Open Stack

-----Original Message-----
From: Mark McLoughlin [mailto:markmc at redhat.com]
Sent: Tuesday, April 22, 2014 11:10 PM
To: Radcliffe, Mark
Cc: Tom Fifield; Stefano Maffulli; legal-discuss at lists.openstack.org
Subject: Re: [legal-discuss] Trivial contributions and CLAs

On Wed, 2014-04-23 at 00:22 +0000, Radcliffe, Mark wrote:
> Mark:
>
> I don't understand your first comment.   The OpenStack Foundation has
> adopted the Apache model. The Apache Software Foundation uses a CLA
> for all of its projects.  The OpenStack LLC also used a CLA.  The CLA
> has been used as long as OpenStack has been a project.  Moreover, the
> form of the  CLA is hardwired into the Bylaws of the Foundation.

≫You said "all projects require a license to the code". In our case, the OpenStack Foundation requires a license to the code which allows us to redistribute the ≫code under the terms of the Apache License. That does not explain why the OpenStack Foundation requires the code to be submitted under the terms of ≫the CLA rather than under the terms of the Apache License.

≫Yes, the Apache Foundation uses a CLA and yes we currently follow a similar model. That doesn't mean its use is justified.

Although I am happy to continue this conversation at a philosophical level, I think that we need to be aware that the Foundation made this choice when it was formed and "hardwired" the decision in the Bylaws. As currently drafted, the Bylaws always contemplate the use of a CLA. The bylaws set up the following hierarchy: (1) contributions under the OpenStack Contributor License Agreements in Appendix 7 (2) contributions under a modified CLA  (or license) approved by the Board and (3) contributions under the OpenStack Contribution License Agreements with non-material  amendments by the Executive Director if the Board grants such power to the Executive Director.  The relevant section is:

The Foundation shall generally accept contributions of software made pursuant to the terms of the Contributor License Agreements attached as Appendix 7. The Board of Directors may adopt additional contributor license agreements as may be appropriate for certain organizations or contributions to secure a license on terms which will permit distribution under the Apache License 2.0, and may require inclusion of the Apache License 2.0 license header in code contributions. The Board of Directors may delegate the authority to make non material amendments to the Contributor License Agreement to the Executive Director so long as such modifications permit distribution of the software under Apache License 2.0.

> I also disagree with your second point. Many lawyers would feel more
> comfortable if the agreement is widely used because that like open
> source code, they believe that if many lawyers have reviewed the
> agreement it is likely to be acceptable.

≫You said "the potential contributor should be able to derive comfort" in response to Tom's example case of a contributor not having access to counsel. So ≫we're not talking about what makes lawyers feel more comfortable.

≫In cases such as that, I don't think "trust us, many others do" cuts it.

≫Mark.

Let me broaden my comment to include lawyers and non-lawyers.  Individuals and companies agree to legal terms on a frequent basis without any legal review. Virtually every website has terms and conditions which apply to both individuals and companies.  Individuals sign up to legal terms whenever they order a book from Amazon or open an Gmail account and I doubt that many individuals have lawyers review the terms.  Moreover, every person and every company who wants to use cloud services from any vendor, from Amazon to HP to Microsoft  will sign up to their terms of service and many times without legal review (I know because I have had to deal with the consequences).  I believe that "trust us, many others do" does work: both individuals and lawyers should take comfort from the Apache approach which has been in place for over fifteen years with no complaints of which I am aware.

> -----Original Message-----
> From: Mark McLoughlin [mailto:markmc at redhat.com]
> Sent: Tuesday, April 22, 2014 3:16 PM
> To: Radcliffe, Mark
> Cc: Tom Fifield; Stefano Maffulli; legal-discuss at lists.openstack.org<mailto:legal-discuss at lists.openstack.org>
> Subject: Re: [legal-discuss] Trivial contributions and CLAs
>
> On Tue, 2014-04-22 at 15:28 +0000, Radcliffe, Mark wrote:
> > Thanks.  The more critical issue is that we need to be sensitive to
> > our users to ensure that we have the right necessary to include the
> > "trivial contribution" in OpenStack under the Apache license. If the
> > "trivial contribution" is code is likely to be copyrightable (a very
> > low standard).  All projects require a license to the code, even if
> > they choose to use the project "license" as the license (such as
> > Linux).
>
> I don't feel I can explain to contributors why they need to do anything other than license the code (to the world) under the Apache License in order for the contribution to be included in OpenStack under the Apache License.
>
> > The potential contributor should be able to derive comfort from the
> > fact that hundreds of companies have signed the OpenStack CLA
> > without changes (we have never agreed to any changes and Apache has
> > also not agreed to changes in its CLA on which our CLA is based) and
> > thousands (maybe tens of thousands) have signed the Apache CLA.  My
> > experience is that many "legal" agreements are signed without legal
> > review particularly if the agreement cannot be changed, so I think
> > that your proposed scenario is not as common as you suggest.
>
> Don't worry about this agreement you're being asked to sign with the OpenStack Foundation because many others have already signed it?
>
> That's not an approach I feel we should be recommending to potential contributors.
>
> Mark.
>
>
> > -----Original Message-----
> > From: Tom Fifield [mailto:tom at openstack.org]
> > Sent: Tuesday, April 22, 2014 8:08 AM
> > To: Radcliffe, Mark; Stefano Maffulli;
> > legal-discuss at lists.openstack.org<mailto:legal-discuss at lists.openstack.org>
> > Subject: Re: [legal-discuss] Trivial contributions and CLAs
> >
> > On 22/04/14 22:53, Radcliffe, Mark wrote:
> > > Why can't they sign the CLA?  IBM and HP are very sensitive to their IP and they have signed it.
> >
> > This may be completely irrelevant, but I just feel like noting that
> > IBM and HP also have in-house counsel, who can probably look at
> > these things
> > :) It's probably also worth their while, given the scale of their contributions.
> >
> > However, picture a much smaller organisation. One without a lawyer on tap.
> >
> > Picture a system administrator, having discovered a small flaw in OpenStack, and having goodwill to want to work with the community.
> >
> > What happens in this case?
> >
> > Three theories:
> > - sysadmin asks the manager to sign the corporate CLA, who balks at
> > the legalese, and weighs up whether it's worth forking out x-hundred
> > per hour for the external counsel to merely entertain their star
> > sysadmin's pet project
> > - sysadmin just signs CLA without approval from anyone in the
> > organisation
> > - sysadmin gives up, assuming manager won't approve
> >
> > It's late, and I may be missing several other potential outcomes to this case, but these seem like poor outcomes, which are plausibly happening more frequently than we record.
> >
> > We really want to encourage these kind of users to contribute, and I don't think the big problem is being sensitive to IP.
> >
> > Regards,
> >
> >
> > Tom
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: Stefano Maffulli [mailto:stefano at openstack.org]
> > > Sent: Tuesday, April 22, 2014 7:35 AM
> > > To: legal-discuss at lists.openstack.org<mailto:legal-discuss at lists.openstack.org>
> > > Subject: [legal-discuss] Trivial contributions and CLAs
> > >
> > > I have been notified of another very small patch that is left in a
> > > limbo, with the author not allowed to sign the CLA and the
> > > developers stuck in unknown legal territory. You can read more
> > > about it on
> > >
> > > https://bugs.launchpad.net/bugs/1308984
> > >
> > >  From what I can see, the patch is trivial and shouldn't even be copyrightable but the person spotting the issue and fixing it is not comfortable signing the CLAs. Can any other developer copy the patch and put it into our trunk? Until when is this sort of behaviour safe?
> > >
> > > We're getting more of these small blockers and I think it's already a problem. Having to sign a Corporate CLA and Individual CLA for a trivial patch, from an operator (whose job is to run clouds, resulting in small and rare patches, not to develop large features) can conflict with our effort to get more operators involved in OpenStack.
> > >
> > > I'm not sure what solutions are available. If we can't change the CLA processes easily, what else can we do to get small contributions like these?
> > >
> > > thanks,
> > > /stef
> > >
> > > --
> > > Ask and answer questions on https://ask.openstack.org
> > >
> > > _______________________________________________
> > > legal-discuss mailing list
> > > legal-discuss at lists.openstack.org<mailto:legal-discuss at lists.openstack.org>
> > > http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
> > > Please consider the environment before printing this email.
> > >
> > > The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster at dlapiper.com<mailto:postmaster at dlapiper.com>. Thank you.
> > >
> > >
> > > _______________________________________________
> > > legal-discuss mailing list
> > > legal-discuss at lists.openstack.org<mailto:legal-discuss at lists.openstack.org>
> > > http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
> > >
> >
> > Please consider the environment before printing this email.
> >
> > The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster at dlapiper.com<mailto:postmaster at dlapiper.com>. Thank you.
> >
> >
> > _______________________________________________
> > legal-discuss mailing list
> > legal-discuss at lists.openstack.org<mailto:legal-discuss at lists.openstack.org>
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
>
>
> Please consider the environment before printing this email.
>
> The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster at dlapiper.com<mailto:postmaster at dlapiper.com>. Thank you.



Please consider the environment before printing this email.

The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster at dlapiper.com. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/legal-discuss/attachments/20140423/2f191d4e/attachment-0001.html>