[OpenStack-Infra] Improving the way we handle Corporate CLAs
Stefano Maffulli
stefano at openstack.org
Mon Oct 28 17:00:03 UTC 2013
On 10/28/2013 07:47 AM, Jeremy Stanley wrote:
> There wouldn't really be any way to enforce anything with this, it
> would only be best-effort on behalf of the CCLA signatories.
This I understand and I think best-effort is good enough, as I can't see
of any way we can force people that commit code/translations/docs for a
company to sign icla and ccla without preventing non-affiliated people
to contribute, too.
> Also,
> the way Gerrit CLAs work, either we'd have to make the CCLA open to
> anyone to sign (which could be used as a loophole to submit changes
> to Gerrit without signing the ICLA, since CLA enforcement simply
> requires that some CLA, any CLA, has been agreed to), or we'd have
> to set the CCLA require approval (which as we've seen with the
> USGCLA makes it more likely people with a tenuous grasp of English
> try to sign it instead of/in addition to the ICLA and then can't
> submit changes until someone clears their attempt from the DB).
Probably then we should keep the notion of the CCLA in the User/Member
database then? The manager of the CCLA would click-sign the agreement on
our site, we keep the historic record of that signature and the manager
herself declares who works for her, authorized to commit. It would still
not prevent people to commit code without a CCLA but I htink it would
improve the situation. What do you think?
/stef
--
Ask and answer questions on https://ask.openstack.org
More information about the OpenStack-Infra
mailing list