Open Stack

On 2016-10-11 13:05:38 -0400 (-0400), Monty Taylor wrote:
> On 10/11/2016 12:35 PM, Richard Fontana wrote:
> > Wasn't the ICLA requirement completely eliminated last year?
> 
> The requirement was eliminated pending a few technical implementation
> items. We will not be removing enforcement of ICLA signing until we
> finish adding enforcement of the CCLA.
> 
> So - for now it is a requirement, although we do have a path forward to
> the time where it will not be a requirement.
[...]

To clarify, we're allowed to drop ICLA enforcement in Gerrit once
we've switched from authenticating it against Launchpad SSO to
authenticating it against OpenStackID (which will allow the
foundation to more accurately map code contributions to specific
foundation members, enabling a separate system which grants counsel
for various member companies to accurately maintain lists of those
employees contributing under the CCLA on their behalf).

There are multiple challenges with switching identity providers.
First, we don't have a perfect means of mapping Gerrit accounts to
existing foundation accounts. Second, we need to decide how we'll go
about handling the (many) Gerrit users who don't yet have foundation
accounts. Third, we'll lose the ability to map new Gerrit users to
Launchpad accounts for automated bug reassignment (this we're hoping
to solve by switching to a different task tracker which is under our
direct control, and use the same identity provider for it as well).

These are problems I'm hoping we'll make more traction on soon, as
I'm quite aware how painful ICLA enforcement is as part of the code
contributor onboarding process.
-- 
Jeremy Stanley