[Owasp-board] CLA's for Open Source Projects
josh.sokol at owasp.org
Wed Sep 24 15:11:40 UTC 2014
+1 Johanna. No issues with a CLA in theory, but it will depend
specifically on the language in the CLA and the license they are granting.
On Wed, Sep 24, 2014 at 3:51 AM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:
> This license is an agreement between the contributor and his company
> ,this seems to be the case for Apache.
> I believe that by closing an agreement between contributors and himself or
> his company, he wants to avoid issues with copyrights, because he wants to
> hold the rights of his project. However, depending on what kind of open
> source license he wants to use in his project, it will determine if this
> fits with Owasp projects guidelines
> How I see it, the agreement between he and his contributors is not coupled
> to the open source license he wants to use in his project and releasing it
> under owasp umbrella. This CLA applies only between his company and his
> potential contributors, owasp as an organization is not tied to this
> agreement, but it will be the first time a project request this from his
> "The purpose of a CLA is to ensure that the guardian of a project's
> outputs has the necessary ownership or grants of rights over all
> contributions to allow them to distribute under the chosen licence. In some
> cases this will mean that the contributor will assign the copyright in all
> contributions to the project owner; in other cases, they will grant an
> irrevocable licence to allow the project maintainer to use the contribution"
> I think the most important questions here are
> Which open source license does he wants to use to release his project
> under Owasp brand, as an Owasp project ? And
> Does Owasp agree that a project leader requests a CLA from his/her
> My 2 cents
> On Tuesday, September 23, 2014, Jim Manico <jim.manico at owasp.org> wrote:
>> Board and Johanna,
>> A member of our community approached us with an interest of open sourcing
>> a substantial project. He is asking that contributors sign *his* CLA before
>> contributing to the project since he is about to open source what is the
>> lifeblood of his company.
>> I'm torn; I want the contribution but I have not faced CLA's before at
>> OWASP. Apache and others do require these...
>> My though is, we may want to consider a OWASP CLA someday, but if a
>> company requires a CLA for commercial purposes, we politely pass.
>> That aside, I do not have a solid opinion on this matter and I'm not sure
>> how to respond....
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board