[OpenStack-Infra] Improving the way we handle Corporate CLAs

Stefano Maffulli stefano at openstack.org
Thu Oct 24 17:28:51 UTC 2013


Hello folks,

Under article 7.1 (a) of the Foundation bylaws, the Foundation is
mandated to

    accept contributions of software made pursuant to the terms of the
    Contributor License Agreements attached as Appendix 7.

https://wiki.openstack.org/wiki/Governance/Foundation/Bylaws#appendix7

We're doing a pretty good job at handling the Individual CLAs for all
contributions since at least those that push the patches for review must
have click-accepted it.

Having managed the Corporate CLA for quite a while now I think we can
improve the way we handl it. At the moment it is generally intended by
the Board that every individual contributor who is contributing code on
behalf of a corporation needs to be explicitly authorised by such
corporation in the Corporate CLA, Schedule A (the list of actual people
authorized to contribute).

The Corporate CLA is managed via Echosign and that makes it hard to see
the list of companies that signed it. It makes it also hard to parse the
content of Schedule A and it makes it hard for companies to keep track
of changes to such authorized people. Usually corporate lawyers  sign
the Corporate CLA but another role (usually project managers, from what
I see) updates the Schedule A.

I think we can ease the pain for Corporations contributing code and for
the Foundation if we adjust our tools to better serve the CCLA process,
too, like we did for the Individual CLA.

Looking at how gerrit works I wonder if it would be possible to have a
role for "project managers" who can sign a Corporate CLA and, via gerrit
assign people to their own Corporate group. The use case I have in mind:

As a project manager of Tycoon Corp I would like to sign up to Gerrit,
sign the Corporate CLA hosted there, get the right to create a group for
"Tycoon Corp" and assign individual members of Gerrit to it.

I think that something as simple as that, while not 100% bullet proof,
would be already a great improvement over the process we have right now.
 How do you think this can be done?

Cheers,
stef

-- 
Ask and answer questions on https://ask.openstack.org



More information about the OpenStack-Infra mailing list