At Open Data Services, we’ve been discussing the benefits of DCOs and CLAs for contributions to our open source codebases.
DCOs and CLAs both ensure that someone has explicitly signed off that their contributions can be used under the relevant licence. DCOs are simpler and easier to do, CLAs have the advantage of allowing us to impose extra conditions (Of most interest to us is the ability to relicense under a different open source licence).
For some of our projects, we had a link to a CLA on contributoragreements.org, but that seems to have broken recently, which isn’t very encouraging.
Does anyone in CoTech have experience with this, and want to share what they’ve done, and why?
Passing by … I work on a number of projects which use DCOs. I don’t see CLAs around much and I hear a lot of people say that they are too much of a barrier to entry. However, just recently, RedHat were convinced to drop their DCO requirement on one of their community projects due to mass complaints. It can certainly be a barrier to entry for some contributors (even though much easier to integrate than CLAs) and it is worth making sure you have extra capacity to help contributors through the process.
We use a mix of permissive and copyleft licences for different repos, depending on whether we think its more important to protect derivative code becoming proprietary, or to encourage adoption. So, our main use case is moving code from a copyleft to a permissive licence (possibly moving code between repos, rather than relicensing a whole repo).
A possible alternative to a CLA is just to be happy with the licences we’ve got!
I take the point. We’re looking at this for repositories where we’re the majority author by quite a long way, but conversely that means we’d have few authors to ask anyway.
I’d be interested in ability to relicense to a future cooperative license. Though that wouldn’t be taken lightly. Also, I’d prefer CLA limited which license could be migrated to.
I also see the value of a steward of the code hosting conversations that decide which license is best for the way to community wants to move forward. I could foresee a small number of cases where moving from copyleft to permissive might serve a community. E.g., if a directly competing permissive project starts up, and the community decides they’re likely to see their contributor base evaporate without the strategic change (I’m not in favour of unilateral decisions on that).
Of course, this all feels a bit “here be dragons”. The above opinions aren’t dearly held!
I have been familiar with the idea of a Contributor Licence Agreement, but not of a Developer Certificate of Origin, so I didn’t know what DCO stood for!
.