netdata contributors license agreement #3695
Conversation
There was a problem hiding this comment.
LGTM.
For automatic CLA checks you can add sth like described here: https://jameshunt.us/writings/travis-cla.html
Or even better, you could use this: https://cla-assistant.io
|
LGTM. I'll summit a PR adding my signature when this gets merged. |
|
I am curious why not use GPLv3 or something similar? |
|
@alonbl A CLA covers assignment of copyright rights to the project, which the GPL (and pretty much every other software license) does not do. Pretty much, signing this means you agree not to go after netdata for using code you created. These are intended to prevent things like patent trolling (and also to place the onus on the developers to make sure their employer allows them to submit code as themselves, as there are still some companies out there that claim ownership of all code their employees write, even on their free time). IOW, this isn't changing the license of Netdata, it's just a fair use agreement for contributions. |
|
LGTM |
|
I checked this with a lawyer, and she said that an agreement needs 2 parties. "The Project (netdata)" is not a legal entity that can have agreements under law. So, either a person will have to be the other end or some kind of legal entity (company, non-profit, etc). Well... I don't want to be me. I'll be liable (with my personal property and financials) for any legal action against netdata! I will investigate a bit further and report back... |
|
What was the motivation to add a CLA in the first place? This will make contributions harder, and if there is no legal entity behind netdata, there is not much to be afraid of, is there? I you are really afraid of invalid contributions, have you considered a DCO instead? I don't think DCOs require two legal entities. |
|
@rlefevre As mentioned above, the typical reason for these is to avoid patent trolling, and also situations like the Bukkit project, which had some serious issues a while back when one of the big devs pulled out from the project and took his copyright rights with him (which covered a large percentage of the core code base for the project). |
|
Also, when the project is owned by a legal entity, that entity can be attacked up to its financial status. In simpler words, no one will force me to sell my house to pay penalties of any kind. Much like a legal firewall. Yes, extreme case, but better be safe than sorry... I researched a bit and found that a company can be created online in Estonia (EU) and Delaware (US). In both cases it is a Limited (Ltd in EU, LLC in US). The cost seems about 600 euro per year in Estonia, double that in US. Estonia also requires 2500 euro of capital (which as I understand it will be the max amount that can be lost before going bankrupt). That money can also be used for funding anything netdata related (i.e. documentation). A non-profit would also do, but it seems country specific and much more complicated. Since, I also plan to provide an online health monitoring service (yes, I have delayed that too much), that will eventually need some GDPR compliance, a few terms and conditions, etc I am kinda liking it this company approach... btw, the CLA I propose will be signed by just adding your name to it. I don't expect this to delay PRs in any way. Just edit another file and add your name to it. Just once. I read the Chef DCO discussion. They require all PRs to be amended! Every single of them. So, it is another git command for every commit, forever... I also found this: https://github.com/cla-assistant/cla-assistant - this automates a bit CLA signing, but I still think it is too complex. I can't really understand why signing a CLA via web is ok, but no one thought to just add a CONTRIBUTORS.md file with the CLA, requiring from the contributors to sign it by editing it and committing it. It uses the same authentication with the web version (github)! |
|
FWIW, I think an LLC or otherwise limited liability company is probably the best option if you can't get the stuff needed for an NPO taken care of. Assuming you get the OpenCollective stuff in PR #3619 set up, that would probably be a decent way to handle covering recurring yearly costs. I have a feeling given the netdata community that it would not be hard to raise 600 EUR or more a year through that. |
Well, I'm far from being a lawer, but I'm pretty sure that this will only protect the legal entity, not the contributors. If someone attacks the legal entity for copyright infrigment, this legal entity (which might not be controlled by you anymore in the future) will return or forward the attack on the contributors (ie: us) for having potentially signed illegally the CLA. As you are the main contributor, you are the main target, and you are back to square one, having to defend your signature (with your house). I'm not really confortable with this. Unfortunately, I don't have a solution to propose, but you should most likely share your goal to "not being attacked personnaly" with a lawyer to find the best solution (which is I think a different one than protecting the legal entity owning the code). On a side note, as stated in the document linked in your CLA:
So I'm not sure why you choose to add a transfer copyright clause (which is most likely void in France where I live anyway). |
|
Yes, I discussed this. A legal entity is the best it can get. The only better option is "don't do it - don't work on netdata - don't release it", which is unacceptable of course... This also answers why I chose to transfer the copyright. If all the software belongs to the company, the company can do whatever needs to be done with it. For example, it may have to comply with a less or more restrictive license than GPLv3. If the copyright belongs to the company, It will change the license to comply with the issue. Since we didn't steal the code, I can't see why how the netdata company will come after me or any other contributor. In general attackers go after a license or patent to get money. Having everything owned by a company with limited assets, means that a legal attack can only make the company go bankrupt. Case closed. The company will not attack anyone else. The software is GPL, so another company can take over, removing / replacing the code that triggered the legal issue. |
In the Bukkit project cited early, AFAIK they went after the code (using the copyright).
This is what could be contested. For example I don't work anymore for the company with wich I was under contract when I contributed the netdata code, so it's difficult to get their approval to sign this CLA. I had agreement from my hierarchy to write this code, but this could be difficult to proove if some lunatic decided to contest it, they could go after me. Not that I want absolutely to dissuade you to add this CLA, my contributions are too small to fight this. I was just trying to offer some perspectives, but you most likely know more given that you spoke with your lawyer, so I will leave it at that. |
|
Well, I am not 100% sure either. I am just trying to weight the alternatives... I think a company will act as a legal firewall for all of us. It won't help if your last employer goes crazy (after all your last employer can attack you in many ways - your work on netdata being the least of them), but it will help in almost all other cases. At the same time, I think the project will get a legal entity, which can help a lot in its growth. It will simplify things. One of the reasons I delayed the global health service so much, was its terms and conditions... I couldn't even think who will be liable for it... So, I'll apply for an Estonian company tomorrow. |
|
Looks good for me. I will recheck and sign it once the legal parts are clear. |
|
update: I have applied for Estonian e-Residency which has been accepted. However, in the mean time I found out that I have to travel to Estonia to establish the company. So, I found an alternative: US Delaware. Today, I applied for netdata, inc there. It is not in Europe, but at least I won't have to travel there to take care of this. I'll update once it has been established. btw, I have applied for netdata to be included in CNCF. They have requested to change the netdata license to Apache-2.0, and I have agreed (in principle - it needs some checking through lawyers). So, once we transfer copyright to "netdata, inc", the company will re-license netdata under the license required by CNCF. I hope you are all ok with this. I would appreciate if you approve it, since I really believe CNCF will greatly help netdata grow. |
|
The company is established! netdata Inc.US Tax-ID: 32-0570802 I have updated the CLA, so that all the grants we give go to "netdata, Inc." and I have added a few more comments so that other contributors will know what to do and why we need this. Keep in mind I am not sure the way of signature I propose (though a PR) will be legally binding. I have asked a lawyer and waiting for his response. Anyway, the effort to sign it at this stage is minimal, so please make a PR to sign it too. Once all key contributors has signed it, I will try to find out what does it mean to re-license netdata under Apache-2.0, like CNCF requires, check any third party conflicts, etc. |
|
Merged it. |
|
Human readable: https://github.com/firehol/netdata/blob/master/CONTRIBUTORS.md |
As discussed in the netdata#3695.
|
@ccremer @alonbl @facetoe @lets00 @rda0 @Wing924 @arch273 @ntlug @glensc @domschl @ecowed @andvgal @manosf @jasonwbarnett @NeonSludge @user501254 @shadycuz @x4FF3 @davidak @kattunga @Flums @candrews @t-h-e @jimcooley @tperalta82 @Chocobo1 @wungad @383c57 @mcnewton All key netdata contributors have signed a CLA to transfer their copyright rights to a legal entity we have created for netdata (netdata, Inc). Once this entity has all the copyright ownership, it will re-license netdata under another open-source license (Apache-2.0). This is required for netdata to be accepted by CNCF. Unfortunately, all code committed by contributors that won't sign the CLA, will eventually be removed from netdata (this is required by CNCF). I really don't want this to happen, so please support netdata by signing the CLA. You can sign the CLA by adding your username, your real name and (optionally) your email to this file: https://github.com/firehol/netdata/blob/master/CONTRIBUTORS.md and making a PR, using the same username of course. Thank you! There is another set of contributors to complete this task. Once we complete this round, I'll notify the rest. |
|
I'm not really thrilled about the change of license from GPLv3+ to Apache 2.0. This change means that anyone can make changes, distribute them, and not release the resulting source code. Is that really what is desired? Granted, I haven't made many contributions, so it likely doesn't matter if I agree or not as my contributions can be easily replaced - but it would still sadden me to see netdata be distributed without source by some large corporation which ends up making a huge amount of money while the original developers get nothing - not even the source code of the changes the corporate behemoth may have made. |
|
I totally agree. For the moment though the important issue is to be able to change the license. Then, we will discuss with CNCF and lawyers to see what is best for netdata. I do have several issues with Apache-2.0 too. The key problem today is to be able to manage the license of netdata. The current status of netdata makes this impossible. So, I kindly request to sign the CLA. Then, I will check thourougly which open-source license is the best for netdata and how netdata can participate in key foundations, like CNCF, without loosing control and while serving the best interest of the community. |
why not do this before taking any action?
as i understand, after joining CNCF you can't choose any other license. In my opinion GPL is a perfect license to protect the freedom of the users and encourage sharing (which means innovation). netdata will not profit when big companys use it without sharing their changes back! What exactly is netdata Inc and is the community involved in it? How can i trust it that it decides in my interest and not sell netdata to Microsoft? Have you considered asking the Software Freedom Conservancy for help with licensing and stuff? |
|
I'm not comfortable assigning copyright to a for-profit organization that has the explicit intent of changing the license, doubly so when that license hasn't even been determined yet and the desire to change it again in the future has already been stated. Furthermore, the goals, governance, and ownership of this organization have not established or made clear to the community from whom copyright assignment is being requested. I'd advise anyone who is concerned that their contributions may end up being used to enrich the owners of whoever "netdata inc" are to likewise not comply with this request to assign copyright to it. If the netdata project wants to remain free software, then copyright assignment is unnecessary. Many other projects, including the Linux kernel, do not require copyright assignment. In fact, lack of copyright assignment ensures software freedom as distributed copyright ensures that license changes (such as to a proprietary or proprietary-friendly license, as is apparently being suggested here) are difficult or impossible. |
|
ok folks, I thought I explained everything in detail above, but let me summarise it here: netdata IncAs netdata grows and I am the key contributor, I feel that I am in risk. Someone, a big corporation or whoever else loses market by netdata, may decide to attack netdata and I'll be liable personally. This is unacceptable. I don't want this risk. So, I opened a company "netdata, Inc" and I transferred my copyright to it. The main netdata contributors transferred their copyright too. netdata is open-source and will always be. The fact that we transfer our copyright to a company does not mean that the community loses something, nor that the company gains something. We, the contributors gain some protection and the project gains some flexibility (since the company will be able to switch open-source licenses to help it grow). If at any point, anyone does not like what the company will do, he can just fork netdata and continue. We also need some SaaS offerings for netdata. The public global registry is such a SaaS offering. I plan to extend it, providing full central health monitoring. Up to now all these are offered without any terms attached (GPL does not cover SaaS). I do it by myself and I am totally liable for them. This is also something I don't want. For example, who is liable for GDPR compliance of the public registry? why switch licenseI like GPL too. Remember that I chose it in the first place. If you search at reddit, you will find posts that I am characterised as "anti-christ" because of this! Anyway, I really love GPL for all the reasons you love it too. However, to help netdata grow we need some "blessing". CNCF can provide it. But they require Apache-2.0. We may end up with GPLv2, or with a dual license, or we may be able to get an exception for netdata. I don't know. I'll fight for this. The key requirement for the moment, is that netdata should be able to change its license. Without this we cannot even discuss with CNCF. netdata, Inc. already owns the vast majority of netdata. |
|
@ktsaou thanks for the explanation!
As said, the Software Freedom Conservancy can help with that. Has CNCF explained why they require Apache-2.0? What are their goals with that? Do you have the same goals for netdata?
It already grows because it is an amazing software. You shouldn't enforce it at any cost! Else you can sell netdata Inc to Microsoft, get a lot of money for that, maybe get hired by them, but i think in the end the software will not be anything like it is now. I don't trust M$. Do you trust CNCF to help netdata move in the right direction? (i don't know them) Have you considered creating a Foundation with committed community members in the board to be able to collect donations, pay servers, maybe hire developers later etc? That works for other free software projects. I would trust that more than a "for-profit" company i know nothing about. Can you tell us a bit more about the legal structure of netdata Inc? Are you the alone owner? How can we trust it that it will not harm the quality of netdata for profit? It is not my intention to cause trouble here, but i would like netdata to stay free software, not only open source (just one aspect of free software). So i will be still able to recommend it without restrictions in the future. |
hm... I didn't know about Conservancy, but from what I read they provide "a range of fincancial and administrative services" (that is how they describe themselves). I don't see how this would help. My problem is not administrative and the financial help they can provide is probably tiny.
hm... funny conclusion. netdata changes the way we monitor our systems. Although it is still far from complete, I think the way netdata proposes means a lot less revenue for most companies (it distributes monitoring, eliminating expensive SaaS offerings and big infrastructure costs).
Yes, I believe they work in the right direction.
Too complex, too small income (to effectively fund the project). It is for much larger projects. Check this: https://github.com/nayafia/lemonade-stand - it documents all the alternatives, with examples. Perosnally, I prefer SaaS and open core. I think they are the only ones that can provide sustained development funding.
"trust" for what? I understand your concern is about selling netdata, especially the code you are contributing. Don't be afraid. I guarantee that as long as I am involved, all open source code will always be open-source (mine and yours).
netdata Inc is owned 100% by me.
It is very simple and it was there since the first commit I made to the project: anytime you (or anyone else) believe I (or netdata Inc) harm the quality of netdata... fork it. Guys, my only goal is to enhance netdata and make it a complete monitoring solution. As time passes and the project matures, we seek perfection in all aspects and all problems become a lot more complicated and time-consuming to solve properly. Currently the project is actively maintained by me, @l2isbad and @Ferroin. All other contributors work are more or less occasionally. So, to be straight: of course I'll seek "blessing" and "funding". Blessing will attract more contributors. Funding may allow the project the have dedicated developers (in other words, I would love to hire @l2isbad, @Ferroin and many other contributors to work on netdata full time - you should want this too). Otherwise the project will stall and will eventually die. So, please support us. Sign the CLA. We need to move to the next level to make netdata better. |
My contribution is actually really small. I care more about the software itself and i'm concerned that profit interests could harm the quality or user freedom. I'm really thankful that you share it with the community and believe a community, with many small contributions can create a product that is better than anything a for-profit company can create. There are many good examples like Linux, Wikipedia or OpenStreetMap. A quote from the debate about Microsoft buying Github from jarfil on reddit:
I believe you and wish you much success defending user freedom and making this project big and the software perfect. For me, it's actually already exactly what i need for my small servers!
That would be fantastic! @ktsaou Thank you for the conversation about this controversial topic! I believe in you to make the right decisions. |
As said in netdata#3695, it is not my intention to cause trouble for the project, so feel free to relicense it under any open source license you think helps the project to get better. I still believe GPL is great to protect the freedom of the users and i hope you find a way to keep it.
|
I asked the CNCF directly why Apache-2.0 license is required for projects to join. I got a response with this link very quickly: https://www.cncf.io/blog/2017/02/01/cncf-recommends-aslv2/
That might be true for some companies, but i don't think it's the majority. Again:
I prefer copyleft open source licenses to permissive ones because the greater good is more important for me than the profit of companies. Other people might have different priorities and that's a valid position.
This would be the way for netdata to stay GPL and still join CNCF, but they might don't accept it. |
|
To complete this round, the following contributors have not yet signed the CLA: @lets00 As I have explained above, I am not thrilled either with a license change. Remember that I chose GPLv3+ in the first place. But we need to be able to do so. The main contributors have already signed the CLA, so netdata is already owned by "netdata, Inc." by more than 99%. Please support us and sign the CLA. If you don't want to sign it, please state it clearly so that we will not bother you again with CLA requests (unfortunately this also means your contributions will be removed or replaced). Thank you for your support! |
|
To sign, add your username and name in this file and make a PR: https://github.com/firehol/netdata/blob/master/CONTRIBUTORS.md |
|
btw, you can sign by editing this file directly on github. No need to checkout/update the repo with So click this: https://github.com/firehol/netdata/blob/master/CONTRIBUTORS.md |
|
@lets00 Please remember the CLA. You can sign it by editing this file directly on github. Click this: https://github.com/firehol/netdata/blob/master/CONTRIBUTORS.md - then click the edit icon, append your data using the web editor and choose to make a PR. If you don't want to sign it, please state it, so that we will not bother you with this (unfortunately, we will schedule the removal or replacement of your commits). |
This PR adds a Contributors License Agreement (CLA) to netdata.
@l2isbad , @paulfantom , @vlvkobal , @ccremer , @alonbl , @facetoe , @simonnagl , @lets00 , @rda0 , @Wing924 , @rlefevre , @philwhineray , @tycho , @Ferroin please review this.
I tried to keep it simple and straight forward.
Would you like something to be changed?
@philwhineray can we automate the check on travis so that any PR from a user that has not modified this file to add his username in it, will fail to build netdata?