[Openstack] Using Gerrit to verify the CLA

James E. Blair corvus at inaugust.com
Fri Dec 30 17:41:17 UTC 2011


We've gotten some requests from core reviewers to automate verification
that people submitting changes have agreed to the CLA.  Right now, the
expectation is that core reviewers will only approve changes submitted
by people who have agreed.  That's silly because we have computers that
can do that.

Gerrit has a CLA system built in.  While we could use it to replace the
data collection and signature portion of the CLA process, that isn't the
most important thing for either us or the lawyers to be working on right
now.  Instead, we can adopt a hybrid approach where we still use the
same signature process, but use Gerrit to make sure people have
completed it.

The current process involves people adding their Launchpad IDs and
Echosign signature transaction codes to a wiki page.  To that, we'll add
the step of requesting membership in the "openstack-cla" group on
Launchpad.  When someone has verified the listing for that person on the
wiki page, they will be added to the group.  Membership in that group
will be required to upload changes to Gerrit.

If we implement this technically as a CLA in Gerrit, albeit one that
simply says something like "Follow the CLA process described in the
wiki," we get a couple of benefits.  We can tell Gerrit that anyone in a
specific group (openstack-cla) has signed that CLA, and they will be
able to upload changes.  If someone attempts to upload a change without
being a member of that group (ie, without having signed the CLA), they
will receive a helpful error message:

fatal:  A Contributor Agreement must be completed before uploading:


That page (which will be present once the CLA is enabled) will show the
pseudo-CLA in Gerrit, with a pointer to the wiki page with instructions
on the real OpenStack CLA process.

Even though it's not the way the Gerrit CLA system was intended to be
used, I think this is a reasonable hybrid approach, at least until the
next time we feel like overhauling the project CLA process.  It's fairly
simple, and we get an expressive error message from Gerrit if someone
hasn't signed.

In short, the process for new developers will be:

1) Sign CLA via Echosign
2) Record signature in wiki
3) Apply for membership in openstack-cla
4) Contribute!

With only step 3 being added by this change.

I'd like to enable this check on Thursday, January 5th.  Please make
sure you have signed the CLA and entered your name on the wiki page by



More information about the Openstack mailing list