Open Stack

On Fri, 2013-12-20 at 14:07 -0500, Russell Bryant wrote:
> On 12/20/2013 09:32 AM, Dolph Mathews wrote:
> > In the past, I've been able to get authors of bug fixes attached to
> > Launchpad bugs to sign the CLA and submit the patch through gerrit...
> > although, in one case it took quite a bit of time (and thankfully it
> > wasn't a critical fix or anything).
> > 
> > This scenario just came up again (example: [1]), so I'm asking
> > preemptively... what if the author is unwilling / unable in signing the
> > CLA and propose through gerrit, or it's a critical bug fix and waiting
> > on an author to go through the CLA process is undesirable for the
> > community? Obviously that's a bit of a fail on our part, but what's the
> > most appropriate & expedient way to handle it?
> > 
> > Can we propose the patch to gerrit ourselves?
> > 
> > If so, who should appear as the --author of the commit? Who should
> > appear as Co-Authored-By, especially when the committer helps to evolve
> > the patch evolves further in review?
> > 
> > Alternatively, am I going about this all wrong?
> > 
> > Thanks!
> > 
> > [1]: https://bugs.launchpad.net/keystone/+bug/1198171/comments/8
> 
> It's not your code, so you really can't propose it without them having
> signed the CLA, or propose it as your own.
> 
> Ideally have someone else fix the same bug that hasn't looked at the patch.
> 
> >From a quick look, it seems likely that this fix is small and straight
> forward enough that the clean new implementation is going to end up
> looking very similar.  Still, I think it's the right thing to do.

What is the actual point of the CLA? since it seems to be a barrier to
contribution.  Why not do something affirmative like a DCO instead.  The
signed-off-by on a patch submitted by any mechanism (email list, patch
to bugzilla, launchpad, gerrit) can then be included because it carries
the DCO affirmation with it.

The reason CLAs are such a barrier is that if you're an employee of a
company, you have to get the approval of that company to sign them.  If
the company is used to this type of thing, it's usually a couple of days
turn around.  If it's not, it can be painful weeks trying to explain to
the corporate counsel what you're trying to do (and why it won't affect
the company too much) ... a large number of developers simply give up in
the middle of this.

The only point the current CLA would serve would be to allow the
OpenStack foundation to change the licence from ASL-2.0 to an ASL
incompatible licence since DCO + ASL-2.0 seems to cover all the other
terms in the current CLA.  Is that really worth all the pain?  I have a
hard time coming up with another licence besides GPLv2 that is actually
ASL-2.0 incompatible, so any licensing switch could apparently be made
without the need for a copyright grant.

James