Open Source Contributor Agreements: Some Examples

The first part of this article explained the purpose and scope of Contributor Agreements in open source projects. This article presents an overview of some Contributor Agreements that are used in the community.

Contributor Agreements come in all shape and forms, ranging from full-fledged Contributor License Agreements (CLA) that have to be signed to informal consent to some set of rules. This article will take a look at a number of different agreements in order to show that community norms can vary widely.

Apache's Individual Contributor License Agreement

The Apache Software Foundation (ASF) maintains two formal Contributor License Agreements (CLA), one for individual contributors and one for corporate contributions. The Individual CLA covers the following points:

  • Contributors grant the ASF and recipients of software distributed by the ASF a broad copyright license.
  • Contributors grant a patent license to their contributions.
  • Contributors acknowledge that they are legally entitled to grant the above license.
  • Contributors acknowledge that each of their contributions is their original creation.
  • Contributors are not expected to provide support for their contributions, except to the extent they desire to provide support.
  • How to handle submissions of work that is not their original creation (i.e. works by a third-party).
  • Contributors agree to notify the ASF when any circumstances change.

Fedora Project Contributor Agreement

Fedora is in the process of adopting the Fedora Project Contributor Agreement (FPCA), which covers the following points:

  • Contributors have to ensure that they have proper permission to make a contribution. For example, they can ask their employers to put the contribution under an open source license that Fedora accepts.
  • If a contribution has a license, this license is followed.
  • Fedora defines some default licenses for contributions which don't explicitly state the license. For code contributions, the MIT is used; the Creative Commons Attribution ShareAlike 3.0 Unported license is used for content.

The Fedora Project Contributor Agreement does not require contributors to assign copyright to Fedora or Red Hat.

Linux kernel Developer's Certificate of Origin

The Linux kernel project has adopted the Developer's Certificate of Origin. Developers use it to assert the following points:

  • The contribution was created by me and I have the right to submit it under the indicated open source license.
  • The contribution is based on previous work that is also under the indicated license.
  • The contribution was provided directly to me by someone who certified it and I didn't modify it. -- This clause is useful because contributions pass through subsystem maintainers without modification until they reach Linus Torvalds, the maintainer of the Linux kernel.
  • I understand that the contribution and project are public and recorded. -- This has nothing to do with code origin but with privacy, as all the work on the Linux kernel is done in the public.

The way by which developers accept the Developer's Certificate of Origin for each contribution is to put a Signed-off-by line with their name between the description of their change and the actual change.

Debian's Social Contract

While Debian has no formal Contributor Agreement per se, all contributors who become official members of the project have to accept Debian's Social Contract for their Debian related activities. Among other things, the Social Contract states that "Debian will remain 100% free" (free according to the Debian Free Software Guidelines). Therefore, it can be implied that all contributions to Debian made by members of the project are open source. The license of contributions without explicit license statements is not clear since Debian does not define a default license like Fedora. However, Debian developers are encouraged to specify the copyright and license information for their submissions in the debian/copyright file of their software packages.