←back to thread

Rug pulls, forks, and open-source feudalism

(lwn.net)
275 points pabs3 | 1 comments | 06 Sep 25 05:59 UTC | HN request time: 0.207s | source
Show context
palata ◴[06 Sep 25 10:19 UTC] No.45148071[source]
> Projects with CLAs more commonly are subject to rug pulls; projects using a developers certificate of origin do not have the same power imbalance and are less likely to be rug pulled.

Would be worth explaining why: my understanding is that if you sign a CLA, you typically give a right to relicence to the beneficiary of the CLA. So you say "it is a GPL project, my contribution is GPL, but I allow you to relicence my contribution as you see fit".

If the project uses a permissive licence already, honestly I don't really see a big impact with signing a CLA: anyone can just take the codebase and go proprietary with it. However, if it is a copyleft licence, then signing a CLA means that the beneficiary of the CLA doesn't play by the same rules and can go proprietary with the contributions!

If you don't want a rug pull, you should use a copyleft licence and not sign a CLA: nobody can make Linux proprietary because the copyright is shared between so many people.

If you use a permissive licence, then a rug pull is part of the deal.

replies(5): >>45148427 #>>45148502 #>>45148634 #>>45148648 #>>45148948 #
charcircuit ◴[06 Sep 25 11:57 UTC] No.45148502[source]
There is no such thing as a rug pull in regards to open source. A GPL copy of your code will exist forever.
replies(4): >>45148582 #>>45148637 #>>45149245 #>>45154216 #
1. ◴[06 Sep 25 13:48 UTC] No.45149245[source]