As many of you know I am not very fond of the entire CLA idea. However as of late there have been some incorrect assertions around the entire CLA proposal, which I want to correct before people waste more time on the wrong arguments against the CLA proposal. I will have some better arguments against it at the end of this blog post.

It has been unclear to people if the only companies that were approached were big vendors like Oracle, IBM and Microsoft with MySQL AB tacked on. I know that PostgreSQL was asked from the very beginning. While they did not have someone to step up at the beginning of discussions, they did have someone join the discussion later on. Also for all I hear SQLite was also asked. However Richard did not have time to join the debates, which so far have been mainly about legal topics anyways. Now I dont know if Firebird was approached (there are actually quite a few users in Brazil, Russia and to some extend Germany). I am surprised that Ingres is not on the list of vendors.

The other thing people have asserted that the CLA prevents people from reading the specifications. This is not correct. This would be what is called a NDA aka "non disclosure agreement". If this were the case, then this would most obviously put the final nail in the coffin of this proposal. That is simply impossible to even consider for a second. The CLA does not limit use of anything that is produced in any way that is incompatible with how PHP works today. The only thing the CLA regulates is contribution to the specifications and code.

This imho is already enough for this proposal to be turned down. As stated before, the proposed CLA does contain a much clearer and toned down clause on patents, which could still pose a problem for people at patent holding companies. However even if these people manage to sort out their issues, I want to highlight just general day to day issues I see with a CLA in place. Note I never worked on a project that was under a CLA, so maybe someone with some background there can enlighten me/us how this works out in practice. Take for example the general chatter on the mailinglists, on IRC or at a conference. Can I easily talk to people who have not signed the CLA without running into the issue that they might infest my brain with ideas that are patent riddled? I guess that is not a problem for me personally (since the CLA is only concerned with patents I am "aware" of), but it makes it still a bit questionable what kind of protection a CLA really offers. I am just saying this to refute the claim that a CLA is generally a good thing for end users. I still see plenty of opportunities for patent trolls.

More immediate would be the problem of bug reports that contain patches of any sort. What happens then? As long as that person does not sign, we cannot use that patch. As far as I know if you can proof there is really only one way to fix something, you are not necessarily at risk of getting slapped with copyright theft if you "copy" something. However in practice it will probably run out to "grey" situations and do we really want to be put in a situation where we have to make such decisions? This is why I keep calling CLA'ed OSS "one way open source". Sure the final product is OSS, but it makes it easier to get into this "clean room engineering" mindset than to build things on the "shoulders of giants" in true OSS spirit.

Again I want to remind people (and more importantly the commercial vendors pushing for a CLA), that there are so many less problematic ways of contributing. Some of them have been explored already and have proven to be very useful .. so I think it would be wiser to just expand these: There is no need for a CLA in order to write documentation, tests or to provide feedback to concret questions about the relevant API's. I am sure that simple feature requests for changes in the underlying API's in order to make it easier/performant to unify things within PDO would also be safe.

Update:
I might have made some false assumptions about the timing of when the different OSS RDBMS project were contacted. At any rate what is true is that PostgreSQL, MySQL and SQLite have been asked to join, I do not know when in the discussion process this happened exactly.

That being said, generally I do not have anything against people discussing things offlist as long as no final decisions are made offlist. Companies that are still trying to get a feel for an OSS project often do this and I think its entirely legit. Also I think its legit if a group of people form the community do this. As a matter of fact the boundaries quickly murky quickly about this stuff anyways. We are all free to chat/mail/meet with people and talk about stuff.

As a (minor) contributor to the Zend Framework, I signed their CLA and agree with you that the patent protection is questionable.

It does hoever ensure that I think about the code I write for the project and I make sure that I have full copyright over it.

One obvious limitatiion is that I don't read suggested patches from people who haven't signed the CLA. I do however discuss the concepts of a solution with whomever I please as the code to implement the solution is mine.

Regards,

Rob...

Hi Lukas, I do have experience working on a CLA-governed project, so I spent some time today to write a response to your blog above.

http://karwin.blogspot.com/2008/01/pdo-v2-cla-issues.html