[OpenStack-Infra] Better Corporate CLA management

Monty Taylor mordred at inaugust.com
Mon Mar 23 21:15:57 UTC 2015


On 03/23/2015 04:15 PM, Clark Boylan wrote:
> 
> 
> On Fri, Mar 13, 2015, at 11:06 AM, Jimmy Mcarthur wrote:
>> Hi all - The OpenStack Foundation has already worked up at least a 
>> portion of this solution by allowing one or more users with an 
>> OpenStackID to be set as a CCLA Admin for their organization. The CCLA 
>> Admin can designate one or more CCLA teams for their company. And then 
>> each team can be comprised of multiple members. Members can be assigned 
>> as long as they have a Foundation Membership and have a GerritID. If 
>> they don't, they will be prompted to register and get a GerritID.
>>
>> We also regularly run an ingest from Gerrit to retrieve Last Commit, 
>> Gerrit ID, based on the Foundation Member email address. It may not be 
>> possible, but perhaps we could offer the same check that we offer for 
>> Foundation Members. Just a True/False if the user is a valid CCLA member.
> I think there are two problems with this approach. The biggest one is
> that it makes signing a CLA harder for users. They will now be presented
> with multiple choices, which do they choose? and in both cases they or
> someone else would have needed to fiddle bits on their foundation
> accounts. We field a large number of questions around the existing
> process and this will only make this more problematic. The other issue
> is I am not sure that Gerrit provides enough info to the remote CLA
> validator to make a distinction between ICLA and CCLA signing.
> 
> Ideally we would change the existing process with one that is simpler
> for users since the cost of changing is non zero and there is plenty of
> confusion around the process already.

I spoke with Jonathan at the Ops Summit about a completely different
approach that does not seem represented here and that was easier.

Jonathan - perhaps it's time to start floating that idea?

>>
>> We are also flexible enough to add or ingest ANY info from Gerrit that 
>> you need to associate with a Company (CCLA Agreement #, etc...)
>>
>> Just throwing this out there for discussion.
>>
>> Thank you,
>>
>> -- 
>> Jimmy McArthur / Tipit.net <http://Tipit.net>< jimmy at tipit.net 
>> <mailto:jimmy at tipit.net>>
>> m: 512.965.4846
>> o: 512.481.1161
>>
>>
>>
>> Clark Boylan wrote:
>>> On Thu, Mar 12, 2015, at 05:41 PM, Stefano Maffulli wrote:
>>>> How would the infra team suggest we tackle this problem?
>>>>
>>> Based on the success of projects self managing third party CI voting
>>> rights, I think we can solve this in a way very similar to how Gerrit
>>> does it for contributions to Gerrit itself.
>>>
>>> For each company that has signed a CCLA two groups would be created in
>>> gerrit:
>>> * companyname-ccla-owner, this group would be self owned and have
>>> membership of company representatives that decide who can push to
>>> Gerrit.
>>> * companyname-ccla-members, this group would be owned by
>>> companyname-ccla-owner and its membership would include those users can
>>> can push to Gerrit.
>>> Then each companyname-ccla-members would be added to the super group for
>>> all CCLA signers
>>>
>>> This will give companies greater tracking over who is covered by their
>>> CCLA and remove the need for the ICLA as a proxy for that.
>>>
>>> The one hurdle we need to get over is delegating the group creation,
>>> initial ownership and membership config, and addition to the super CCLA
>>> group to a group that isn't the Gerrit admins. I don't want to become
>>> the bottleneck that has to decide when a CCLA is properly signed.
>>>
>>> Options for this:
>>> 1. Potentially Gerrit ACLs be made rich enough to delegate these
>>> activities to groups other than Gerrit admins (perhaps Zaro can comment
>>> on this).
>>> 2. We could write a tool that used a serialized set of group info and
>>> enforced that in Gerrit. Then have a repo for this data whose core team
>>> was able to validate the CCLA process is complete before updating Gerrit
>>> via updates to this repo.
>>>
> 
> _______________________________________________
> OpenStack-Infra mailing list
> OpenStack-Infra at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
> 




More information about the OpenStack-Infra mailing list