[Cryptech Core] contributor license agreement

Peter Stuge peter at stuge.se
Tue Aug 7 21:03:09 UTC 2018


Hi,

Stephen Farrell wrote:
> >> One thing that seems to come up regardless of which home we find,
> >> is the need for a contributor license agreement for the project.
> > 
> >> So the question for now is would folks be ok if we adopted
> >> something like the one that's used by openssl?  [2]
> > 
> > The question is moot until a rationale explains the "need".
> 
> My assumption was that folks on the core team would be familiar
> with such things. If that's a bad assumption I'm happy to try
> explain why these things seem to be useful.

I don't know about others on core@, but I know various reasons for
CLAs, most if not all related to legal issues.

I was asking for clarification about what specific reasons there are
for CrypTech to start requiring one, if any, beyond that a "bank"
requires it as part of *their* processes.

There are plenty of reasons to avoid CLAs, an obvious one is that they
make anonymous contributions impossible, which I personally find highly
undesirable - ie. I am against CLAs.


> We have a couple more things we're checking with the commons
> conservancy folks, will send the full details when we have 'em.

Thanks, I think full details are important for a discussion, but well,
I don't support adding a legal team and a bank into the project anyway.


> > What are the desired new and changed processes within the project
> 
> See the notes of the f2f meetings from last Sept/Feb. Basically,
> Nordunet have been handling the money since we started and don't
> really see doing that for open-source projects as a core function
> of theirs, so we need to find some other entity to do that.

Thanks! That's pretty much as I remembered. So the project is actually
looking for an entity to handle billing rather than it is looking for
a "home", a legal team or a "bank".


> There are not many such organisations existing, btw, and we need
> someone to handle the dosh from donors so getting this sorted is
> a thing we kinda have to succeed at, without there being anything
> mega urgent afaik.

> > Popular choices are always convenient and of course politically safe,
> > but usually not the best.
> 
> I fail to see the relevance tbh - which is the "popular" thing here? :-)

Affiliation with "such organisations" in order to have a "home".


> > CrypTech is relevant because we improve the state of the art - let's
> > not lose that.
> 
> Agreed. I don't see that replacing Nordunet's kindness in processing
> payments with someone else doing just that job really risks that.
> (Not replacing Nordunet would eventually put that at risk I guess.)

I think it depends a lot on who is doing the job. Currently an active
project participant is doing the job, anything else is obviously a lot
less desirable, both politically and practically. That's what I mean
by state of the art. How can we stay self-sufficient? Maybe Bitcoin?
(I'm being serious.)


> I don't see that we need to agree or disagree with other things they do,
> no more than we need to like the banks that hold/distribute the money
> that donors contribute to fund the project.

I disagree. I think where we bank and shop for groceries matters, not
only where we store crypto keys.


//Peter


More information about the Core mailing list