Comment by Conlectus
4 days ago
I’m not sure where this belief came from, or why the people who believe it feel so strongly about it, but this is not generally true.
With the exception of GPL derivatives, most popular licenses such as MIT already include provisions allowing you to relicense or create derivative works as desired. So even if you follow the supposed norm that without an explicit license agreement all open source contributions should be understood to be licensed by contributors under the same terms as the license of the project, this would still allow the project owners to “rug pull” (create a fork under another license) using those contributions.
But given that Zed appears to make their source available under the Apache 2.0 license, the GPL exception wouldn’t apply.
Indeed, if you discount all the instances where it is true, it is not true.
From my understanding, Zed is GPL-3.0-or-later. Most projects that involve a CLA and have rugpull potential are licensed as some GPL or AGPLv3, as those are the licenses that protect everyone's rights the strongest, and thanks to the CLA trap, the definition of "everyone" can be limited to just the company who created the project.
https://github.com/zed-industries/zed/blob/main/crates/zed/C...
Good catch on the license in that file. I went by separate documents in the repo that said the source is available “under the licenses documented in the repository”, and took that to mean at-choice use of the license files that were included.
I think the caveat to the claim that CLAs are only useful for rug pulls still important, but this is a case where it is indeed a relevant thing to consider.