We're introducing a CLA (Contributor License Agreement) requirement for any and all contributions across our open source projects. Open source is at the core of what we do and who we are as a company and deeply important to me personally, so I want to take time to explain why, what this means, and how we're rolling this out.
At HashiCorp, we are committed to having a true Free and Open Source software license for our software. We are not interested in exotic licensing schemes that hamper the openness of open source. For this reason, we are committed to keeping all our open source software licensed under the same license which is MPL2 for most of our projects.
Requiring a CLA is a common and well-accepted practice in open source. Major open source projects require CLAs such as Apache Software Foundation projects, Facebook projects (such as React), Google projects (including Go), Python, Django, and more. Each of these projects remains licensed under permissive OSS licenses such as MIT, Apache, BSD, and more.
To date, HashiCorp projects have not required a CLA. This created a legally ambiguous situation for our community and our customers. Agreeing to a CLA explicitly states that you are entitled to provide a contribution, that you cannot withdraw permission to use your contribution at a later date, and that HashiCorp has permission to use your contribution in our commercial products. This removes any ambiguities and allows users and customers to confidently adopt our projects. At the same time, the CLA ensures that all contributions to our open source projects are licensed under the project's respective open source license, such as MPL2.
» What does this mean?
All contributors to any HashiCorp open source project (projects under the "hashicorp" GitHub organization) will be required to sign a CLA. Our form of CLA is patterned on the standard Apache agreement, which is widely used throughout the open source community. A human-friendly summary of our CLA along with the full legal CLA text can be found here.
The CLA makes it explicit that contributions are licensed under the project's respective open source license such as MPL2, that contributors give permission to use the contributions indefinitely, and provides HashiCorp the right to include the contributions in commercial products. The license also makes clear that contributors are not assuming any warranty or support obligations for any contributions.
Our projects remain MPL2 licensed with all the rights that that license grants to users: the ability to use this project in their own projects or businesses, to republish modified source, or to fork the project.
Additionally, agreeing to the CLA is not a transfer of ownership. You do not lose or change any of your rights to use your own contributions for any other purpose.
» How will this work?
A top priority is rolling out CLAs in a way that introduces as little user friction as possible. We are using tooling that automatically asks for CLA agreement as part of the GitHub pull request lifecycle. If you haven't signed a CLA yet, a bot will respond to your PR and ask you to sign. If you've already signed the CLA, then no more work has to be done!
The CLA will cover all HashiCorp projects, meaning if a contributor signs a CLA for a contribution to Packer, they can contribute to any other HashiCorp project such as Vault.
We will be rolling out the CLA requirement across all HashiCorp projects over the next four to six weeks. Starting today, Vagrant will require signing a CLA to contribute. Other projects will have the CLA requirement enabled over time.
» Thank you!
We are incredibly thankful for the thousands of contributions we receive from the community. The community along with HashiCorp is working together to make our open source software better for everyone.
Armon and I founded HashiCorp to ensure the long term sustainability of the projects we started. Ensuring we have a clear legal basis for contributions is an important step and provides all the tools remain licensed under Free and Open Source licenses such as MPL2. The CLA also allows us to include open source contributions in our commercial products, which enable HashiCorp to grow the projects and invest in the community.