Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Ubuntu

Linus Torvalds: Any CLA Is Fundamentally Broken 279

sfcrazy writes "The controversy over Canonical's Contributor License Agreement (CLA) has once again surfaced. While Matthew Garrett raises valid points about the flaws in Canonical's CLAs, Linus Torvalds says 'To be fair, people just like hating on Canonical. The FSF and Apache Foundation CLA's are pretty much equally broken. And they may not be broken because of any relicencing, but because the copyright assignment paperwork ends up basically killing the community. Basically, with a CLA, you don't get the kind of "long tail" that the kernel has of random drive-by patches. And since that's how lots of people try the waters, any CLA at all – changing the license or not – is fundamentally broken.'"
This discussion has been archived. No new comments can be posted.

Linus Torvalds: Any CLA Is Fundamentally Broken

Comments Filter:
  • by tepples ( 727027 ) <tepples@gmai3.14159l.com minus pi> on Monday January 20, 2014 @06:34PM (#46019313) Homepage Journal
    Why doesn't the summary for articles like these spell out unfamiliar abbreviations such as "contributor license agreement"?
    • Thanks! And I could not agree more.

    • by Anonymous Coward on Monday January 20, 2014 @06:40PM (#46019365)

      I guess CLA clearly doesn't stand for "Clear and Labeled Acronym"...

    • by icebike ( 68054 ) on Monday January 20, 2014 @06:40PM (#46019367)

      I'm pretty sure they were talking about Conjugated linoleic acid. After all, that is the number one hit in google.

    • by techno-vampire ( 666512 ) on Monday January 20, 2014 @06:42PM (#46019405) Homepage
      Because the submitter doesn't know how to do it right, and the "editors" don't know how to do their job. What else do you expect from Slashdot?
      • by TWX ( 665546 ) on Monday January 20, 2014 @06:51PM (#46019473)

        Because the submitter doesn't know how to do it right, and the "editors" don't know how to do their job. What else do you expect from Slashdot?

        I used to expect a lot more from Slashdot, but now that none of the old-guard are left it's steadily and inexorably slipping in the same fashion that kuro5hin, The Register, and other tech sites have slipped.

        In case you didn't know, there are holding companies buying up forums, news sites, aggregators, etc. At this point half-a-dozen automotive forums that I've used are now under one company, and that company milks the forums for advertising revenue without really policing the forums for abuse anymore. Since those forums lack a community-policing method like Slashdot and a few others there's very little to stop the race to the bottom as suddenly off-topic discussions, especially politics, come to pollute the original purpose with garbage that has nothing to do with cars.

        These companies often don't advertise that they're in charge of so many forums, but some like The HAMB do. I encourage people to leave forums that head down this route, it's the only way to let these companies know that we don't appreciate what they're doing. Unfortunately that's probably a losing battle as there are a lot more users to replace those that walk away.

        • Because the submitter doesn't know how to do it right, and the "editors" don't know how to do their job. What else do you expect from Slashdot?

          I used to expect a lot more from Slashdot, but now that none of the old-guard are left it's steadily and inexorably slipping in the same fashion that kuro5hin, The Register, and other tech sites have slipped. In case you didn't know, there are holding companies buying up forums, news sites, aggregators, etc. At this point half-a-dozen automotive forums that I've used are now under one company, and that company milks the forums for advertising revenue without really policing the forums for abuse anymore. Since those forums lack a community-policing method like Slashdot and a few others there's very little to stop the race to the bottom as suddenly off-topic discussions, especially politics, come to pollute the original purpose with garbage that has nothing to do with cars. These companies often don't advertise that they're in charge of so many forums, but some like The HAMB do. I encourage people to leave forums that head down this route, it's the only way to let these companies know that we don't appreciate what they're doing. Unfortunately that's probably a losing battle as there are a lot more users to replace those that walk away.

          It's true, DICE knows how to kill a website. Hopefully someone will create an alternative that garners an interesting audience someday.

          Memories....

        • by Phroggy ( 441 ) <slashdot3NO@SPAMphroggy.com> on Monday January 20, 2014 @07:31PM (#46019787) Homepage

          I used to expect a lot more from Slashdot, but now that none of the old-guard are left it's steadily and inexorably slipping in the same fashion that kuro5hin, The Register, and other tech sites have slipped.

          The "old guard" editors didn't know how to do their jobs either. Note my user ID; I remember. I come here for the comments, not the articles.

        • there's very little to stop the race to the bottom as suddenly off-topic discussions, especially politics, come to pollute the original purpose with garbage that has nothing to do with cars.

          Yeah, just like your horrible car analogy.

      • No. Because shitty editing drives traffic.
      • It's not like it's ever been better. I don't think the editors have EVER read submissions. I mean seriously, complaining about that is like complaining that users don't read the article or the summary before commenting. It's always been like that, it always will, complaining about it wastes your time so don't bother.
        And it's not like the editors read the comments either which makes the complaining totally pointless as well.

        This is slashdot, there aren't editors (in the traditional sense), no one reads the a

    • Glad I'm not the only one who hadn't heard that one. I Googled it ASAP and got a page full of "Conjugated Linoleic Acid". Then, I went to TFA (Teach For America) and found the TLA (Title-Leading Acronym) PDQ.

    • by gallondr00nk ( 868673 ) on Monday January 20, 2014 @06:44PM (#46019423)

      Or mention the problem people have with the Canonical CLA in the first place, which according to TFA is the requirement that contributers sign an agreement that gives Canonical the right to relicense their contribution under a proprietary licence.

      • by trims ( 10010 ) on Monday January 20, 2014 @07:28PM (#46019755) Homepage

        Take a look at pretty much any major CLA out there.

        I'll name three big ones: OpenJDK, FSF's for GNU, and Apache's.

        ALL of them either directly assign the copyright of the contribution to the org, and thus, you lose any ability to control it whatsoever, or give the org the ability to relicense it explicitly.

        This is intentional, and a GOOD thing, because it increases the flexibility of the project, including making it easier to defend rights in court. Frankly, have a project with multiple copyright assignment is impossible to manage from a legal standpoint, let alone one where you don't even know the real identity of a contribution's author.

        The Linux kernel is stuck on the GNU v2 license for exactly this reason, and can never change. That's the fate of any such non-CLA'd Open Source project (other than something using Public Domain or the BSD license).

        FYI: the FSF can (and has) relicensed code contributed to GNU projects under a proprietary license. (gcc and part of the toolchain)

        • by ustolemyname ( 1301665 ) on Monday January 20, 2014 @07:48PM (#46019895)

          The Linux kernel is stuck on the GNU v2 license for exactly this reason, and can never change. That's the fate of any such non-CLA'd Open Source project (other than something using Public Domain or the BSD license).

          Actually no, the Linux kernel is stuck on the GNU GPL v2 because Linus made that decision on purpose. The default GNU license allows for relicencing under any later version, but Linux removed that clause on purpose.

          Here's his rant against GPLv3: https://lkml.org/lkml/2006/9/2... [lkml.org]

          • Yeah, I wonder just how many people I'd have to buy off at $100 million per head in order to get GPL 13: The final edition, Wherein I own everything, and you can all go suck eggs. Any later GPL versions are fraudulent. So nyeah.

            I rather suspect that even Stallman might yield to such temptation, and if not I'm sure some tragic accident could be arranged. The question is only whether or not it's a cost effective way to get a massive codebase while simultaneously throwing a significant legal workload on eve

          • by 0123456 ( 636235 )

            Actually no, the Linux kernel is stuck on the GNU GPL v2 because Linus made that decision on purpose. The default GNU license allows for relicencing under any later version, but Linux removed that clause on purpose.

            [citation needed]

            Later in the very email thread you linked to, he said:

            "For example, in the GPLv3 discussions, I've seen more than one person claim that I've used a special magic version of the GPLv2 that doesn't have the "v2 or any later" clause. Again, those people don't have a _clue_ about what they are talking about."

            Certainly the COPYING file at the top level of kernel.org's linux repository appears to include that clause. I didn't look in indvidual kernel tar files.

            • by jschrod ( 172610 )
              You should have looked into the kernel tar files.

              The 2nd paragraph of COPYING reads:

              Also note that the only valid version of the GPL as far as the kernel is concerned is _this_ particular version of the license (ie v2, not v2.2 or v3.x or whatever), unless explicitly otherwise stated.

              Since it is well known fact that Linux is GPLv2 only, what's your intent in denying that? Trolling?

              • Thanks, my kernel also says that ;)

                The relevant "or later" clause from GPLv2 is Section 9, for those who are curious.

                The point being, Linus could have allowed later versions of GPL. He explicitly decided to disallow them from the start, and has defended that position repeatedly.

        • FYI: the FSF can (and has) relicensed code contributed to GNU projects under a proprietary license. (gcc and part of the toolchain)

          Firstly, I'm not sure of examples where that's actually true, but it's at very least worth pointing out that the CLA that the FSF gives folks to sign (and FSF projects don't actually have to sign it, but they are encouraged to) stipulate that such code will always be available under a copyleft license---as Matthew Garrett points out in (one of) TFA. So regardless of any other

    • Yeah, I was trying to figure out what's wrong with Command Line Arguments.

    • Why doesn't the summary for articles like these spell out unfamiliar abbreviations such as "contributor license agreement"?

      PSSH. Everyone knows this article is about the computer law association.

    • by JustOK ( 667959 )
      Command Line Arguments. What you use when you can't use the Gooder User Interface (GUI) which is how computers were born to be.
    • Why doesn't the summary for articles like these spell out unfamiliar abbreviations such as "contributor license agreement"?

      You were expecting journalism majors to be editors of /. ??? ROFLMFAO

    • by cluening ( 6626 )

      I read this summary just so I could see how many times the obscure acronym was used without definition. It met my expectations!

    • I'm honestly a bit surprised that anyone interested in commentary by Linus Torvalds, Matthew Garrett and controversy over Canonical's policies in terms of copyright assignment (all of which is in the synopsis) wouldn't know what a CLA is.
    • by beernutz ( 16190 )

      I had to Google it as well, and came up with: Certified Linux Administrator

      Relevant, but still wrong.

  • CLA? (Score:2, Funny)

    by Anonymous Coward

    Canadian Lacrosse Association
    Canadian Library Association
    Caprivi Liberation Army
    Carry Look-Ahead Adder
    Causal layered analysis
    Certified Legal Assistant
    Cigarette Lighter Adapter
    Civil Liberties Association
    Communist League of America
    Conjugated linoleic acid
    Contributor License Agreement
    Cuban Liberator Army

    • by TWX ( 665546 )
      C*nt Lickers Anonymous?

      (censored to hopefully avoid tripping various workplace filters)
  • CLA (Score:5, Funny)

    by ZackSchil ( 560462 ) on Monday January 20, 2014 @06:40PM (#46019369)

    Yes of course, the CLA. I have long hated CLAs. CLAs are a problem and someone should do something about the CLAs.

  • by bug1 ( 96678 ) on Monday January 20, 2014 @06:47PM (#46019439)

    Free and Open source software are about working together to write software, its unquestionably good.

    There are tens of billions of dollars worth of Libre code out there, with thousands of unpunished violators, and only 2 or 3 people in the world defending it.

    And this "community" persistently rallies against working tegether Legally with CLA, i just dont understand, is it purely a trust thing ?

    (And if you want to help defend Free Software, consider donating to the Software Freedom Conservency)

    • There are tens of billions of dollars worth of Libre code out there

      It's only worth money if somebody is capitalizing it. Assigning any dollar value to 'Libre code' is dissonant. It's free, ergo .. it's not worth any amount of dollars.

      That doesn't mean it doesn't have value. It just means that the value isn't a dollar value.

      • by bug1 ( 96678 )

        It's only worth money if somebody is capitalizing it.

        Corporations do capitalise on Libre code.

        You obviously took the red pill, come back when your ready.

  • The purpose of CLAs is to maintain the hegemony for the ruling clique; the very point of a CLA is to provide the entrenched bureaucrats with a publicly acceptable reason for shutting the door on those pesky newcomers.

    • by dbc ( 135354 )

      Ummmm.... no. It's to provide a chain of provenance for all contributions that is defensible in court. Without that, it is often impractical to defend your code base against a legal attack.

      • by SEE ( 7681 )

        It wouldn't be a "publicly acceptable reason" if it didn't have plausibility at a first glance.

        The question, then, is if any of the reasons given actually have any merit, as opposed to mere plausibility. Which would require someone to come up with an example of when a CLA actually saved a project, or a lack of a CLA actually killed a project.

  • by Anonymous Coward on Monday January 20, 2014 @06:55PM (#46019515)

    But he's a wise asshole. Not cow-towing to the fail that is GPL 3 (kernel, git and subsurface.) Not climbing on the CLA bandwagon...

    One day Linus will be gone and Linux will probably fall into the hands of license-mongering zealots. I'm glad I probably won't be around to suffer that.

    • But.. how does linus handle contributions to the kernel? Are they stuck forever at GPLv2 because that's what all they myriad patches were submitted under and it would be prohibitive to track down everyone who ever contributed in order to get permission to change should it turn out GPLv2 has some kind of heretofore undiscovered flaw, or should a much better license come along that every other project is using except the kernel?

      Surely at some point you have to put trust in someone to do the right thing, and

  • by trims ( 10010 ) on Monday January 20, 2014 @07:39PM (#46019831) Homepage

    Normally, I see Linus being pragmatic about things, but I have no idea why he's against CLAs.

    Having a CLA (with some form of copyright assignment or "unlimited" sublicensing) is the ONLY way to run a flexible, long-term Open Source project.

    The Linux kernel is the only substantial project that doesn't do this, and, frankly, can only get away with it because it's so critical. Even there, it's a pain, because (to pick a stellar example), Linux will NEVER be able to relicense itself under an improved GNU license. It's stuck FOREVER on the GNU v2 license. Which is hardly a good thing.

    CLAs are a consequence of copyright, just like the licenses themselves are. They're necessary to allow a project to update the license, defend the entire codebase in court, keep track of ACTUAL authors, etc. If you don't have this, you have a toy project, one which ultimately will fail to succeed.

    If you don't like CLAs, then use the BSD or Public Domain route, because they're the only licenses (or non-license) that avoids all the traps of copyright law. Otherwise, if you want copyleft of any sort, then you have to use a CLA.

    Linus is basically complaining that having a driver's license is an obstacle to people just getting on the road and driving whenever they want. Sure, CLAs restrict the "fly by night" patcher. That's a feature not a bug. Sometimes, you do want to set the bar higher than the lowest common denominator. Naturally, some CLAs are worse than others, but the concept as a whole is sound.

    -Erik

    • by Anonymous Coward on Monday January 20, 2014 @08:08PM (#46020029)

      On the contrary, Linux is quite right. Lots of long-term open source projects don't require copyright assignment and I'm not likely to work for any which do. The reason is quite simple: If I'm contributing my time and effort to a project, I don't want the project's code to get relicensed without my concent. If a company, such as Canonical, wants me to contribute then they should be prepared to let me keep copyright of my code so I can be assured it won't get tucked away in a closed source project.

      The Linux kernel not getting relicensed under a newer form of the GPL is a feature, not a bug. Some companies which use Linux now wouldn't if it switched to the GPLv3 because the newer license isn't as friendly (or easy to read) as the old one.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Not all projects have copyright assignment. In fact, the majority use "unlimited, non-revokable sublicense" concept. You retain your copyright, but give the project the flexibility to do what it needs to with your code.

        By contributing, you're participating in the project, and ceding a portion of your influence as a cost of being a participant. Imaging if a project required UNANIMOUS consent of any contributor, ever, to make a license change. Or defend against a particular copyright suit, or similar. So,

      • Re: (Score:3, Interesting)

        by Rich0 ( 548339 )

        The Linux kernel not getting relicensed under a newer form of the GPL is a feature, not a bug.

        Yeah, explain that to me in 10 years when some court rules that contributions under the GPL are illegal to distribute due to some legal deficiency in the license. Suddenly there is no linux kernel, because there is no way to switch to a newer license that does not have that attribute.

        Sure, that might never happen, just as a firmware burned into a ROM might never need upgrading. However, if it does you're up the creek. The whole GPL2+ thing is about having an insurance policy.

        • by hweimer ( 709734 ) on Tuesday January 21, 2014 @03:29AM (#46022311) Homepage

          Yeah, explain that to me in 10 years when some court rules that contributions under the GPL are illegal to distribute due to some legal deficiency in the license.

          Actually, it is much more likely that a CLA will be found to be unenforcable than the text of a well-established software license. In fact, CLAs requiring copyright assignment are probably void in large parts of the world, meaning you are back to square one.

    • by phantomfive ( 622387 ) on Monday January 20, 2014 @08:37PM (#46020261) Journal

      Normally, I see Linus being pragmatic about things, but I have no idea why he's against CLAs.

      Linus doesn't like them because it's an extra barrier for people who might want to contribute to the code. The more barriers you have to contributors, the fewer will contribute. I can tell you that I fixed some bugs in Android, which I didn't contribute back, because the process was too painful (and that was before I realized there was a CLA; if I'd known that, I wouldn't have even tried).

      Of course, there are benefits to CLAs, as you point out, and Eban Moglen points out other benefits. It's a matter of choosing what your priorities are. Linus favors the ease of contribution. He also considers the fact that Linux is stuck forever on GPLv2 to be a feature, not a problem.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      The Linux kernel is the only substantial project that doesn't do this, and, frankly, can only get away with it because it's so critical. Even there, it's a pain, because (to pick a stellar example), Linux will NEVER be able to relicense itself under an improved GNU license. It's stuck FOREVER on the GNU v2 license. Which is hardly a good thing.

      ...Says you. Because Linus says that's precisely one of its beauties.

      If you don't like CLAs, then use the BSD or Public Domain route, because they're the only licenses (or non-license) that avoids all the traps of copyright law. Otherwise, if you want copyleft of any sort, then you have to use a CLA.

      ...Not having Linux under a CLA makes it easier to explain why he's sticking to a (good!) choice he did *over 20* years ago. No matter how hard you bitch, Linux will never be licensed under anything but GPLv2. And that's a feature.

    • It's stuck FOREVER on the GNU v2

      And? GPL v2 is, in many ways, the license. Linus is like Steve Jobs. He reminds us that one man can, sometimes, outperform a whole team, uniting an entire army behind him. I digress. What's wrong with being stuck on GPL2? It's an amazing license.

  • Not true (Score:5, Informative)

    by linuxhansl ( 764171 ) on Tuesday January 21, 2014 @12:45AM (#46021799)
    Let me just go ahead and call this bullshit. I am a committer to Apache HBase, and we see (and encourage) drive by patches all the time. The only folks who have to sign a CLA are the committers themselves, which seems reasonable to me.
  • Canonical-hate (Score:4, Informative)

    by jones_supa ( 887896 ) on Tuesday January 21, 2014 @06:07AM (#46022903)
    Linus is correct: even at Slashdot I see a lot of people hating Canonical just for the sake of doing it. They systematically hate Mark Shuttleworth and every new component that is introduced to Ubuntu.

"There is no statute of limitations on stupidity." -- Randomly produced by a computer program called Markov3.

Working...