Shawn Willden:
It turns out that the Googlers on this project haven't done our legal due diligence as we should, and as a result, Keyczar is in danger of being pulled completely, just when I was thinking that we had a chance to revive it and move it to Github (thanks entirely to Devin's offer and interest).
To avoid having it taken down, and to get it moved to Github, we need to get Contributor Licensing Agreements signed by everyone who has contributed. The agreement doesn't give your IP to Google or restrict your use of it... well, I probably shouldn't try to interpret it for you.
The agreements for individual and corporate contributors are here: https://cla.developers.google.com
Obviously, in the future we'll need CLAs from anyone who contributes.
Thanks, and sorry about this.
Steve Weis:
Keyczar was released under an Apache 2.0 license and I received approval from open source and legal teams in 2008. Why is there suddenly a need to retroactively get a Google CLA? What happens if you're unable to get everyone to agree?
Regardless, these are all the internal contributors I recall before it was released: Me Arkajit Dey Ben Laurie Neil Daswani Marius Schilder Sarvar Patel Loren Kornfelder Manuel Marquez Garrido Rafael Castro Laura Krotowski
This specifies who worked on what: https://code.google.com/p/keyczar/wiki/Contributors
Two early external contributors were: Sébastien Martini Martin Clausen
Everyone else should be in the commit history.
And here's a copy of the text: http://paste.click/GdAeQx
(Not sure if copying this is an issue, if it is let me know and I'll take it down)
I don't know why this is needed, but glancing at the CLA the clause which is most obviously not covered by the Apache license is this one:
"You represent that you are legally entitled to grant the above license. If your employer(s) has rights to intellectual property that you create that includes your Contributions, you represent that you have received permission to make Contributions on behalf of that employer, that your employer has waived such rights for your Contributions to Google, or that your employer has executed a separate Corporate CLA with Google."
Linux requires a similar declaration to accept code, but many free software projects do not, and it's not a part of any of the usual licenses.
If not, Google can't claim to own the whole project, but they can claim they own bits of it and refuse to allow distribution of those bits, just as they could if someone had release core parts of the Google search algorithms without permission. In that case, the choices for the project are to either create a clean fork without any of the Google contributions, or cease distribution altogether. It also leaves downstream users in a somewhat awkward legal position. I certainly wouldn't want to depend on the project for something that directly competes with a Google service, for instance.
Still, more likely it's just a mistake by Google legal and furthermore, it's highly unlikely they would go around suing people, especially when it's not 100% clear that the IP was released without permission. Still a bit of a messy situation though.
1. There's no suitable legal entity that could receive the copyright/rights on behalf of the PostgreSQL project. There are entities handling domains/... but that's not really useful.
2. The fact that developers keep all the rights (except for implicitly allowing use by submitting the patches) makes the project immune to particular changes. For example no one can suddenly change the license used by the project - it's going to be MIT-like license forewer.
3. I really wonder how this CLA works outside USA, in countries with different copyright laws. Say, Europe, Japan, South America - where a lot of PostgreSQL contributors live.
The fact that PostgreSQL has no CLA is one of the reasons why I work on this project. I'm the one who keeps copyright, etc. I'm not saying establishing a CLA would make me quit immediately.
Moreover, I don't see how a CLA could be established after 15+ years of a project.
