Clarify what the inbound contributions are licensed under
Currently it seems like it is assumed that Inbound=Outbound is implied. But in practice anyone could slap on any license (or none) onto their code and it would get in, potentially causing incompatibilities and issues later on.
At the very least it would be useful to explicitly state in
CONTRIBUTING.md that any contributions should be made under the same license as the outbound license of the project (or docs). e.g.:
All code contributions must be made under the same license as the project’s main license (i.e. AGPL-3.0-or-later for Tildes code and MIT for code handling Tildes documentation) and all documentation contributions under the same license as the main license of the documentation (i.e. CC-BY-SA-4.0).
Some further possibilities I see:
- if desired, one could use the DCO in addition to the Inbound=Outbound contribution agreement/policy to strengthen it
- alternatively, if (e.g. for compliance or longevity reasons) it is desired to aggregate copyright (in a trusted NGO – either Tildes Foundation or external such as e.g. Commons Conservancy) through a CLA, the FLA would be the most well-balanced option IMHO