Re: GitHub Hygiene


Oleg Nenashev
 

Hi,

The Jenkins project uses Individual and Company CLAs (see this repo). This CLA is required ONLY for contributors who want to get special permissions (i.e. Jenkins core repo permissions, Security team membership, access to social media and YouTube accounts, etc.). We do not require the CLA to be signed by plugin maintainers or by common contributors.

In any case the Jenkins CLA process is subject to rework once the project assets are officially transferred to CDF. Our CLA process is also pretty tedious and time-consuming for signees and board members who process CLAs and verify that the submitted documents are correct and, in the case of Company CLAs, legit. The CLA doc is also quite obsolete, and it does not fully represent the current community processes (e.g. no reference to Jenkins code of conduct which was introduced after CLA). Switching to EasyCLA is one of the options we discussed last time, and I believe there was a consensus that we'd like to explore that in the future. According to the blogs and video recordings I watched, it is a pretty convenient tool if a project wants to enforce CLA.

Best regards,
Oleg Nenashev


On Fri, Jul 10, 2020 at 8:15 PM Jithin Emanuel <jithin1987@...> wrote:
Screwdriver used to have a CLA signer bot for making contributions, but we got rid of it and streamlined across all Verizon Media open source projects to have this Pull Request template. https://github.com/screwdriver-cd/.github/blob/master/PULL_REQUEST_TEMPLATE.md#license

--
Jithin

On Fri, Jul 10, 2020 at 8:28 AM Dan Lorenc via lists.cd.foundation <dlorenc=google.com@...> wrote:
Jumping back up thread:

We don't have a blanket CLA policy for the CDF - we allow projects to choose what they want. The LF has tooling in place (EasyCLA) to make it easy for projects to use a CLA if they choose (Tekton uses this for example). Jenkins X and Spinnaker on the other hand, do not use CLAs. As far as recommendations/reasons to use one or not use one - we'd need to ask LF/corporate legal teams for their recommendations.

Repo access controls are now a bit easier - thanks Brian! We could setup automation on this (check out how Tekton does this: https://github.com/tektoncd/community/tree/master/org), but it may be overkill. 

Dan Lorenc

On Tue, Jul 7, 2020 at 2:57 PM Tara Hernandez <tarahernandez@...> wrote:
Damn, had forgotten all about those (so, yay for me adding it to the notes against that eventuality)

:)

I don't have a list of repos per se,  this was more around a general policy question that arose out of another discussion -- do we have any kind of consistent policy or recommended best practice for our projects with regards to CLAs and should the CDF be handling that on behalf of the projects.  Put another way, is there a reason NOT to just do it everywhere?  

The second item also came up during that discussion because we realized the CDF repos were pretty locked down and nobody seemed to have admin access other than Dan (and now Brian), so getting some teams and roles in there would be lovely.

On Tue, Jul 7, 2020 at 6:07 AM Dan Lorenc <dlorenc@...> wrote:
Tara had a couple TOC agenda items for today:
  • [tara] Need a CLA or similar for ambassadors/contributors to clarify contributions from individuals vs. corps 
Tara, could you clarify which repos you'd like to get the CLA setup on? We should be able to use EasyCLA for this.
I agree here. +Brian Warner - do you have the admin permissions on github.com/cdfoundation? Would you mind adding me so I can setup teams/permissions?

Dan Lorenc


--
Tara Hernandez
Engineering Manager Google Cloud





--
Thanks
Jithin Emmanuel

Join cdf-toc@lists.cd.foundation to automatically receive all group messages.