The CLA may not be as bad as you think. There are different kinds of CLAs. This one does not give away your copyright at least. See https://github.com/jj-vcs/jj/discussions/4849 for discussion.
I hope the project sees continued success as another step into a world where we can acknowledge that developers are human; and, that--rather than just telling those humans they should "git gud"--we recognize that it's okay to tell our tools to "git gud" and then support the humans who contribute to making that happen.
(And, for those who fear such a world will be lacking in developers who "gut gid", remember: nobody is stopping you from still helping those humans "git gud", it just might require you to "git gud" at "gudding gittering".)
(And, yes, one day I also hope that world also doesn't require a signed CLA. :) )
----
> The CLA may not be as bad as you think.
Unfortunately it is at least as bad as I think. :)
While writing my previous comment I did consider going into more detail around the CLA but didn't--in part because succinctness made the CLA remark more impactful; in part because my comment was lengthy already; in part because I was tired of typing; and, probably, on reflection, in part as bait. :)
For context around the sentiment of this reply: I do appreciate you taking the time to reply to my previous comment & the effort you've put into Jujutsu; I support the Jujutsu project's goal; and, I would like to see it succeed. If I didn't view the project positively I wouldn't take the time to reply.
I was already aware the CLA didn't include copyright transfer and had checked the current information in the README to verify the current status hadn't changed before I wrote my previous comment. I had a recollection there had been previous CLA discussion but didn't go looking for it.
I've now read the discussion you linked as well as (some or all) of the other discussions/issues linked from it.
I'm glad to see others who view the Jujutsu project & its potential in a positive light have raised their concerns around the CLA and the CLA's negative impact on the project--even if I might wish some had expressed themselves... differently. :)
[Aside: I would have added (well, some of :) ) this comment to the GH discussion directly but MFA-related reasons preclude that currently. Feel free to quote from this comment over there if that's useful.]
----
While I'm glad the corporate "fad" of adding CLA requirements to projects has died down in comparison to a few years ago, one of my concerns has always been that the "costs" associated with requiring a CLA often have very poor visibility. Most people who have objections to a CLA requirement simply don't interact with projects that have them.
This obviously makes it difficult for project maintainers to argue for removal of CLA requirements because they can't point to the negative impacts that exist.
That's one reason why I specifically mentioned the CLA in my previous comment, so that if someone was wanting to argue for removal of a CLA requirement within a company then it would at least provide one external data point in support of the argument (as small as it might be) to which they could point.
----
While other people may have different reasons, for context, my primary objections to the requirement for a CLA boil down to: (i) legal liability; and, (ii) power dynamics.
(i) Based on my reading of the CLA[0][1] the motivation for Google to require contributors to sign seems to be a desire to move legal liability from Google onto the contributor.
By signing the CLA the contributor appears to accept a burden in perpetuity that: impacts every interaction[2] with an unbounded number of entities in an unbounded set of situations (see 1.); makes multiple representations about the licenses granted (see 2. & 3.) that presumably incur legal liability if they not are not accurate (see 4. & 5.); requires communication with Google in a manner ("notify") that is undefined in the document, about an almost unbounded set of items ("any facts or circumstances of which you become aware", "inaccurate in any respect"), again, in perpetuity (see 8.).
Now, at this point, the typical 10x legal scholar HN reader might be thinking, "Typical uninformed software developer who thinks law operates like code, clearly the CLA doesn't mean that...". Which brings me to...
(ii) From my perspective, in a situation where one party is requesting another party to sign a legally binding document (with the assumption their goal is not to take advantage of the second party[3][4]), they have at minimum a moral obligation to remind the second party that the document is legally binding, that signing it brings obligations, and that the second party should seek legal advice from an attorney they have a client-attorney relationship with and who is acting on their behalf to be informed about the potential cost(s) and/or benefit(s) associated with signing the document.
Especially if there is a significant power differential[5] between the two parties.
Particularly when the larger entity is making the request of an individual who is giving them a gift of value.
Even more so when the larger entity is specifically making the claim to the smaller party giving them a gift of value, that the document "is for your protection as a Contributor"[9][10]!
My current theory, in absence of other information, is that one day there was a conversation along the lines of:
Lawyer: "Nice beanie. BTW accepting free labour from random people on the internet puts the company at risk of being sued if it turns out the output of the free labour actually belongs to the labourer's employer or infringes a patent or [some other legal thing the author of this comment don't know about]."
Google Exec: "That sounds double-plus bad and/or [some other internal Google slang phrase with which the author of this comment is unfamiliar due to being a sub-100x Developer]."
Lawyer: "I can confirm that assessment of the situation."
Google Exec: "What ever can we do to avoid or minimise this potential liability?"
Lawyer: "Well, acting on the advice of my attorney, I am permitted to suggest that requiring internet randos--who are presumably well informed about legal matters and will definitely seek legal advice before signing any legally binding agreement[12] easily distinguishable in significance from the TOS which I am legally bound to say I am confident they also read & understand in its entirety before signifying their acceptance--"
Google Exec: "Dude, take a breath! You're not a HN comment author who thinks stereotyping lawyers & executives is funny, endearing & sure to bolster support for his quixotic cause."
Lawyer: "--to sign a document known as a Contributor License Agreement that will mean this company can say Hey, we're victims here too if some company tries to sue us because it turns out the contributor did not actually have the right to give us the output of their free labour."
Google Exec: "What possible negative impact might a CLA have on a project? Won't the valued contributors to projects under the Google GitHub organisation object to signing over their copyright to a company that may be worth over $USD2.20 one day?"
CFO: "Trillion! I keep telling you it's $USD2.20 Trillion!"
Lawyer: "Well, (a) I'm not a monster! There's no need to require copyright assignment to this for-profit corporate entity. And, also (b) I'm a lawyer able to advise on matters of law and not a project maintainer or community manager, I don't know how such valued contributors think and what they themselves value. I would recommend you consult experts in such matters, such as esteemed project maintainers or program managers who interact with the community and can advise you of community sentiment about such matters."
Google Exec: "That sounds like excellent advice, I will do that."
Google Exec: "Unrelated but while I've got you here, I'm interested in some advice on another matter, you know how we've never leaned into the whole 'Google is always killing things' thing...
As it happens, I have actually submitted PRs to projects with CLA "requirements" before--if I recall correctly, the first time was by accident because I didn't realise there was a CLA requirement (projects that don't clearly state that upfront... have room for improvement).
Subsequent such occurrences were intentional.
And I've had a non-zero number of the PRs merged.
Despite stating that I did not intend to sign the CLA.
Because, guess what, there's no legal requirement for a CLA in order to accept a one word comment or documentation fix--it wouldn't even qualify for copyright protection. And, BTW, I'm definitely still not a lawyer.
Why did I intentionally submit a PR to a project I knew required a CLA? Just to be an asshole? Well, I'd prefer "smart-arse", but either way, no.
The purpose was to actually provide visibility into the cost of requiring a CLA.
Instead of letting the cost stay invisible and thus continuing to ensure a lack of evidence to which project maintainers might point as the motivation for change.
A one word doc fix? Who cares, that's practically worthless, right? Well, at least one project decided it was worth at least enough to "break the rules" and merge it without a CLA...
But that's not really the point because it's not just one word fixes that projects are missing out on because of CLA requirements. Its all the multi-line PRs fixing bugs, adding features, fixing security vulnerabilities, reverting tabs-to-spaces format changes, reverting spaces-to-tabs format changes, and reverting reverting spaces-to-tabs format changes--all those PRs that never get written so the cost is entirely invisible.
----
But what kind of person would care enough about CLA requirements to not want to sign one and yet still put effort into submitting a multi-line PR significant enough for a project to want while knowing it would unlikely to ever be accepted?
*cough*
No idea, I've never followed through on that particular action. :)
(In part because projects started either ditching CLA requirements entirely or changing them to a DCO requirement which at least in comparison I have less of an issue with for the moment.)
But how many people submitting useful PRs but not signing CLAs would it take before a project might start asking (themselves or whoever might be imposing the requirement): "Why are we requiring a signed CLA when it has this cost?".
It also turns out there's actually another potentially really interesting nuance of CLAs that I didn't consider until after the fad died down which I've not seen mentioned.
----
The negative impact of a PR without a signed CLA primarily affects the organisation requiring the CLA.
It's only the organisation requiring the CLA who cannot (by their own rules) benefit from a PR without a signed CLA. Any other member of the project can freely merge the PR into their own (or community) fork under the terms of the license by which it was contributed.
Now, some might object to contributions being "weaponized" in this manner but:
(a) Would you still complain if an AI instead of a human came up with the idea to "weaponize" in this manner? :D
(b) What other leverage do communities have against companies that some might describe as "holding community projects hostage"; or, at a minimum damaging the project, with a CLA requirement?
(c) Oh, that's not a weaponized contribution, this is a weaponized contribution: once a PR has been written to, say, add a feature to a project, a contribution that is, say, of sufficient size & creativity to be eligible for copyright protection... Now, if that were to happen...
BTW did I mention that I'm definitely not a lawyer? If I haven't previously, well, to remove any potential doubt: I'm not a lawyer. Just one of those developers who apparently seem to think the law is like code[13].
Anyway, the thought that occurred to me one day was: if there was a PR of contributed, licensed, copyrighted code for a feature but no signed CLA... could, that, perhaps, maybe, poison the well in relation to anyone else developing an alternative PR for the same feature but with a signed CLA?
And, if so, would that create some potential legal liability, for, say, a company like Google, if the project were to, say, merge such an alternate PR?
Because, like, wouldn't they have to be able to prove that the alternate PR isn't actually based on the PR without a signed CLA in order to avoid potential liability for, I dunno, copyright infringement or something?
Now, I may have mentioned this before but I'm not a lawyer.
With that in mind, the answer is: No!
Potential liability? Now, now, there's no need to be silly, Google has a signed CLA stating that the contributor totally represented that they could grant whatever the CLA grants. No legal liability for them, woo!
Well, unless it was an employee who wrote the alternate PR, I guess? But I assume there's processes for that...
But it turns out I'm the silly one because there actually seems to be a straight-forward "solution" which literally only just occurred to me as I was writing this up--and it seemingly doesn't require anything other than lawyering silliness!
Let me quote here Point 7 (see 7.) of the "Google Individual Contributor License Agreement" for the purposes of review & criticism in a manner hopefully compliant with the concept of "Fair Use" in some jurisdiction:
"7. Should You wish to submit work that is not Your original creation, You may submit it to Google separately from any Contribution, identifying the complete details of its source and of any license or other restriction (including, but not limited to, related patents, trademarks, and license agreements) of which you are personally aware, and conspicuously marking the work as 'Submitted on behalf of a third-party: [named here]'."
So, umm, that's certainly... a thing.
BRB, off to submit a new "Audio GIF"-based backend for Jujutsu without signing a CLA!
(You know, so someone who has signed a CLA can seemingly totally submit it in a manner consistent with the project CLA as long as they don't misrepresent my code's source and mention any "Audio GIF"-related patents. GIF-related patents? LOL Zero Worries there! As if. My butt's patented[15].)
----[epilogue]---
There were a couple of other things I'd thought to mention but I'm going to leave things here---particularly given Point 7.
And, as some additional context, in case anyone happens to be interested: Yes, this is a ridiculously long comment containing a lot of content seemingly written to primarily amuse the author. Well, yes, that's an accurate observation. I have attempted to at least make its content semi-navigable by section out of respect for the time of those who wish to glean its content without its... other content.
Maybe one day I'll... write more about the context of that. :)
[Update: Okay, admittedly, that was way longer than even I had realised. :D ]
[1] A document which I note has no associated date or revision information.
[2] But at least now I know why I kept seeing "Not a Contribution." in issue comments on GH, I guess.
[3] Or, you know, to at least not to be evi... oh.
[4] But, in actuality, even then.
[5] A situation I would posit exists between a corporate entity with a market cap of over $USD2.20[6] and over 80%[7] of typical individual contributors to FLOSS projects.
[6] Oh! Actually over $USD2.20 Trillion? Assuming my source is accurate[6.5].
[6.5] I'd encourage everyone to: independently verify my claims; consult your financial advisor; seek legal advice from your attorney licensed to operate in relevant jurisdictions; and, ask your doctor if any treatment plan, financial statement, legal claim, or, punctuation contained in this comment is accurate and/or right for you.
[7] Maybe even 99%[8].
[8] But as a sub-100x Developer I'm not privy to details of TC packages at the higher end of the SV scale, so might even be closer to 99.5% of typical individual contributors but wouldn't want to overstate my claims.
[9] A statement I'll readily admit I was extremely surprised to see in the Google CLA. You know, given I would've thought such a claim would leave the company open to some sort of legal liability or risk of agreement invalidation if it turned out the document didn't fully and completely protect a contributor (& I assume their heirs?) in every situation & jurisdiction in perpetuity. But as I may have mentioned I'm not a lawyer and definitely not qualified or licensed to practice law in whatever jurisdiction applies in this situation, so... *shrug*
[10] The fact the CLA doesn't seem to state anywhere from what nor how the contributor is protected; nor, for that matter, from what, if anything, they will not be protected[11]. Which to me seems to make it difficult for any contributor (or their legal counsel) to evaluate whether signing the agreement is a good idea.
[11] The best I could come up with is maybe Google's reasoning is that by "requiring" contributors to interact with their employer they will be "protected" from unintentionally contributing something to which only their employer actually has the rights. But that seems pretty weak. And, as I say, I can only make a guess because Google doesn't actually specify any of it anywhere.
[12] Chorus: sotto voce "Because let's be honest here, is there even a single person at Google who is prepared to swear under oath that there is data to support the idea that there is even a simple majority of people who have signed the CLA that read it, understood it, obtained legal advice about it and are thus in a position to provide 'informed consent' by even the low standard of the law let alone morality?"
[13] Well, you know, clearly with the exception of global copyright infringement (oh, sorry, "training material hoovering") without such minimal courtesy as attribution because while apparently individuals have to abide by copyright law and wait until material enters the public domain after a term of close enough to one hundred years or more after publishing--a term demanded by multi-billion dollar corporations--apparently other multi-billion-dollar are too important to have to wait or brib... lobby for law change or license material or *gasp* pay for the creation of new works.
I'm not that naive and stupid even as a sub-100x Developer.
[14] [redacted]
[15] This joke is patented.
[16] Wait, what if I actually am a lawyer, licensed to practice law in some relevant jurisdiction? That seems like it would be super awkward.
