←back to thread

Rug pulls, forks, and open-source feudalism

(lwn.net)
275 points pabs3 | 1 comments | 06 Sep 25 05:59 UTC | HN request time: 0.001s | source
Show context
palata ◴[06 Sep 25 10:19 UTC] No.45148071[source]
> Projects with CLAs more commonly are subject to rug pulls; projects using a developers certificate of origin do not have the same power imbalance and are less likely to be rug pulled.

Would be worth explaining why: my understanding is that if you sign a CLA, you typically give a right to relicence to the beneficiary of the CLA. So you say "it is a GPL project, my contribution is GPL, but I allow you to relicence my contribution as you see fit".

If the project uses a permissive licence already, honestly I don't really see a big impact with signing a CLA: anyone can just take the codebase and go proprietary with it. However, if it is a copyleft licence, then signing a CLA means that the beneficiary of the CLA doesn't play by the same rules and can go proprietary with the contributions!

If you don't want a rug pull, you should use a copyleft licence and not sign a CLA: nobody can make Linux proprietary because the copyright is shared between so many people.

If you use a permissive licence, then a rug pull is part of the deal.

replies(5): >>45148427 #>>45148502 #>>45148634 #>>45148648 #>>45148948 #
kelvinjps10 ◴[06 Sep 25 13:05 UTC] No.45148948[source]
But what about GNU their projects require signing a CLA and I don't think they will do a rug pull
replies(4): >>45149059 #>>45149610 #>>45150624 #>>45151048 #
1. bonzini ◴[06 Sep 25 16:24 UTC] No.45150624[source]
The text includes this specification: "The Foundation promises that all distribution of the Work, or of any work "based on the Work," that takes place under the control of the Foundation or its assignees, shall be on terms that explicitly and perpetually permit anyone possessing a copy of the work to which the terms apply, and possessing accurate notice of these terms, to redistribute copies of the work to anyone on the same terms". So you're right, in principle the FSF could apply the AGPL to every software they have copyright assigned for, but they also have to be careful not to breach the terms of their own contract.

As to the SSPL and similar license, the FSF hasn't publicly commented on it but they also don't include it in their list of approved free software licenses, so we know that the FSF doesn't really think the line could/should be drawn far from the GPLv3 and AGPL.