Puppet Labs Modules

https://github.com/puppetlabs/puppetlabs-firewall/pull/35

Has nobody pointed out that the CLA is stupid yet ?

The code is Apache licensed. I would not submit patches to a project without an open source license. The CLA reads almost exactly the same as the Apache license. What is the point of a second agreement other than to annoy contributors into NOT contributing to your software.

When the Puppet CLA is on this list, I will reconsider signing it. But even then, extra hurdles to contribution are stupid.

Fondest regards,

Sharif

Sharif

The Puppet CLA IS the Apache CLA with some minor modifications. It’s required to effectively use the Apache license for Puppet Labs. Signing the Apache Foundation’s CLA doesn’t have any relationship to signing the Puppet Labs CLA. Every project that uses the Apache license and a CLA (and not an Apache Foundation project) will require you sign a CLA specific to that project.

This serves as a reasonable explanation for why CLA’s are used:

http://www.oss-watch.ac.uk/resources/cla.xml

If you still have concerns let us know.

I can’t accept submissions without a signed CLA generally, so let us know what you want to do.

James,

I haven’t signed the Apache CLA, because I do not desire commit access to their repository. I’m content merely giving back in the form of patches if I should be so lucky as to be useful. I only brought it up, as this module is Apache licensed. However, as long as we are discussing their CLA, I will contrast their documentation with PuppetLabs.

• The description of ASF Roles describes several different roles in their meritocracy. A ‘developer’ contributes code. A ‘committer’ is a developer with write access to the code repository AND has signed the Apache CLA AND has an apache.org email address.
• The ASF desires contributors sign the Apache CLA, but it is evidently not required. See here.
• The Apache HTTP patches project page makes no mention of signing the CLA in order to submit patches.

Meanwhile, the Oracle OCA has the more draconian rules that align with Puppet Labs. (eg: all contributors must sign!) Would you rather be compared to the Apache Software Foundation or Oracle ?

In closing, if you decide to grant me commit access and a @puppetlabs.com email address, I will reconsider signing.

Thanks,

Sharif

Sharif – then regretfully we can’t accept your patch. The move to Apache and the reasons behind the CLA are explained here: http://docs.puppetlabs.com/guides/faq.html#change-to-apache-license. The precise section covering CLAs is here:

What does this mean if I or my company have or want to contribute code to Puppet?

As part of this license change, Puppet Labs has approached every existing contributor to the project and asked them to sign a Contributor License Agreement or CLA.

Puppet Labs has adapted the standard Apache Foundation’s CLA for this purpose.  

Signing this CLA for yourself or your company provides both you and Puppet Labs with additional legal protections, and confirms:

* That you own and are entitled to the code you are contributing to Puppet
* That you are willing to have it used in distributions

This gives assurance that the origins and ownership of the code cannot be disputed in the event of any legal challenge.

This isn’t draconian or excessive and is common to a large number of open source companies in the industry. I am sorry if this isn’t acceptable to you but we’re unable to make any exceptions.

Kind Regards

James Turnbull

Good news!

Media Temple has signed the CLA, and faxed it just now.

Now I get to maintain my ridiculous principles, and Puppet Labs gets to do the same.

I submitted a new pull request with a modified LICENSE file.

Respectfully,

Sharif

More test fixtures..

https://github.com/puppetlabs/puppetlabs-firewall/pull/39

Merged in additional fixtures.