Limiting the legal risk of your Open Source projects

Anwesha Sarkar (~anwesha)

Description:

Legal, the certainly most boring and/or tiring topic for a significant percentage of the developer community. However, in reality (and sadly enough!) it is one of the significant foundation of an Open Source ecosystem. This talk will walk you through the different actions and mechanisms by which one can actually mitigate the risk of their project. The talk will analyze the status of licensing and contributory license agreement in the PyPI. We will have a in depth discussion about Licenses, CLA , Copyright Assignment Agreement (CAA) and Developer Certificate of Origin (DCO) . We will go through the pros and cons of having these mechanisms along with some best practices for the developers. The talk is a humble effort by a lawyer keep the technical community be saved from legal actions and/or complexities :).

There are three foundations of the open source ecosystem are following: the Technology, Community and Legal. And often it happens that the community is not always in a comfortable relations with legal. But the legal choices one makes for the project marks the boundary, fixes the user base for the project. Often it is found that a project is suffering the legal complexities due to the wrong legal choices. The talk will discuss the right actions to mitigate the legal risks for your open source project. It will specify the different safeguarding mechanisms, such as Software Licenses, Contributory License Agreement(CLA), Copyright Assignment Agreement (CAA) and Developer Certificate of Origin(DCO). I will go through the pros and cons of each of these mechanisms, with deep dive discussion on the differences between CLA, CAA and DCO with examples of different kinds of it. We will analyze PSF Contributory Agreement and analyze the status of licensing and contributory license agreement in the PyPI. to check on the status of Python ecosystem. I will also mention the best practices to be followed by the developers for limiting the legal risks for the project.

Outline of the talk

  • Introduction
  • Who am I
  • Oh again a boring talk of legal!
  • Analyzing PyPI (to check on legal)
  • Developers you are in danger :(
  • Actions to be taken to mitigate the risk of your open source project
    • Have a clear and obvious Software License
    • Profile Licensing
    • Community Policy for changing or accepting code
  • Different kind of mechanisms for changing or accepting code
    • CLA
      • Definition
      • Pros and Cons
      • Example
        • Copyright Assignment Agreement
      • Definition
        • Pros and Cons
        • Example
    • Developer Certificate of Origin
      • Definition
      • Pros and Cons
      • Example
      • Difference between CLA, CAA and Developer Certificate of Origin
  • PSF Contributory Agreement
  • Best practices to be followed by the developers
  • Conclusion

Prerequisites:

The audience should be part of the Python Open Source community.

Content URLs:

https://anweshadas.in/

Speaker Info:

Anwesha Das, is a lawyer by education and profession. She provides consultation regarding legal, policy making and community related issues in the FOSS world. She is the Organizer of PyLadies Pune, also leads the PyLadies efforts in India. She maintains her blog at https://anweshadas.in/. As her day job she works in the Editorial team at HasGeek. She also blogs for Python Software Foundation.

Speaker Links:

Section: Others
Type: Talks
Target Audience: Beginner
Last Updated: