[Owasp-board] CLA's for Open Source Projects

Jim Manico jim.manico at owasp.org
Wed Sep 24 19:52:13 UTC 2014


Very helpful, thanks folks.

--
Jim Manico
@Manicode
(808) 652-3805

On Sep 24, 2014, at 11:11 AM, Josh Sokol <josh.sokol at owasp.org> wrote:

+1 Johanna.  No issues with a CLA in theory, but it will depend
specifically on the language in the CLA and the license they are granting.

~josh

On Wed, Sep 24, 2014 at 3:51 AM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> Jim,
>
> This license is an agreement between the contributor and his company
> ,this seems to be the case for Apache.
> http://www.apache.org/licenses/icla.txt
>
> I believe that by closing an agreement between contributors and himself or
> his company, he wants to avoid issues with copyrights, because he wants to
> hold the rights of his project. However, depending on what kind of open
> source license he wants to use in his project, it will determine if this
> fits with Owasp projects guidelines
>
> How I see it, the agreement between he and his contributors is not coupled
> to the open source license he wants to use in his project and releasing it
> under owasp umbrella. This CLA applies only between his company  and his
> potential contributors, owasp as an organization is not tied to this
> agreement, but it will be the first time a project request this from his
> contributors.
>
> "The purpose of a CLA is to ensure that the guardian of a project's
> outputs has the necessary ownership or grants of rights over all
> contributions to allow them to distribute under the chosen licence. In some
> cases this will mean that the contributor will assign the copyright in all
> contributions to the project owner; in other cases, they will grant an
> irrevocable licence to allow the project maintainer to use the contribution"
>
> I think the most important questions here are
> Which open source license does he wants to use to release his project
> under Owasp brand, as an Owasp project ? And
> Does Owasp agree that a project leader requests a CLA from his/her
> contributors?
>
> My 2 cents
>
> Regards
>
> Johanna
>
> On Tuesday, September 23, 2014, Jim Manico <jim.manico at owasp.org> wrote:
>
>> Board and Johanna,
>>
>> A member of our community approached us with an interest of open sourcing
>> a substantial project. He is asking that contributors sign *his* CLA before
>> contributing to the project since he is about to open source what is the
>> lifeblood of his company.
>>
>> I'm torn; I want the contribution but I have not faced CLA's before at
>> OWASP. Apache and others do require these...
>>
>> My though is, we may want to consider a OWASP CLA someday, but if a
>> company requires a CLA for commercial purposes, we politely pass.
>>
>> That aside, I do not have a solid opinion on this matter and I'm not sure
>> how to respond....
>>
>> Aloha,
>> Jim
>>
>>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140924/cf0a24c9/attachment.html>


More information about the Owasp-board mailing list