Comment by eikenberry 4 days ago
Contributor Agreements are specifically there for license rug-pulls, so they can change the license in the future as they own all the copyrights. So the fact that they have a CA means they are prepping for a rug-pull and thus this bullet point.
You seem to be assuming that a more permissive license is good. I don't believe this is true. Linux kernel is a great example of a project where going more permissive would be a terrible idea.
Saying I believe one specific project—of which I was a major contributor and knew intimately—would benefit from a more permissive license in no way means I think every other project should do the same. Every case is different, and my projects have different licenses according to what makes sense. Please don’t extrapolate and assume someone’s general position from one example.
I’m not sure where this belief came from, or why the people who believe it feel so strongly about it, but this is not generally true.
With the exception of GPL derivatives, most popular licenses such as MIT already include provisions allowing you to relicense or create derivative works as desired. So even if you follow the supposed norm that without an explicit license agreement all open source contributions should be understood to be licensed by contributors under the same terms as the license of the project, this would still allow the project owners to “rug pull” (create a fork under another license) using those contributions.
But given that Zed appears to make their source available under the Apache 2.0 license, the GPL exception wouldn’t apply.
Indeed, if you discount all the instances where it is true, it is not true.
From my understanding, Zed is GPL-3.0-or-later. Most projects that involve a CLA and have rugpull potential are licensed as some GPL or AGPLv3, as those are the licenses that protect everyone's rights the strongest, and thanks to the CLA trap, the definition of "everyone" can be limited to just the company who created the project.
https://github.com/zed-industries/zed/blob/main/crates/zed/C...
Good catch on the license in that file. I went by separate documents in the repo that said the source is available “under the licenses documented in the repository”, and took that to mean at-choice use of the license files that were included.
I think the caveat to the claim that CLAs are only useful for rug pulls still important, but this is a case where it is indeed a relevant thing to consider.
CA means: this is not just a hobby project, it's a business, and we want to retain the power to make business decisions as we see fit.
I don't like the term "rug-pull". It's misleading.
If you have an open source version of Zed today, you can keep it forever, even if future versions switch to closed source or some source-available only model.
If you build a product and a community around a certain set of values, and then you completely swap value systems its a rug pull. They build a user base by offering something they don't intend to continue offering. What the fuck else do you want to call it?
CLAs represent an important legal protection, and I would never accept a PR from a stranger, for something being developed in public, without one. They're the simplest way to prove that the contributor consented to licensing the code under the terms of the project license, and a CYA in case the contributed code is e.g. plagiarized from another party.
(I see that I have received two downvotes for this in mere minutes, but no replies. I genuinely don't understand the basis for objecting to what I have to say here, and could not possibly understand it without a counterargument. What I'm saying seems straightforward and obvious to me; I wouldn't say it otherwise.)
I think the proper way to do this would be a DCO. https://developercertificate.org/
I upvoted your comment. I share your view and just wanted to say you're not the only one who thinks this way.
It was, some see the GPL2->GPL3 as a rug-pull... but it doesn't matter today as the FSF stopped requiring CAs back in 2021.
IANAL but their official reason for the CLA seems pretty reasonable to me: https://www.gnu.org/licenses/why-assign.en.html
tl;dr: If someone violates the GPL, the FSF can't sue them on your behalf unless they are a copyright holder.
(personally I don't release anything under virus licenses like the GPL but I don't think there's a nefarious purpose behind their CLA)
> If someone violates the GPL, the FSF can't sue them on your behalf unless they are a copyright holder.
This seems to be factually untrue; you can assign specific rights under copyright (such as your right to sue and receive compensation for violations by third parties) without assigning the underlying copyright. Transfer of the power to relicense is not necessary for transfer of the power to sue.
I can’t speak for Zed’s specific case, but several years ago I was part of a project which used a permissive license. I wanted to make it even more permissive, by changing it to one of those essentially-public-domain licenses. The person with the ultimate decision power had no objections and was fine with it, but said we couldn’t do that because we never had Contributor License Agreements. So it cuts both ways.