reviewing the need for CLAs
One of the individuals I contacted when I was reaching out about the
possibility of a [C]CLA pointed out the following from the GitHub Terms
6. Contributions Under Repository License
Whenever you make a contribution to a repository containing notice of a
license, you license your contribution under the same terms, and you
agree that you have the right to license your contribution under those
terms. If you have a separate agreement to license your contributions
under different terms, such as a contributor license agreement, that
agreement will supersede.
Isn't this just how it works already? Yep. This is widely accepted as
the norm in the open-source community; it's commonly referred to by the
shorthand "inbound=outbound". We're just making it explicit.
I've also reviewed the licenses listed under each of the Identity Python
* pySAML2 = Apache 2.0
* SaToSa = Apache 2.0
* pyXMLSecurity = NORDUnet (2 clause BSD)
* pyFF = SUNET (2 clause BSD)
* pyeleven = SUNET (2 clause BSD)
My reading of this suggests that a CLA doesn't actually offer us any
assurances we don't already have by a) using GitHub (and therefore
agreeing to the ToS) and b) posting the licenses in the repos (which
must be inherited by anyone posting in those repos, again thanks to the
Thoughts or concerns?