The first part
of this article explained the purpose and scope of Contributor
Agreements in open source projects. This article presents an overview
of some Contributor Agreements that are used in the community.
Contributor Agreements come in all shape and forms, ranging from
full-fledged Contributor License Agreements (CLA) that have to be signed
to informal consent to some set of rules. This article will take a look
at a number of different agreements in order to show that community
norms can vary widely.
Apache's Individual Contributor License Agreement
The Apache Software Foundation (ASF) maintains two formal Contributor
License Agreements (CLA), one for individual contributors and one for
corporate contributions. The Individual CLA covers the
- Contributors grant the ASF and recipients of software distributed by
the ASF a broad copyright license.
- Contributors grant a patent license to their contributions.
- Contributors acknowledge that they are legally entitled to grant the
- Contributors acknowledge that each of their contributions is their
- Contributors are not expected to provide support for their
contributions, except to the extent they desire to provide support.
- How to handle submissions of work that that is not their original
creation (i.e. works by a third-party).
- Contributors agree to notify the ASF when any circumstances
Fedora Project Contributor Agreement
Fedora is in the process of adopting the Fedora Project Contributor
Agreement (FPCA), which covers the following points:
- Contributors have to ensure that they have proper permission to make
a contribution. For example, they can ask their employers to put the
contribution under an open source license that Fedora accepts.
- If a contribution has a license, this license is followed.
- Fedora defines some default licenses for contributions which don't
explicitly state the license. For code contributions, the MIT is used;
the Creative Commons Attribution ShareAlike 3.0 Unported license is used
The Fedora Project Contributor Agreement does not require contributors
to assign copyright to Fedora or Red Hat.
Linux kernel Developer's Certificate of Origin
The Linux kernel project has adopted the Developer's Certificate of
Origin. Developers use it to assert the following points:
- The contribution was created by me and I have the right to submit it
under the indicated open source license.
- The contribution is based on previous work that is also under the
- The contribution was provided directly to me by someone who
certified it and I didn't modify it. -- This clause is useful because
contributions pass through subsystem maintainers without modification
until they reach Linus Torvalds, the maintainer of the Linux
- I understand that the contribution and project are public and
recorded. -- This has nothing to do with code origin but with privacy,
as all the work on the Linux kernel is done in the public.
The way by which developers accept the Developer's Certificate of Origin
for each contribution is to put a
Signed-off-by line with their
name between the description of their change and the actual change.
Debian's Social Contract
While Debian has no formal Contributor Agreement per se, all
contributors who become official members of the project have to accept
Contract for their Debian related activities. Among other things,
the Social Contract states that "Debian will remain 100% free" (free
according to the Debian Free Software Guidelines). Therefore, it can be
implied that all contributions to Debian made by members of the project
are open source. The license of contributions without explicit license
statements is not clear since Debian does not define a default license
like Fedora. However, Debian developers are encouraged to specify the
copyright and license information for their submissions in the
debian/copyright file of their software packages.