I require every developer who wishes to contribute to print the CLA, compile it, sign it, and send it to cla _at fenrirproject.org as a PDF.
The reason I do this is to protect myself, this project and its users.
Please remember that this agreement does not change your rights to use your own contributions for any other purpose.
This will also permit me to relicense this project for those who need it.
If you don't sign the CLA, don't send the patch. I can not accept it. I will ask if I can accept bsd-licensed patches, but chances are I can't.
Who gets the code under which license?
(L)GPL3 for everyone
as needed for other people.
Each case will be publicly listed in this page, along with the (new) licenses.
No licenses other than (L)GPL3 have been granted yet.
Why do you need to relicense the code?
libRaptorQ and the Fenrir protocol projects will always remain GPL'd software, but that gives me some limitations.
Right now libRaptorQ and libFenrir are LGPL3. Dual licensing is needed for the Apple and windows store environments.
Windows store seems to explicitly disallow licenses with requirements on redistribution and modifications (=> *GPL), and the Apple apps are statically linked (which has some strict requirements no one ever cares about in the lgpl), plus *gpl and apple store are incompatible.
The LGPL lets you statically link the library to a program only if you distribute the un-linked object files. I do like the philosophy behind it, but nobody seems to be able to do this easily, everybody is scared to try, and the result is that nobody does it.
There are some projects that say they are "LGPL with static linking exception", but the (L)GPL clearly states that the license can not be modified, and that is a clear enough modification.
Even with these problems, I still want to take advantage of the LGPL, and want them to be able to use these projects in the various stores, so I'm thinking about a license which will not permit non-lgpl3+ source-code modifications, that will not permit others to close source this project, but still let them use it for statically linked libraries, and for any signing they need.
That is a lot of work, so for know I opted for double-licensing.
Also, in the future the situation might change, better licenses might come out, the (L)GPL3 might prove insufficient. You might not like future GPL licenses.
And You won't like being stuck with the wrong license then.
Why not just a MIT-license/apache/bsd, then?
Because those licenses still lets other people fork-and-close the project, which duplicates the effort needed to keep the codebase clean and secure for everybody.
I want an LGPL3 where statically-linking is possible, and only if the whole library can be verified not to have extra or different changes (deterministic builds)
If I just put this in a BSD-style license, everyone can take it, modify it a bit and claim it is the same, even with a backdoor inside it. DO. NOT. WANT.
This will also prevent a lot of smart people to modify the code and still escalate the bugs to this project.
So there will be a clause that forces the usage of deterministic builds for this library, so that people can check that they have a safe version of the library.