Permalink
Browse files

Merge pull request #4 from Obvious/danfuzz-tweaks

Tweaks to the OCLA description
  • Loading branch information...
2 parents b9c19d8 + 4f54b36 commit b97322858e82ae1ea45b1104ad884f25bcb87269 @danfuzz danfuzz committed Jul 5, 2012
Showing with 57 additions and 18 deletions.
  1. +3 −1 README.md
  2. +54 −17 sign-ocla.md
View
@@ -42,7 +42,9 @@ two things:
The reason we do this is to ensure, to the extent possible,
that we don't "taint" the projects with contributions that turn
-out to be improper.
+out to be improper. If you want a longer explanation, then you
+can check out the ["rationale"
+section](https://github.com/Obvious/open-source/blob/master/sign-ocla.md#rationale).
Once you sign the Obvious Contributor License Agreement (the "OCLA"),
we will then be able to merge your contributions with a clear
View
@@ -47,8 +47,8 @@ I hereby agree to the terms of the Obvious Contributors License
Agreement, version 1.0, with MD5 checksum
fbe613f727e76c93e4a5967536c87fbe.
-I furthermore declare that I am free and able to make this agreement
-and sign this declaration.
+I furthermore declare that I am authorized and able to make this
+agreement and sign this declaration.
Signed,
@@ -98,28 +98,64 @@ Replace the bracketed text as follows:
Rationale
---------
+### Why do this at all?
+
+The point of the OCLA signing process is to have a credible record of
+a developer stating that they really intend to contribute to an open
+source project. Technically speaking, the thing we are aiming for is a
+*non-repudiable* statement from a contributor, that is, a statement
+that would be a blatant falsehood to later deny.
+
+This is an important step in assuring that an open source project
+— any open source project — truly is open source. More
+specifically, it helps guard against bad actors who contribute to a
+project only *apparently* in good faith, and then later make trouble
+by claiming they weren't really contributing under the project's open
+source license. For some projects "trouble" has historically come, for
+example, in the form of patent lawsuits.
+
+The Obvious Corporation wants to do our part to guard against this
+potential trouble, and we believe so should you. We aren't innovating
+here by asking you to sign an agreement, but we *are* trying to
+innovate by making the agreement and process nearly-transparent,
+natural to do for folks already active in open source, and (we hope)
+extremely understandable.
+
+For comparison, here are a few other open source projects and
+organizations that use contributor license agreements or have similar
+processes:
+
+* [ANTLR](http://www.antlr.org/):
+ <http://www.antlr.org/doc/ANTLR-contributor-agreement.pdf>
+* [Apache](http://www.apache.org/): <http://www.apache.org/licenses/icla.txt>
+* [GNU](http://www.gnu.org/):
+ <http://www.gnu.org/prep/maintain/html_node/Copyright-Papers.html>
+* [Google](http://code.google.com/) (Android, Chrome / ChromeOS, and more):
+ <http://code.google.com/legal/individual-cla-v1.0.html>
+* [Linux kernel](http://kernel.org/):
+ <http://elinux.org/Developer_Certificate_Of_Origin>
+* [Node](http://nodejs.org/): <http://nodejs.org/cla.html>
+* [10Gen](http://www.10gen.com/) (MongoDB):
+ <http://www.10gen.com/contributor>
+
+### Why do it this way?
+
In an older time, this sort of agreement might have been collected in
paper form. You might have been asked to sign a piece of paper and
then send it into an organization (perhaps physically or as a fax),
which would in turn keep it in a real filing cabinet.
We no longer live in that time.
-The point of all this is to have a record of someone's statement, such
-that they can't credibly claim later that they didn't make that
-statement. That is, what we want is a *non-repudiable* record of
-someone's statement. This provides the company and the open projects
-it manages protection against malicious would-be contributors.
-
One wonderful thing about the world we live in today is that we can
-achieve this non-reputiability without having to have a physical
-document. In the case of the OCLA, we bootstrap this ability off of
-the infrastructure provided by GitHub. In particular, we treat GitHub
-as a neutral third party to witness the transactions between a
-would-be contributor and The Obvious Corporation. GitHub ends up
-acting sort of like a notary, in that its records of the actions
-&mdash; such as in particular the pull requests &mdash; of people
-using it can be taken as authoritative and unbiased.
+achieve the necessary non-reputiability without having to have a
+physical document. In the case of the OCLA, we bootstrap this ability
+off of the infrastructure provided by GitHub: More specifically, we
+treat GitHub as a neutral third party to witness the transactions
+between a would-be contributor and The Obvious Corporation. GitHub
+ends up acting sort of like a notary, in that its records of the
+actions &mdash; such as in particular the pull requests &mdash; of
+people using it can be taken as authoritative and unbiased.
So, when a contributor forks this project, commits a change indicating
agreement to the OCLA, and files a pull request back with this project,
@@ -136,7 +172,8 @@ some information that can link you to your contributions, even if you
later delete your GitHub account. Since people rightly desire privacy
about their addresses and phone numbers, we don't ask for this
information to be made public in the pull request, instead going for a
-traditional email.
+traditional email. We promise never to use this information for
+any purpose other than resolving authorship disputes.
The upshot is that filing a pull request containing a statement of
agreement to the OCLA, along with the supplementary email, is close

0 comments on commit b973228

Please sign in to comment.