Agreeing to a CLA explicitly states that you are entitled to provide a contribution, that you cannot withdraw permission to use your contribution at a later date, and that HashiCorp has permission to use your contribution in our commercial products. This removes any ambiguities or uncertainties and allows users and customers to confidently adopt our projects. The CLA ensures that all contributions to our open source projects are licensed under the project's respective open source license, such as MPL2.
Requiring a CLA is a common and well-accepted practice in open source. Major open source projects require CLAs such as Apache Software Foundation projects, Facebook projects (such as React), Google projects (including Go), Python, Django, and more. Each of these projects remains licensed under permissive OSS licenses such as MIT, Apache, BSD, and more.
When you open a pull request ("PR") to any of our open source projects to sign the CLA. A bot will comment on the PR with a link to sign the CLA if you haven't already. This will require you to log in with GitHub and to fill in a few additional details such as your name and email address.
You only have to sign the CLA once. Once you've signed the CLA, future contributions to any HashiCorp project will be protected under the agreement and will not require you to sign again.