So maybe enlighten me what the purpose of the CLA is. My understand is
As far as I understand, the purpose of the CLA usually is to make reasonable assurance for the user that the code in the project is safe to use and nobody would give them trouble for using it - by claiming the code is copyrighted by some 3rd party or violates some patent. It is more important when contributors and users are big entities - since it allows to brand the code "safe" for the users and it allows making the contribution act explicit and the conditions known and agreed upon for the contributors.
that with all contributions done under a CLA it becomes fairly easy for all users of the code to simply point anyone sueing to the relevant contributor. The given code can be replaced and life goes on except for
AFAIK (IANAL) if you are sued you can't just "point" it wherever you want. If the code infringes somebody's rights, first thing that will be demanded from the entity being sued is to stop infringing - meaning, probably, stop using the code. That is the most important problem - you won't choose some code to build upon if you foresee a chance of somebody coming and yanking the foundation from beneath your project. CLA makes reasonably sure that: 1. Contributors to the project will never do that - and if you have huge entities contributing, it is wise to ensure that, otherwise somebody who was not initially in the loop may decide to make 180 degrees turn and become trouble - like it happened with SCO that turned from Linux contributor to an entity suing everybody using Linux. When conditions of contribution are explicit, one is reasonably sure contribution stays out of trouble whatever happens in the huge entity. 2. The code belongs to people actually contributing it and nobody would just take the code from some page on the internet and submit it without thinking twice or take his employer's code without authorization and then lead everybody into trouble. Of course, you can not be 100% sure that won't happen, but when a person signs an agreement saying "I won't do it" then it's much more reasonable to expect he actually won't - reasonable enough so that people using the code wouldn't have to worry too much. Also, if there's corporate CLA, that would help ensure that if company X worker contributes to the project, his manager's manager's manager wouldn't one morning wake up and say "what?! they are contributing to PHP? But I hate PHP and never wanted that, gimme the code back!".
the contributor. Without a CLA is becomes much harder for the various users to pull their head out of things as easily, which means they will have a much greater interest in getting the case dismissed entirely.
If it comes to the case, everybody is in trouble, CLA or not. And defender usually can't just make the case dismissed, however badly he wants to :) The whole point of CLA is to make the risk of it ever coming close to a case minimal by ensuring some hygienic contribution rules. It's basically the same principle that makes us brush the teeth and wash the hands - a procedure that lowers the risk of being in trouble. No guarantees, but significant reduction of risk.
Summarizing, the purpose of the CLA is to protect the user, not to screw the developer.
P.S. in case anybody wonders, the above is my personal opinion, not paid for, solicited or approved by anyone but myself, done as a public service in hope to improve general welfare ;) That doesn't mean I can't agree, by some weird chance, with somebody else's opinion, private or corporate.
-- Stanislav Malyshev, Zend Software Architect [EMAIL PROTECTED] http://www.zend.com/ (408)253-8829 MSN: [EMAIL PROTECTED] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
