map contributors to individual members and ensure that only the subset of contributors that are individual members are considered ATCs, it was simpler to just consider the original sense of "ATC" (active contributor) and consider that the bylaws state the all contributors must be individual members of the Foundation. Not saying it wouldn't make sense to fix that, just explaining where it comes from. -- Thierry Carrez (ttx)
On Tue, Apr 22, 2014 at 06:24:10PM +0200, Thierry Carrez wrote:
The origin of this requirement is the definition of 'ATC' (active technical contributor). Pre-foundation it was simply equivalent to code contributor. You contribute, you are an active technical contributor, and therefore you're allowed to vote in PTL and PPB/TC elections.
Unfortunately, the Foundation bylaws state (in Appendix 4) that ATCs must be individual members of the Foundation. There are two ways to read that -- all contributors must be individual members, or "ATCs" are the subset of contributors that happen to also be individual members.
I read it the second way, FWIW. I also believe that requiring all contributors (even a one-time contributor of a 'drive-by patch') to be Individual Members would have been seen as a significant aspect of Foundation membership policy at the time the Foundation was formed, yet I can recall no discussion on the issue. I am not saying that it is something that ought to be stated in the OpenStack Foundation bylaws necessarily, but I am saying that when the bylaws were initially drafted, if it was really contemplated that all contributors would be required to become Individual Members as a *prerequisite* to making an initial contribution (however trivial), it would probably have been made explicit in the bylaws much like the CLA requirement is stated in the IP policy. In other words I do not believe a policy of "you must join the Foundation if you want to submit a patch" was contemplated when the Foundation was formed. If anyone else here thinks I'm wrong about that, or has a different recollection about this issue, I'd be happy to hear it. Reinforcing that point, if it is correct to read the bylaws as saying that all contributors must join the Foundation, why wouldn't the CLAs be unified with the membership agreements? I have to emphasize how unusual I believe this policy is. I have been trying to find some example of an open source project-related membership foundation (there aren't too many of these) with a similar policy, with no success. I think Apache requires project leads to become members by its notion of membership; that's the closest analogue I've been able to find. It just strikes me intuitively as *wrong* -- isn't it in effect coercing potential new contributors into joining an organization they might not necessarily wish to join, or might not wish to join until later on? If the effect of the policy is that it creates a larger body of Individual Members than otherwise might exist, this makes it more difficult to amend certain provisions of the bylaws, which may be good or bad or of unclear goodness/badness, but is a significant side-effect. Also, it is not beyond the realm of possibility that the Foundation might someday charge a fee for Individual memberships. If that ever happened, and the policy remained in place, I believe it would look really bad.
Since it was quite difficult to map contributors to individual members and ensure that only the subset of contributors that are individual members are considered ATCs, it was simpler to just consider the original sense of "ATC" (active contributor) and consider that the bylaws state the all contributors must be individual members of the Foundation.
Not saying it wouldn't make sense to fix that, just explaining where it comes from.
Understood. It seems that it is well intended as an effort to comply with the TC policy, and maybe I'm in the minority in thinking it is a bad policy, but ... I think it is a bad policy. - Richard
On Tue, 2014-04-22 at 14:41 -0400, Richard Fontana wrote:
On Tue, Apr 22, 2014 at 06:24:10PM +0200, Thierry Carrez wrote:
The origin of this requirement is the definition of 'ATC' (active technical contributor). Pre-foundation it was simply equivalent to code contributor. You contribute, you are an active technical contributor, and therefore you're allowed to vote in PTL and PPB/TC elections.
Unfortunately, the Foundation bylaws state (in Appendix 4) that ATCs must be individual members of the Foundation. There are two ways to read that -- all contributors must be individual members, or "ATCs" are the subset of contributors that happen to also be individual members.
I read it the second way, FWIW.
I also believe that requiring all contributors (even a one-time contributor of a 'drive-by patch') to be Individual Members would have been seen as a significant aspect of Foundation membership policy at the time the Foundation was formed, yet I can recall no discussion on the issue. I am not saying that it is something that ought to be stated in the OpenStack Foundation bylaws necessarily, but I am saying that when the bylaws were initially drafted, if it was really contemplated that all contributors would be required to become Individual Members as a *prerequisite* to making an initial contribution (however trivial), it would probably have been made explicit in the bylaws much like the CLA requirement is stated in the IP policy. In other words I do not believe a policy of "you must join the Foundation if you want to submit a patch" was contemplated when the Foundation was formed. If anyone else here thinks I'm wrong about that, or has a different recollection about this issue, I'd be happy to hear it.
Reinforcing that point, if it is correct to read the bylaws as saying that all contributors must join the Foundation, why wouldn't the CLAs be unified with the membership agreements?
I have to emphasize how unusual I believe this policy is. I have been trying to find some example of an open source project-related membership foundation (there aren't too many of these) with a similar policy, with no success. I think Apache requires project leads to become members by its notion of membership; that's the closest analogue I've been able to find. It just strikes me intuitively as *wrong* -- isn't it in effect coercing potential new contributors into joining an organization they might not necessarily wish to join, or might not wish to join until later on?
All very well stated and I agree this is rather bizarre. I did know about this before and, interestingly, it was Julie (the Horizon maintainer on bug #1308984[1]) who pointed out how odd this situation is. Perhaps the Horizon project is seeing more instances of this being an issue, or perhaps it came up in the context of the OPW. In any case, the way I see it is that a casual contributor should be able to submit small patches with minimal friction and, later if ever, decide they want to be more actively involved, research what the OpenStack Foundation is all about and then join it with a view to being an active member. One of the elements of disquiet I've heard about our CLA is that contributors must enter into an asymmetric agreement with an entity they have not yet learned to trust ... when they merely want to license their work to the world under the trusted Apache License. This membership requirement takes this a step further by making contributors not only trust the Foundation but also to join it. Mark. [1] - https://bugs.launchpad.net/horizon/+bug/1308984
+1 to "a casual contributor should be able to submit small patches with minimal friction and, later if ever, decide they want to be more actively involved". Here's an example page from a recent project at ASF that had to write up how/what they will accept (http://openoffice.apache.org/contributing-code.html) On Tue, Apr 22, 2014 at 6:10 PM, Mark McLoughlin <markmc@redhat.com> wrote:
On Tue, 2014-04-22 at 14:41 -0400, Richard Fontana wrote:
On Tue, Apr 22, 2014 at 06:24:10PM +0200, Thierry Carrez wrote:
The origin of this requirement is the definition of 'ATC' (active technical contributor). Pre-foundation it was simply equivalent to code contributor. You contribute, you are an active technical contributor, and therefore you're allowed to vote in PTL and PPB/TC elections.
Unfortunately, the Foundation bylaws state (in Appendix 4) that ATCs must be individual members of the Foundation. There are two ways to read that -- all contributors must be individual members, or "ATCs" are the subset of contributors that happen to also be individual members.
I read it the second way, FWIW.
I also believe that requiring all contributors (even a one-time contributor of a 'drive-by patch') to be Individual Members would have been seen as a significant aspect of Foundation membership policy at the time the Foundation was formed, yet I can recall no discussion on the issue. I am not saying that it is something that ought to be stated in the OpenStack Foundation bylaws necessarily, but I am saying that when the bylaws were initially drafted, if it was really contemplated that all contributors would be required to become Individual Members as a *prerequisite* to making an initial contribution (however trivial), it would probably have been made explicit in the bylaws much like the CLA requirement is stated in the IP policy. In other words I do not believe a policy of "you must join the Foundation if you want to submit a patch" was contemplated when the Foundation was formed. If anyone else here thinks I'm wrong about that, or has a different recollection about this issue, I'd be happy to hear it.
Reinforcing that point, if it is correct to read the bylaws as saying that all contributors must join the Foundation, why wouldn't the CLAs be unified with the membership agreements?
I have to emphasize how unusual I believe this policy is. I have been trying to find some example of an open source project-related membership foundation (there aren't too many of these) with a similar policy, with no success. I think Apache requires project leads to become members by its notion of membership; that's the closest analogue I've been able to find. It just strikes me intuitively as *wrong* -- isn't it in effect coercing potential new contributors into joining an organization they might not necessarily wish to join, or might not wish to join until later on?
All very well stated and I agree this is rather bizarre.
I did know about this before and, interestingly, it was Julie (the Horizon maintainer on bug #1308984[1]) who pointed out how odd this situation is. Perhaps the Horizon project is seeing more instances of this being an issue, or perhaps it came up in the context of the OPW.
In any case, the way I see it is that a casual contributor should be able to submit small patches with minimal friction and, later if ever, decide they want to be more actively involved, research what the OpenStack Foundation is all about and then join it with a view to being an active member.
One of the elements of disquiet I've heard about our CLA is that contributors must enter into an asymmetric agreement with an entity they have not yet learned to trust ... when they merely want to license their work to the world under the trusted Apache License. This membership requirement takes this a step further by making contributors not only trust the Foundation but also to join it.
Mark.
[1] - https://bugs.launchpad.net/horizon/+bug/1308984
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
-- Davanum Srinivas :: http://davanum.wordpress.com
On 22/04/14 23:10, Mark McLoughlin wrote:
On Tue, 2014-04-22 at 14:41 -0400, Richard Fontana wrote:
On Tue, Apr 22, 2014 at 06:24:10PM +0200, Thierry Carrez wrote:
The origin of this requirement is the definition of 'ATC' (active technical contributor). Pre-foundation it was simply equivalent to code contributor. You contribute, you are an active technical contributor, and therefore you're allowed to vote in PTL and PPB/TC elections.
Unfortunately, the Foundation bylaws state (in Appendix 4) that ATCs must be individual members of the Foundation. There are two ways to read that -- all contributors must be individual members, or "ATCs" are the subset of contributors that happen to also be individual members.
I read it the second way, FWIW.
I also believe that requiring all contributors (even a one-time contributor of a 'drive-by patch') to be Individual Members would have been seen as a significant aspect of Foundation membership policy at the time the Foundation was formed, yet I can recall no discussion on the issue. I am not saying that it is something that ought to be stated in the OpenStack Foundation bylaws necessarily, but I am saying that when the bylaws were initially drafted, if it was really contemplated that all contributors would be required to become Individual Members as a *prerequisite* to making an initial contribution (however trivial), it would probably have been made explicit in the bylaws much like the CLA requirement is stated in the IP policy. In other words I do not believe a policy of "you must join the Foundation if you want to submit a patch" was contemplated when the Foundation was formed. If anyone else here thinks I'm wrong about that, or has a different recollection about this issue, I'd be happy to hear it.
Reinforcing that point, if it is correct to read the bylaws as saying that all contributors must join the Foundation, why wouldn't the CLAs be unified with the membership agreements?
I have to emphasize how unusual I believe this policy is. I have been trying to find some example of an open source project-related membership foundation (there aren't too many of these) with a similar policy, with no success. I think Apache requires project leads to become members by its notion of membership; that's the closest analogue I've been able to find. It just strikes me intuitively as *wrong* -- isn't it in effect coercing potential new contributors into joining an organization they might not necessarily wish to join, or might not wish to join until later on?
All very well stated and I agree this is rather bizarre.
I did know about this before and, interestingly, it was Julie (the Horizon maintainer on bug #1308984[1]) who pointed out how odd this situation is. Perhaps the Horizon project is seeing more instances of this being an issue, or perhaps it came up in the context of the OPW.
Hey Mark, I often help people get started contributing to open-source and explaining "and now you need to join the Foundation" is more difficult to explain than even the CLA, as joining a Foundation indicates a longer term commitment and belief in the project (in my mind and based on experience in other projects). It seemed like adding another barrier to making a contribution. When a volunteer contributor is submitting their first patch to test the waters and get a feel for the community, it seems like asking for a lot especially when they don't know yet if they'll be sticking around. (To the more pragmatic folks it just seems like unnecessary bureaucracy.)
In any case, the way I see it is that a casual contributor should be able to submit small patches with minimal friction and, later if ever, decide they want to be more actively involved, research what the OpenStack Foundation is all about and then join it with a view to being an active member.
That's the order in which "joining a Foundation" would make more sense to me, too. Julie
One of the elements of disquiet I've heard about our CLA is that contributors must enter into an asymmetric agreement with an entity they have not yet learned to trust ... when they merely want to license their work to the world under the trusted Apache License. This membership requirement takes this a step further by making contributors not only trust the Foundation but also to join it.
Mark.
[1] - https://bugs.launchpad.net/horizon/+bug/1308984
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
Julie: You may not have seen my later post, but I think that deals with your concern: I have never been consulted on this issue, but this interpretation of the bylaws is incorrect. ATC is defined to require someone to be an Individual Member, but ATC is concerned with voting for the Technical Committee, it does not restrict contributions. Anyone, member or non-member, can submit a contribution if they have signed the relevant CLA. -----Original Message----- From: Julie Pichon [mailto:jpichon@redhat.com] Sent: Wednesday, April 23, 2014 3:53 AM To: Mark McLoughlin; Richard Fontana Cc: legal-discuss@lists.openstack.org Subject: Re: [legal-discuss] Trivial contributions and CLAs On 22/04/14 23:10, Mark McLoughlin wrote:
On Tue, 2014-04-22 at 14:41 -0400, Richard Fontana wrote:
On Tue, Apr 22, 2014 at 06:24:10PM +0200, Thierry Carrez wrote:
The origin of this requirement is the definition of 'ATC' (active technical contributor). Pre-foundation it was simply equivalent to code contributor. You contribute, you are an active technical contributor, and therefore you're allowed to vote in PTL and PPB/TC elections.
Unfortunately, the Foundation bylaws state (in Appendix 4) that ATCs must be individual members of the Foundation. There are two ways to read that -- all contributors must be individual members, or "ATCs" are the subset of contributors that happen to also be individual members.
I read it the second way, FWIW.
I also believe that requiring all contributors (even a one-time contributor of a 'drive-by patch') to be Individual Members would have been seen as a significant aspect of Foundation membership policy at the time the Foundation was formed, yet I can recall no discussion on the issue. I am not saying that it is something that ought to be stated in the OpenStack Foundation bylaws necessarily, but I am saying that when the bylaws were initially drafted, if it was really contemplated that all contributors would be required to become Individual Members as a *prerequisite* to making an initial contribution (however trivial), it would probably have been made explicit in the bylaws much like the CLA requirement is stated in the IP policy. In other words I do not believe a policy of "you must join the Foundation if you want to submit a patch" was contemplated when the Foundation was formed. If anyone else here thinks I'm wrong about that, or has a different recollection about this issue, I'd be happy to hear it.
Reinforcing that point, if it is correct to read the bylaws as saying that all contributors must join the Foundation, why wouldn't the CLAs be unified with the membership agreements?
I have to emphasize how unusual I believe this policy is. I have been trying to find some example of an open source project-related membership foundation (there aren't too many of these) with a similar policy, with no success. I think Apache requires project leads to become members by its notion of membership; that's the closest analogue I've been able to find. It just strikes me intuitively as *wrong* -- isn't it in effect coercing potential new contributors into joining an organization they might not necessarily wish to join, or might not wish to join until later on?
All very well stated and I agree this is rather bizarre.
I did know about this before and, interestingly, it was Julie (the Horizon maintainer on bug #1308984[1]) who pointed out how odd this situation is. Perhaps the Horizon project is seeing more instances of this being an issue, or perhaps it came up in the context of the OPW.
Hey Mark, I often help people get started contributing to open-source and explaining "and now you need to join the Foundation" is more difficult to explain than even the CLA, as joining a Foundation indicates a longer term commitment and belief in the project (in my mind and based on experience in other projects). It seemed like adding another barrier to making a contribution. When a volunteer contributor is submitting their first patch to test the waters and get a feel for the community, it seems like asking for a lot especially when they don't know yet if they'll be sticking around. (To the more pragmatic folks it just seems like unnecessary bureaucracy.)
In any case, the way I see it is that a casual contributor should be able to submit small patches with minimal friction and, later if ever, decide they want to be more actively involved, research what the OpenStack Foundation is all about and then join it with a view to being an active member.
That's the order in which "joining a Foundation" would make more sense to me, too. Julie
One of the elements of disquiet I've heard about our CLA is that contributors must enter into an asymmetric agreement with an entity they have not yet learned to trust ... when they merely want to license their work to the world under the trusted Apache License. This membership requirement takes this a step further by making contributors not only trust the Foundation but also to join it.
Mark.
[1] - https://bugs.launchpad.net/horizon/+bug/1308984
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org<mailto:legal-discuss@lists.openstack.org> http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org<mailto:legal-discuss@lists.openstack.org> http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss Please consider the environment before printing this email. The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
On 23/04/14 13:19, Radcliffe, Mark wrote:
Julie:
You may not have seen my later post, but I think that deals with your concern:
I have never been consulted on this issue, but this interpretation of the bylaws is incorrect. ATC is defined to require someone to be an Individual Member, but ATC is concerned with voting for the Technical Committee, it does not restrict contributions. Anyone, member or non-member, can submit a contribution if they have signed the relevant CLA.
Hi Mark, that sounds like great news! At this point, our tooling and developer documentation enforce this restriction [1] (so it's not actually possible to submit a patch without joining the Foundation). I'll file a bug about this that references this discussion. Thanks, Julie [1] https://wiki.openstack.org/wiki/CLA-FAQ#When_trying_to_sign_the_new_ICLA_and...
-----Original Message----- From: Julie Pichon [mailto:jpichon@redhat.com] Sent: Wednesday, April 23, 2014 3:53 AM To: Mark McLoughlin; Richard Fontana Cc: legal-discuss@lists.openstack.org Subject: Re: [legal-discuss] Trivial contributions and CLAs
On 22/04/14 23:10, Mark McLoughlin wrote:
On Tue, 2014-04-22 at 14:41 -0400, Richard Fontana wrote:
On Tue, Apr 22, 2014 at 06:24:10PM +0200, Thierry Carrez wrote:
The origin of this requirement is the definition of 'ATC' (active technical contributor). Pre-foundation it was simply equivalent to code contributor. You contribute, you are an active technical contributor, and therefore you're allowed to vote in PTL and PPB/TC elections.
Unfortunately, the Foundation bylaws state (in Appendix 4) that ATCs must be individual members of the Foundation. There are two ways to read that -- all contributors must be individual members, or "ATCs" are the subset of contributors that happen to also be individual members.
I read it the second way, FWIW.
I also believe that requiring all contributors (even a one-time contributor of a 'drive-by patch') to be Individual Members would have been seen as a significant aspect of Foundation membership policy at the time the Foundation was formed, yet I can recall no discussion on the issue. I am not saying that it is something that ought to be stated in the OpenStack Foundation bylaws necessarily, but I am saying that when the bylaws were initially drafted, if it was really contemplated that all contributors would be required to become Individual Members as a *prerequisite* to making an initial contribution (however trivial), it would probably have been made explicit in the bylaws much like the CLA requirement is stated in the IP policy. In other words I do not believe a policy of "you must join the Foundation if you want to submit a patch" was contemplated when the Foundation was formed. If anyone else here thinks I'm wrong about that, or has a different recollection about this issue, I'd be happy to hear it.
Reinforcing that point, if it is correct to read the bylaws as saying that all contributors must join the Foundation, why wouldn't the CLAs be unified with the membership agreements?
I have to emphasize how unusual I believe this policy is. I have been trying to find some example of an open source project-related membership foundation (there aren't too many of these) with a similar policy, with no success. I think Apache requires project leads to become members by its notion of membership; that's the closest analogue I've been able to find. It just strikes me intuitively as *wrong* -- isn't it in effect coercing potential new contributors into joining an organization they might not necessarily wish to join, or might not wish to join until later on?
All very well stated and I agree this is rather bizarre.
I did know about this before and, interestingly, it was Julie (the Horizon maintainer on bug #1308984[1]) who pointed out how odd this situation is. Perhaps the Horizon project is seeing more instances of this being an issue, or perhaps it came up in the context of the OPW.
Hey Mark,
I often help people get started contributing to open-source and explaining "and now you need to join the Foundation" is more difficult to explain than even the CLA, as joining a Foundation indicates a longer term commitment and belief in the project (in my mind and based on experience in other projects). It seemed like adding another barrier to making a contribution.
When a volunteer contributor is submitting their first patch to test the waters and get a feel for the community, it seems like asking for a lot especially when they don't know yet if they'll be sticking around. (To the more pragmatic folks it just seems like unnecessary bureaucracy.)
In any case, the way I see it is that a casual contributor should be able to submit small patches with minimal friction and, later if ever, decide they want to be more actively involved, research what the OpenStack Foundation is all about and then join it with a view to being an active member.
That's the order in which "joining a Foundation" would make more sense to me, too.
Julie
One of the elements of disquiet I've heard about our CLA is that contributors must enter into an asymmetric agreement with an entity they have not yet learned to trust ... when they merely want to license their work to the world under the trusted Apache License. This membership requirement takes this a step further by making contributors not only trust the Foundation but also to join it.
Mark.
I'd like to re-frame the conversation on the practical effects that the current processes have on new contributors and work towards solutions. The problem is: One of the Foundation's objective is to help gain contributions from operators; current processes for contributing to OpenStack seem to be harming this objective. So far we have a proposal to - write a 'legal deed' for the CLA - keep a handy reassuring message to people 'afraid' of CLA's legalese I also see a consensus forming about the need to redefine/clarify the concept of ATC... On 04/22/2014 08:41 PM, Richard Fontana wrote:
I have to emphasize how unusual I believe this policy is. I have been trying to find some example of an open source project-related membership foundation (there aren't too many of these) with a similar policy, with no success. [...]
I see no major problem redefining (clarify) the concept of ATC and Individual Members but this deserves its own separate thread to investigate the ramifications.
Also, it is not beyond the realm of possibility that the Foundation might someday charge a fee for Individual memberships. If that ever happened, and the policy remained in place, I believe it would look really bad.
It would be so bad that it won't happen, realistically... it's as likely to happen as charging for downloads. Moving forward, maybe we should start discussing how we can split the ATC role from the 'plain' contributor role. I will take a shot at writing a 'license deed' to submit here for evaluation. Any other thoughts? /stef -- Ask and answer questions on https://ask.openstack.org
Not sure what is meant by legal deed but if it is not the same a list of the term differences between ASF and OpenStack CLA's would seem useful. From: Stefano Maffulli <stefano@openstack.org> To: Richard Fontana <rfontana@redhat.com>, Thierry Carrez <thierry@openstack.org>, Cc: legal-discuss@lists.openstack.org Date: 04/23/2014 09:47 AM Subject: Re: [legal-discuss] Trivial contributions and CLAs I'd like to re-frame the conversation on the practical effects that the current processes have on new contributors and work towards solutions. The problem is: One of the Foundation's objective is to help gain contributions from operators; current processes for contributing to OpenStack seem to be harming this objective. So far we have a proposal to - write a 'legal deed' for the CLA - keep a handy reassuring message to people 'afraid' of CLA's legalese I also see a consensus forming about the need to redefine/clarify the concept of ATC... On 04/22/2014 08:41 PM, Richard Fontana wrote:
I have to emphasize how unusual I believe this policy is. I have been trying to find some example of an open source project-related membership foundation (there aren't too many of these) with a similar policy, with no success. [...]
I see no major problem redefining (clarify) the concept of ATC and Individual Members but this deserves its own separate thread to investigate the ramifications.
Also, it is not beyond the realm of possibility that the Foundation might someday charge a fee for Individual memberships. If that ever happened, and the policy remained in place, I believe it would look really bad.
It would be so bad that it won't happen, realistically... it's as likely to happen as charging for downloads. Moving forward, maybe we should start discussing how we can split the ATC role from the 'plain' contributor role. I will take a shot at writing a 'license deed' to submit here for evaluation. Any other thoughts? /stef -- Ask and answer questions on https://ask.openstack.org _______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
On Wed, Apr 23, 2014 at 8:47 AM, Stefano Maffulli <stefano@openstack.org>wrote:
I'd like to re-frame the conversation on the practical effects that the current processes have on new contributors and work towards solutions. The problem is:
One of the Foundation's objective is to help gain contributions from operators; current processes for contributing to OpenStack seem to be harming this objective.
So far we have a proposal to
- write a 'legal deed' for the CLA - keep a handy reassuring message to people 'afraid' of CLA's legalese
I also see a consensus forming about the need to redefine/clarify the concept of ATC...
On 04/22/2014 08:41 PM, Richard Fontana wrote:
I have to emphasize how unusual I believe this policy is. I have been trying to find some example of an open source project-related membership foundation (there aren't too many of these) with a similar policy, with no success. [...]
I see no major problem redefining (clarify) the concept of ATC and Individual Members but this deserves its own separate thread to investigate the ramifications.
I'd like to see this investigation happen. In responses to the doc contributor survey, people have mentioned git/gerrit as a barrier to contributing to docs. They want to make OpenStack docs better but won't necessarily shepherd a patch through or review patches in gerrit. They contribute in other ways by logging doc bugs, testing instructions, and writing blog entries about their findings. I can envision a world where we have two equally important classes of contributors: "I make OpenStack and contribute" and "I use OpenStack and contribute" -- and I sense that providing an alternative to the CLA and its responsibilities may be one way to help raise up the number of contributions from users. Anne
Also, it is not beyond the realm of possibility that the Foundation might someday charge a fee for Individual memberships. If that ever happened, and the policy remained in place, I believe it would look really bad.
It would be so bad that it won't happen, realistically... it's as likely to happen as charging for downloads.
Moving forward, maybe we should start discussing how we can split the ATC role from the 'plain' contributor role. I will take a shot at writing a 'license deed' to submit here for evaluation. Any other thoughts?
/stef
-- Ask and answer questions on https://ask.openstack.org
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
I have never been consulted on this issue, but this interpretation of the bylaws is incorrect. ATC is defined to require someone to be an Individual Member, but ATC is concerned with voting for the Technical Committee, it does not restrict contributions. Anyone, member or non-member, can submit a contribution if they have signed the relevant CLA. -----Original Message----- From: Thierry Carrez [mailto:thierry@openstack.org] Sent: Tuesday, April 22, 2014 9:24 AM To: legal-discuss@lists.openstack.org Subject: Re: [legal-discuss] Trivial contributions and CLAs Richard Fontana wrote:
[...] As you and a few other subscribers to this list know I have recently expressed some puzzlement and concern about the apparent requirement (which I had not previously known about) that one must be (or be employed by) an OpenStack Foundation member as a prerequisite for submitting a patch to an OpenStack project.
I think the OpenStack Foundation *can* impose this requirement, but I don't understand why this is seen as desirable. We now have two known cases where it has caused problems.
For that reason I don't believe the specific issue noted there is a legal issue as such, but a development process and Foundation-membership-promotion policy issue. (It probably should be discussed by people involved with the OpenStack Foundation and the OpenStack developer community somewhere.)
Maybe I can shine some light in that grey area. The origin of this requirement is the definition of 'ATC' (active technical contributor). Pre-foundation it was simply equivalent to code contributor. You contribute, you are an active technical contributor, and therefore you're allowed to vote in PTL and PPB/TC elections. Unfortunately, the Foundation bylaws state (in Appendix 4) that ATCs must be individual members of the Foundation. There are two ways to read that -- all contributors must be individual members, or "ATCs" are the subset of contributors that happen to also be individual members. Since it was quite difficult to map contributors to individual members and ensure that only the subset of contributors that are individual members are considered ATCs, it was simpler to just consider the original sense of "ATC" (active contributor) and consider that the bylaws state the all contributors must be individual members of the Foundation. Not saying it wouldn't make sense to fix that, just explaining where it comes from. -- Thierry Carrez (ttx) _______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss Please consider the environment before printing this email. The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
Radcliffe, Mark wrote:
I have never been consulted on this issue, but this interpretation of the bylaws is incorrect. ATC is defined to require someone to be an Individual Member, but ATC is concerned with voting for the Technical Committee, it does not restrict contributions. Anyone, member or non-member, can submit a contribution if they have signed the relevant CLA.
My point is that the bylaws redefined a term that was already widely in use in our community ("ATC"). It used to mean "contributor to the code" and suddenly it meant "subset of contributors to the code that are also Foundation individual members". So it's not entirely weird that the instructions to "become an ATC" ended up including "join the foundation as an individual member". ATC still means "recent contributor to the code" in most people's minds. The dev lounge at summits had a sign "ATC only". I'm not sure we actually meant to restrict that lounge to a subset of contributors. Now this is probably something we can fix, we just need to use a new term for the "contributors" and some sane and foolproof way to determine whose subset of those are an "ATC" (new meaning). -- Thierry Carrez (ttx)
Unfortunately, I did not know that history. ATC was a term that I was provided during the drafting of the bylaws. I agree with you that we need to find a different term for contributor. -----Original Message----- From: Thierry Carrez [mailto:thierry@openstack.org] Sent: Wednesday, April 23, 2014 1:11 AM To: Radcliffe, Mark; legal-discuss@lists.openstack.org Subject: Re: [legal-discuss] Trivial contributions and CLAs Radcliffe, Mark wrote:
I have never been consulted on this issue, but this interpretation of the bylaws is incorrect. ATC is defined to require someone to be an Individual Member, but ATC is concerned with voting for the Technical Committee, it does not restrict contributions. Anyone, member or non-member, can submit a contribution if they have signed the relevant CLA.
My point is that the bylaws redefined a term that was already widely in use in our community ("ATC"). It used to mean "contributor to the code" and suddenly it meant "subset of contributors to the code that are also Foundation individual members". So it's not entirely weird that the instructions to "become an ATC" ended up including "join the foundation as an individual member". ATC still means "recent contributor to the code" in most people's minds. The dev lounge at summits had a sign "ATC only". I'm not sure we actually meant to restrict that lounge to a subset of contributors. Now this is probably something we can fix, we just need to use a new term for the "contributors" and some sane and foolproof way to determine whose subset of those are an "ATC" (new meaning). -- Thierry Carrez (ttx) Please consider the environment before printing this email. The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
On Wed, 2014-04-23 at 00:17 +0000, Radcliffe, Mark wrote:
I have never been consulted on this issue, but this interpretation of the bylaws is incorrect. ATC is defined to require someone to be an Individual Member, but ATC is concerned with voting for the Technical Committee, it does not restrict contributions. Anyone, member or non-member, can submit a contribution if they have signed the relevant CLA.
Why do we wish to prevent contributors who aren't members of the foundation from voting in the TC election? I don't how the two things need to relate at all. Mark.
participants (15)
-
Alice King
-
Alice King
-
Anne Gentle
-
Davanum Srinivas
-
Dolph Mathews
-
Julie Pichon
-
Julien Danjou
-
Marc Ehrlich
-
Mark McLoughlin
-
Radcliffe, Mark
-
Richard Fontana
-
Sean Dague
-
Stefano Maffulli
-
Thierry Carrez
-
Tom Fifield