←back to thread

Rug pulls, forks, and open-source feudalism

(lwn.net)
275 points pabs3 | 1 comments | 06 Sep 25 05:59 UTC | HN request time: 0s | source
Show context
palata ◴[06 Sep 25 10:19 UTC] No.45148071[source]
> Projects with CLAs more commonly are subject to rug pulls; projects using a developers certificate of origin do not have the same power imbalance and are less likely to be rug pulled.

Would be worth explaining why: my understanding is that if you sign a CLA, you typically give a right to relicence to the beneficiary of the CLA. So you say "it is a GPL project, my contribution is GPL, but I allow you to relicence my contribution as you see fit".

If the project uses a permissive licence already, honestly I don't really see a big impact with signing a CLA: anyone can just take the codebase and go proprietary with it. However, if it is a copyleft licence, then signing a CLA means that the beneficiary of the CLA doesn't play by the same rules and can go proprietary with the contributions!

If you don't want a rug pull, you should use a copyleft licence and not sign a CLA: nobody can make Linux proprietary because the copyright is shared between so many people.

If you use a permissive licence, then a rug pull is part of the deal.

replies(5): >>45148427 #>>45148502 #>>45148634 #>>45148648 #>>45148948 #
kelvinjps10 ◴[06 Sep 25 13:05 UTC] No.45148948[source]
But what about GNU their projects require signing a CLA and I don't think they will do a rug pull
replies(4): >>45149059 #>>45149610 #>>45150624 #>>45151048 #
1. limagnolia ◴[06 Sep 25 17:12 UTC] No.45151048[source]
While I generally don't sign CLA's, I will occasionally consider one if the CLA is to a nonprofit foundation which has strong governance in place to prevent restrictive re-licensing. However, sense these cases have to be very carefully evaluated on a case by case basis, it is very rare that I would even consider it.