Open Stack

On Fri, Mar 13, 2015, at 11:06 AM, Jimmy Mcarthur wrote:
> Hi all - The OpenStack Foundation has already worked up at least a 
> portion of this solution by allowing one or more users with an 
> OpenStackID to be set as a CCLA Admin for their organization. The CCLA 
> Admin can designate one or more CCLA teams for their company. And then 
> each team can be comprised of multiple members. Members can be assigned 
> as long as they have a Foundation Membership and have a GerritID. If 
> they don't, they will be prompted to register and get a GerritID.
> 
> We also regularly run an ingest from Gerrit to retrieve Last Commit, 
> Gerrit ID, based on the Foundation Member email address. It may not be 
> possible, but perhaps we could offer the same check that we offer for 
> Foundation Members. Just a True/False if the user is a valid CCLA member.
I think there are two problems with this approach. The biggest one is
that it makes signing a CLA harder for users. They will now be presented
with multiple choices, which do they choose? and in both cases they or
someone else would have needed to fiddle bits on their foundation
accounts. We field a large number of questions around the existing
process and this will only make this more problematic. The other issue
is I am not sure that Gerrit provides enough info to the remote CLA
validator to make a distinction between ICLA and CCLA signing.

Ideally we would change the existing process with one that is simpler
for users since the cost of changing is non zero and there is plenty of
confusion around the process already.
> 
> We are also flexible enough to add or ingest ANY info from Gerrit that 
> you need to associate with a Company (CCLA Agreement #, etc...)
> 
> Just throwing this out there for discussion.
> 
> Thank you,
> 
> -- 
> Jimmy McArthur / Tipit.net <http://Tipit.net>< jimmy at tipit.net 
> <mailto:jimmy at tipit.net>>
> m: 512.965.4846
> o: 512.481.1161
> 
> 
> 
> Clark Boylan wrote:
> > On Thu, Mar 12, 2015, at 05:41 PM, Stefano Maffulli wrote:
> >> How would the infra team suggest we tackle this problem?
> >>
> > Based on the success of projects self managing third party CI voting
> > rights, I think we can solve this in a way very similar to how Gerrit
> > does it for contributions to Gerrit itself.
> >
> > For each company that has signed a CCLA two groups would be created in
> > gerrit:
> > * companyname-ccla-owner, this group would be self owned and have
> > membership of company representatives that decide who can push to
> > Gerrit.
> > * companyname-ccla-members, this group would be owned by
> > companyname-ccla-owner and its membership would include those users can
> > can push to Gerrit.
> > Then each companyname-ccla-members would be added to the super group for
> > all CCLA signers
> >
> > This will give companies greater tracking over who is covered by their
> > CCLA and remove the need for the ICLA as a proxy for that.
> >
> > The one hurdle we need to get over is delegating the group creation,
> > initial ownership and membership config, and addition to the super CCLA
> > group to a group that isn't the Gerrit admins. I don't want to become
> > the bottleneck that has to decide when a CCLA is properly signed.
> >
> > Options for this:
> > 1. Potentially Gerrit ACLs be made rich enough to delegate these
> > activities to groups other than Gerrit admins (perhaps Zaro can comment
> > on this).
> > 2. We could write a tool that used a serialized set of group info and
> > enforced that in Gerrit. Then have a repo for this data whose core team
> > was able to validate the CCLA process is complete before updating Gerrit
> > via updates to this repo.
> >