This is a submission for the 2025 Hacktoberfest Writing Challenge: Open Source Reflections
This year I’ve chosen to focus on what really matters to me, avoiding compulsively pushing to reach the goal of four or six accepted pull requests. I sent mostly translations, because I think it’s not possible to really get to the heart of a software project in a month. Here is my experience with Hacktoberfest 2025.
Contributor License Agreement (CLA)
As I said, I focused on specific projects. This means I only contributed to projects of a certain caliber: I avoided those created specifically to accumulate points. Therefore, I sent requests to companies that have been in the industry for years. A prime example? Google. And I’m still waiting for them to accept my contribution.
The same thing goes for Arduino, Microsoft, and DigitalOcean. I’ve sent requests, but so far, they’ve all turned them down. But that’s not the topic I want to discuss today (while I wait for a response). If you really want to know, Hugging Face accepted my contribution right away. And it’s been online for several days.
The thing is, all the companies (except Hugging Face) asked me to sign a Contributor License Agreement. There’s nothing wrong with that — I signed one for each of them, in fact — but I wondered how positive this practice is for open source. And the answer I gave myself was not positive.
Google Asks to Use a Gmail Address
Want to contribute to a Google project? You must use a Gmail address. It’s not a crazy request, and Gmail is free, but what’s the point? Why can’t I send a pull request from a different email address? The quality of the code I share doesn’t depend on it. And I’d appreciate a response within a reasonable timeframe.
I mean, I had to add an address to my GitHub account and update my pull request with another push just to get it considered. Days later, it’s still open and hasn’t been accepted by anyone, even though it’s literally one line of code. I don’t think that’s the right thing to do. But, mind you, there’s a catch.
None of the projects I contributed to were part of Hacktoberfest 2025. Therefore, I will likely receive a response at different times. But the problem here is that every single contribution is subject to signing an agreement, no matter how permissive. It’s not a personal issue for me, but it’s a matter worth discussing.
To Sign or Not to Sign? That Is the Question.
I have a pretty zen attitude about open source. I’m not a fundamentalist. So I had no problem signing the agreement for every company, but I wonder how legitimate it is. I didn’t find any unfavorable conditions. But the mere fact of having conditions was unfavorable. Why should I sign an agreement? I read many answers.
Unfortunately, all the answers allude to a change in license from open source to proprietary, which means your work could be sold without you profiting from it. This is a relative problem, because I would not have intended to request any other recognition than the merge of my changes: a merge that has not yet been approved.
But, ultimately, a CLA is like a prenuptial agreement: I don’t know if the marriage will work out, so I protect myself. I think this is a legitimate attitude for a company of that size, which is why I signed in every case. What I don’t like is the mechanism, starting with Google asking me to use Gmail. It’s nonsense.
If you have a look at the Wikipedia entry, CLAs are much debated. Some like Red Hat have taken a step back, others have made them optional, and still others have never used them. My question is: is all this helping open source or hindering it? I don’t think I’ve figured it out yet.
Top comments (2)
That’s a really thoughtful reflection — you captured the tension perfectly. CLAs do protect companies, but they also create friction that can discourage genuine contributors. It’s a tricky balance between legal safety and the open, welcoming spirit that makes open source thrive.
Really thoughtful take
CLAs definitely protect companies, but they can make open source feel less “open.”
I agree
It’s a tricky balance between trust, control, and true community collaboration.