Description
Welcome
- Yes, I've searched similar issues on GitHub and didn't find any.
- I agree to follow this project's Code of Conduct
How did you install golangci-lint?
go install
Your feature request related to a problem? Please describe
Hi, thank you for maintaining golangci-lint.
I'm interested in making contributions to golangci-lint, but I'm facing several difficulties in interpreting the CLA.
This Contribution License Agreement (the “CLA”) is between the individual set forth in the signature block (“You”) and Golangci OÜ, (“GolangCI”), effective as of the date of Your signature and sets forth the terms pursuant to which You provides Contributions to GolangCI.
The status of "Golangci OÜ" is marked as "Deleted" (16.07.2021) in https://ariregister.rik.ee/eng/company/14589002/Golangci-OÜ
Does this OÜ (private limited company) still exist?
You accept and agree to the following terms and conditions for Your present and future Contributions submitted to GolangCI. In return, GolangCI will not use Your Contributions in a way that is contrary to GolangCI’s business objectives.
What is "GolangCI’s business objectives"?
Copyright License. Subject to the terms and conditions of this CLA, You hereby grant to GolangCI and to recipients of software distributed by GolangCI a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to use, copy, reproduce, prepare derivative works of, sublicense, distribute and publicly perform and display the Contributions on any licensing terms, including without limitation: (a) open source licenses like the MIT license; and (b) binary, proprietary, or commercial licenses.
This seems to conflict with the license of golangci-lint itself (GPLv3), and possibly with the licenses of its dependency modules too.
Notably, GPLv3 doesn't expect "recipients of software" to be able to sublicense Contributions in "binary, proprietary, or commercial licenses"?
Even if Golangci OÜ and other contributors allow such sublicensing, it is still subject to compatibility with the licenses of the dependency modules.
Each of Your Contributions is Your original creation (see section 6 for submissions on behalf of others); and
There is no "section 6".
Describe the solution you'd like
Could you consider replacing the CLA with the well-known Developer Certificate of Origin (DCO)?
This will be less confusing and easier to sign off.
DCO has been used by the Linux Foundation projects and many others.
https://github.com/apps/dco can be used for enforcing the DCO check on GitHub Actions.
Describe alternatives you've considered
Update the CLA
Additional context
No response
Supporter
- I am a sponsor through GitHub or OpenCollective