In a well-working community open source project, many people contribute. In particular, software developers will submit code contributions. As a consequence, without further measures, the copyright in the project’s code will be widely shared among its contributors.
To ensure that a project can be used without fear of violating someone’s intellectual property rights, all project artifacts, in particular the code, need to have a clear open source license, and ideally only one.
The most common way of handling this is to assume that anyone who submits a contribution for inclusion in the project agrees to its conditions. The copyright remains with the original submitter, but they agree to make their contribution available under the project’s license. While it has not been tested in the courts, the assumption is that the implicit out-licensing by the contributor will hold and that they can’t retroactively declare otherwise.
A problem not covered by this assumption is that a developer might innocently or maliciously submit code for inclusion that they don’t have the rights to, for example, because they copied the code from elsewhere.
One way of dealing with this is to ask each potential contributor for assurances. For this, together with the code contribution, contributors submit a so-called developer certificate of origin, in which they assert that they have the right to make this contribution. This should help avoid innocent mistakes and stop those with malicious intent from potentially damaging the project. The certificate is stored in electronic form together with the contribution.
A benefit of a developer certificate of origin is that no separate organization is needed to collect and manage these certificates. The certificate itself does not say anything about the code’s license, so the assumption of the developer agreeing to the project’s licensing terms still stands.
A more elaborate solution is the contributor license agreement. A contributor license agreement is a (short) contract in which a contributor makes assurances about their past, current, and future contributions to the project. These assurances typically include the right to make the contribution. They also often include a rights grant to the steward of the project. The rights grant might be a copyright transfer or just a relicensing rights grant. Sometimes, the steward is an individual person like the founder or leader of the project. More often, it is a non-profit organization.
The choice of a method of ensuring that all intellectual property rights are in order depends on the history and commercial relevance of the project.