Skip to content

Instantly share code, notes, and snippets.

@isaacs isaacs/
Last active Sep 26, 2017

What would you like to do?
Occasionally people get upset at being asked to sign a standard Apache-style CLA to contribute code to a project. This is my response. Please feel free to copy/remix/etc any or all of it regarding your own project if you like, and let me know in the comments if you have any feedback, especially if something in here is unreasonable or incorrect. …

Caveat: I am not a lawyer.

I understand that asking you to give up ownership of something may sound weird or pushy. Legal documents are scary, and can be fraught with unintended consequences if they're entered into lightly. I hope that I can shed some light on why a project would do so, since I've been through this with several projects I maintain.

You need to permit sublicensing and re-licensing so that if you die, the project doesn't have to track down your heirs to sign off on any license changes. (Sadly not an unrealistic or particularly uncommon situation.) Remember, IP laws do change, sometimes in ways that change the spirit of licenses, or make them insufficient or suboptimal to protect the freedoms that they were designed to protect. That's why licenses like the BSD 2-clause and ISC exist, because earlier licenses were no longer ideal for OSS projects using them.

It is completely reasonable for the project to require that you agree to give them – actually give them, all the way, without restriction – the code that you want to contribute as a condition of them including it in the official release and agreeing to maintain it indefinitely. If you didn't want to give it fully, then don't contribute to the project. If you want to retain sole control and ownership of it, then go write your own fork and build your own legal institutions around it. The current license gives you the right to do this, after all, and even if the project changes the license, you can fork at the time of the change, and use it under the current license forever.

By signing the CLA, you're giving up the right to tell the project that they are no longer permitted to use your code. But I think we can all agree that'd be a dick move anyway, so you won't do that. Also, no matter what, you can always use/license/sell/perform/etc the code you wrote, without restriction, forever, so you're not actually "giving up" anything in any relevant sense.

This is effectively the same requirement that Apache has for all their projects, and the Node.js, libuv, and http_parser projects require. (Even the wording is mostly identical.) You aren't being forced. If you object so strongly, simply tell the project maintainers that you would prefer to withdraw your contribution. It'll be a tedious bit of work for them to remove it, I'm sure, but it's your right. If you aren't going to withdraw your contribution, then sign the CLA.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.