We believe the best software is written in the open. It’s our guiding principle and one that has allowed us to create a thriving community of developers from all over the world committing millions of lines of code every year. This novel way of building software works because the open source community believes that together we can do far more than by ourselves. As a large and growing community, we are always searching for ways to lower the barrier to entry and empower our developers to do what they do best.
What is the Canonical CLA?
The Canonical Contributor License Agreement is a simple and readable document that ensures our developers are protected and the software we make is able to be shared around the world. All developers who wish to contribute to Ubuntu, and the various other projects we work on, are required to sign the agreement. You can read the entire Canonical Contributor License Agreement.
The current CLA process which has been in place for a number of years is largely manual which can slow down the initial contribution pipeline and leave eager developers frustrated. Along with individual developers, we also want to make it easier for organizations looking to continue to be able to sign and protect their developers who wish to contribute.
What changes are coming to the Canonical CLA process?
We’ve just rolled out a new CLA processing system that streamlines the agreement signing and checking process that we use throughout our CI/CD pipelines. The Canonical CLA itself is not changing.
For developers this will mean:
Easier agreement signup using Github via Oauth authentication
Easier agreement signup via Launchpad via Ubuntu SSO
An improved agreement process for organization signing the CLA
How will I be affected?
We are rolling out the changes in a phased manner as to not cause disruption for our developer community and their work.
If you’re a current developer who has already signed the Canonical CLA: You will need to sign the CLA again using the new signing process found here, before the end of August 2025. Regular reminders will be sent to the email address you have listed on your initial signing prior the deadline.
If you’re a new developer who has yet to sign the Canonical CLA: You only need to sign up with the new signing process and start contributing.
Since this consistently refers to Canonical and not Ubuntu, does this apply to all software managed within the Ubuntu landscape (which, in turn, is ultimately managed by Canonical) or simply to projects directly managed by Canonical?
Typically yes, though the CLA does actually apply to some projects on Launchpad, but we need to do some more work on how to make that process more automated in the future.
This may have been true of the old CLA, I don’t know as I only now found something to contribute to.
Why does it require my phone number and address? I’ve signed other CLAs before; most haven’t required an address but I get that for legal purposes. But none have required a phone number; if anything I’ve had some require an email address for contact purposes.
Do we have any provided guarantee on data privacy here / just to double check, does Data privacy | Ubuntu apply here?
Hello @13steinj,
Both the old form and new form request that information for legal and contact purposes. To your second question, the data privacy policy applies to all personal information received by Canonical, including the CLA form.
I just got the email reminding me to re-sign the new CLA. On the contributor agreement form, the two options are as an individual or on behalf of an organization.
Individual states:
The individual contributor agreement is designed for individuals contributing personally (not on behalf of a company or organization). Individual contributors should use their personal email account. If you choose to sign with a corporate email account, please ensure that you are legally permitted to do so.
On behalf of an organization:
The corporate contributor agreement is designed to accommodate companies that do not permit their employees to sign individual contributor agreements.
As an employee of Canonical, it seems rather ambiguous which applies. My contributions are as an individual on behalf of Canonical, my employer. I assume we should use our Canonical emails, since that is what we use for the majority of our work. But Canonical does allow employees to sign individual contributor agreements.
I believe we should sign as individual contributors, so this comment is mostly a request to clarify or disambiguate those who are employed by and work on behalf of companies doing open source work (Canonical, Red Hat, Google, silicon vendors, etc.) and use our company emails to do so, but are not signing the CLA on behalf of our employers. Should we use our personal emails or corporate emails to sign?
