GitHub CLA

The GitHub CLA helps ensure the smooth operation and usability of the open source projects that we maintain.

Why is a CLA necessary?

It depends on the jurisdiction, but in the United States, contributions are owned by the author or their employer. When the contribution is accepted, the project becomes a bundle of derivative works. The agreement of all contributors are necessary to maintain distribution of the complete project and to any licensing agreement.

Isn’t that the purpose of an open source license?

Most open source licenses deal with use of the original code, and don’t refer to contributions, or derivatives of the original.

How does a CLA protect a project?

If the owner of a contribution decides that they don’t want the contribution to be part of the project or in any given distribution, the law is on their side. The project, contributors, and users may be subject to legal action. This may require payment of damages and could prevent further usage or contributions until the matter is resolved.

Even when there is no legal pursuit, too much ambiguity can jeopardize or doom a project by preventing those that can’t risk legal action from getting involved.

Why does it seem like only “corporate” projects have a CLA?

There are many projects without corporate ownership that use a CLA or even a copyright assignment–jQuery and Eclipse, for example. However, it is true that projects with financial backing tend to be at a higher risk of becoming a target, so they may have a lower tolerance for legal ambiguity.

What makes the GitHub CLA different from other CLAs?

The GitHub CLA does not include benign terms that serve no purpose, nor does it include pernicious terms that try to grab more rights than necessary to protect users of the project. Accepting the CLA is a low-overhead click-through when making a pull request, and it only needs to be accepted on the first contribution to a project or organization.