The reason for CLAs is threefold:
- For anything that is going to be relicensed to the Python license, we need the right to do that. The CLA allows us to relicense to an OSI-approved license that is approved by the board. Currently only the Python license is approved generally, there are minor exceptions.
- The CLA specifies the terms of how people license-in their code (under the Apache license, generally). This gives us the right to use the code absent them putting a licensing declaration in each file or PR.
- The CLA protects Python/the PSF/all downstream users from a later accusation that an employee contributed to Python and was not allowed to do so. By having a document that should be reviewed by legal within an organization, we make sure that anyone contributing to Python has their org’s ok to do so.
For all of those wondering about CLA vs. DCO, item #3 is the biggest difference between them.
As for mypy and typeshed, IF those are being more formally incorporated into the Python distribution, we should move to a CLA for the reasons identified above.
If we are not incorporating them into Python… I don’t really understand why they are moving under the /python organization.
- Van