Today we’re very excited to announce the open-source release of the Windows Subsystem for Linux. This is the result of a multiyear effort to prepare for this, and a great closure to the first ever issue raised on the Microsoft/WSL repo:
You absolutely do not need a CLA with a copyright transfer. There are plenty of large projects that use a Developer Certificate of Origin that protects the company while not allowing them to change the license of your contribution.
I’ll grant that my original post was pissy and angry and not a great take, however. You make good points here.
Does the DCO really offer a real guarantee? it looks like it just adds a Signed-off-by John line at the end of the commit, with no actual signature checking that enforces any particular version of a particular document is being acknowledged. IANAL but it doesn’t look like something proven to work in court to give legal protection.
Sure, it’s easier to simply add a sign-off-by line than actually accepting a legal agreement, so it reduces the barrier of entry, but if this were really enough to establish the conditions to shift liability then I don’t see why companies wouldn’t start using their own DCOs and extending them, essentially just being a more convenient CLA (which is a license agreement, not a copyright transfer, even if some might add terms that allow relicensing… which anyway is already possible given the project is already MIT licensed).
CLA and copyright assignment are different things. In some jurisdictions copyright assignment is impossible. That was among the clashes European FOSS contributors had with the Free Software Foundation and Richard Stallmann in the 1990s and 2000s.
You absolutely do not need a CLA with a copyright transfer. There are plenty of large projects that use a Developer Certificate of Origin that protects the company while not allowing them to change the license of your contribution.
I’ll grant that my original post was pissy and angry and not a great take, however. You make good points here.
Does the DCO really offer a real guarantee? it looks like it just adds a
Signed-off-by Johnline at the end of the commit, with no actual signature checking that enforces any particular version of a particular document is being acknowledged. IANAL but it doesn’t look like something proven to work in court to give legal protection.Sure, it’s easier to simply add a sign-off-by line than actually accepting a legal agreement, so it reduces the barrier of entry, but if this were really enough to establish the conditions to shift liability then I don’t see why companies wouldn’t start using their own DCOs and extending them, essentially just being a more convenient CLA (which is a license agreement, not a copyright transfer, even if some might add terms that allow relicensing… which anyway is already possible given the project is already MIT licensed).
CLA and copyright assignment are different things. In some jurisdictions copyright assignment is impossible. That was among the clashes European FOSS contributors had with the Free Software Foundation and Richard Stallmann in the 1990s and 2000s.