top | item 38055166

(no title)

webmobdev | 2 years ago

True. Someone here in another comment has already pointed out that this project's CLA demands that all submissions have to be under the MIT license! This seems shady and can be perceived as an attempt to "steal" code in the future (MIT licensed code can be incorporated into xGPL license code, but it doesn't prevent the original license holder of the xGPL product to close source the product in the future. If the contributed code was also AGPL, the project managers would have to get permission from all submitters to close source a project or would be forced to remove their code from the product).

discuss

hardwaresofton|2 years ago

I don't see that they have a CLA -- I can only find their note about the license contributors must take[0].

I guess that's one way around the CLA -- they don't need one if they force all contributions to be MIT in a file most people wouldn't read.

In the end people the actual likelihood of someone making a credible legal threat is low so it all seems somewhat spurious but great way to go around the overt beacon that requiring CLA signing is.

[0]: https://github.com/OpenSignLabs/OpenSign/blob/bb846442ecbaa3...

riedel|2 years ago

For a project that deals with signatures it should be pretty obvious that this does not quite work in a legally sound way. At least in the PR they will need some prove that I acknowledge to have read this Contributing.md. They is a reason why people go through the hassle of CLA signing flows. Wonder why they do not dog food their own system.