Today I read on Fossil SCM’s mailing list:
The problem with BSD is that you really should get a signed form from each
contributor stating that their contribution is BSD. This is automatic with
GPL, since releasing your contributions under a compatible license is a
prerequisite for viewing the code in GPL. This makes GPL great for a
highly collaborative environment, with lots of contributors. BSD is more
permissive (less burdensome) for readers, but that makes it a little
tougher for writers since they now have to send in some paperwork.
Could someone explain why, and what are the possible consequences of not having such a signed statement from project’s contributors?
The GPL does not explicitly make any statement about the licensing of code contributed code back to the project. It might be inferred that any contribution is covered by the GPL as it could be considered a derived work and thus must be licensed under the GPL but it is possible that the contribution is already licensed under an incompatible license and cannot be combined with the GPL code.
As far as I know the only license that explicitly mentions the licensing of contributed code is the Apache License (see “Contributions” and “Submission of Contributions”).
That said, it is generally good practice to have all contributors to an Open Source project explicitly assign the copyright of their contributions to the project. The assignment form will also include text that affirms that the contributor is the copyright holder of the contribution and/or is authorized to assign the copyright.
By including the second part the project has some protection when it is discovered that someone contributed code that they were not legally permitted to contribute (e.g. they copied proprietary code from their employer).
The other general risk of not getting copyright assignment is that if, in the future you wish to change the license you can’t without permission of all the contributors who hold the copyright on their contribution. For example if you wanted to change the license from GPLv2 to LGPLv2 you could not without permission.
3
BSD allows derived works that are not, as a whole, BSD-licensed. The danger here is that a new contributor (or, really, any contributor) could submit a code contribution and then later claim that his contribution was not BSD-licensed. Whether this would hold up in court probably depends a lot on the exact circumstances of the transfer — imagine an ambiguous case where someone posts a patch to a mailing list and simply says, “Look at this neat new feature I wrote!” without expressly granting it to the project under a BSD license. (A project that requires signed agreements would respond, “Thank you, but before we can accept this into our code base, please legally acknowledge that your contribution is BSD-licened”.)
A GPL-licensed project is less vulnerable to such ambiguity. The relevant legal teeth in the GPL are in section 8:
You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License…
In my example of an ambiguous contribution, there is no ambiguity with the GPL. The modified work is necessarily GPL-licensed, and the contributor could not post his modification to the mailing list without granting GPL rights to it (since posting his modified version constitutes a transfer). Any attempt to argue otherwise requires him to actively claim that he was violating the GPL, which means he loses rights to the project entirely and his modified work is legally void.
(I’m not a lawyer, so I’m not sure if the GPL’s protections are sufficient to protect a project from a litigant that doesn’t care about any amount of legal damage to himself, but it’s certainly enough to deter most sane people from pressing legal action.)
2