GitHub Hygiene


Dan Lorenc <dlorenc@...>
 

Tara had a couple TOC agenda items for today:
  • [tara] Need a CLA or similar for ambassadors/contributors to clarify contributions from individuals vs. corps 
Tara, could you clarify which repos you'd like to get the CLA setup on? We should be able to use EasyCLA for this.
  • [tara] TOC should define teams/policies around github org access
I agree here. +Brian Warner - do you have the admin permissions on github.com/cdfoundation? Would you mind adding me so I can setup teams/permissions?

Dan Lorenc


Tara Hernandez
 

Damn, had forgotten all about those (so, yay for me adding it to the notes against that eventuality)

:)

I don't have a list of repos per se,  this was more around a general policy question that arose out of another discussion -- do we have any kind of consistent policy or recommended best practice for our projects with regards to CLAs and should the CDF be handling that on behalf of the projects.  Put another way, is there a reason NOT to just do it everywhere?  

The second item also came up during that discussion because we realized the CDF repos were pretty locked down and nobody seemed to have admin access other than Dan (and now Brian), so getting some teams and roles in there would be lovely.


On Tue, Jul 7, 2020 at 6:07 AM Dan Lorenc <dlorenc@...> wrote:
Tara had a couple TOC agenda items for today:
  • [tara] Need a CLA or similar for ambassadors/contributors to clarify contributions from individuals vs. corps 
Tara, could you clarify which repos you'd like to get the CLA setup on? We should be able to use EasyCLA for this.
I agree here. +Brian Warner - do you have the admin permissions on github.com/cdfoundation? Would you mind adding me so I can setup teams/permissions?

Dan Lorenc


--
Tara Hernandez
Engineering Manager Google Cloud




 

Dan - Yep, I can do that. You should be an owner now, I just updated it.

Tara - For CLAs, generally the governing board sets the policy for the Foundation in the IP policy (e.g., "We require Foundation projects to use this particular CLA" or "Foundation projects may use this approved CLA if they choose, or not" or "We are using inbound=outbound with the DCO"). From that point, it's just a matter of tooling. We've got that reasonably well covered on the LF side, and I can walk you through that if it would help.

As for the repos, in the github.com/cdfoundation org, the owners are:
  • Dan Lorenc (just added)
  • Kohsuke
  • Tracy Miranda
  • Jaice Singer DuMars
  • Chris Aniszczyk
  • Me
Also, I'm always up for making sure the ACLs are right... if it would be helpful, I can create a list of the teams, who is on them, and which repos they have access to?

Best,
Brian


On Tue, Jul 7, 2020 at 3:57 PM Tara Hernandez <tarahernandez@...> wrote:
Damn, had forgotten all about those (so, yay for me adding it to the notes against that eventuality)

:)

I don't have a list of repos per se,  this was more around a general policy question that arose out of another discussion -- do we have any kind of consistent policy or recommended best practice for our projects with regards to CLAs and should the CDF be handling that on behalf of the projects.  Put another way, is there a reason NOT to just do it everywhere?  

The second item also came up during that discussion because we realized the CDF repos were pretty locked down and nobody seemed to have admin access other than Dan (and now Brian), so getting some teams and roles in there would be lovely.

On Tue, Jul 7, 2020 at 6:07 AM Dan Lorenc <dlorenc@...> wrote:
Tara had a couple TOC agenda items for today:
  • [tara] Need a CLA or similar for ambassadors/contributors to clarify contributions from individuals vs. corps 
Tara, could you clarify which repos you'd like to get the CLA setup on? We should be able to use EasyCLA for this.
I agree here. +Brian Warner - do you have the admin permissions on github.com/cdfoundation? Would you mind adding me so I can setup teams/permissions?

Dan Lorenc


--
Tara Hernandez
Engineering Manager Google Cloud





--

Brian Warner
The Linux Foundation
+1 724 301-6171


Marky Jackson <marky.r.jackson@...>
 

If I can help in anyway, please do let me know.

{     
    "regards" : {
         "name" : “marky”,
         "phone" : "+1 (408) 464 2965”,
         "email" : “marky.r.jackson@...",
         "team" : “jackson5“,
 “role” : “software engineer"
     }
 }

On Jul 7, 2020, at 1:10 PM, Brian Warner <bwarner@...> wrote:


Dan - Yep, I can do that. You should be an owner now, I just updated it.

Tara - For CLAs, generally the governing board sets the policy for the Foundation in the IP policy (e.g., "We require Foundation projects to use this particular CLA" or "Foundation projects may use this approved CLA if they choose, or not" or "We are using inbound=outbound with the DCO"). From that point, it's just a matter of tooling. We've got that reasonably well covered on the LF side, and I can walk you through that if it would help.

As for the repos, in the github.com/cdfoundation org, the owners are:
  • Dan Lorenc (just added)
  • Kohsuke
  • Tracy Miranda
  • Jaice Singer DuMars
  • Chris Aniszczyk
  • Me
Also, I'm always up for making sure the ACLs are right... if it would be helpful, I can create a list of the teams, who is on them, and which repos they have access to?

Best,
Brian

On Tue, Jul 7, 2020 at 3:57 PM Tara Hernandez <tarahernandez@...> wrote:
Damn, had forgotten all about those (so, yay for me adding it to the notes against that eventuality)

:)

I don't have a list of repos per se,  this was more around a general policy question that arose out of another discussion -- do we have any kind of consistent policy or recommended best practice for our projects with regards to CLAs and should the CDF be handling that on behalf of the projects.  Put another way, is there a reason NOT to just do it everywhere?  

The second item also came up during that discussion because we realized the CDF repos were pretty locked down and nobody seemed to have admin access other than Dan (and now Brian), so getting some teams and roles in there would be lovely.

On Tue, Jul 7, 2020 at 6:07 AM Dan Lorenc <dlorenc@...> wrote:
Tara had a couple TOC agenda items for today:
  • [tara] Need a CLA or similar for ambassadors/contributors to clarify contributions from individuals vs. corps 
Tara, could you clarify which repos you'd like to get the CLA setup on? We should be able to use EasyCLA for this.
I agree here. +Brian Warner - do you have the admin permissions on github.com/cdfoundation? Would you mind adding me so I can setup teams/permissions?

Dan Lorenc


--
Tara Hernandez
Engineering Manager Google Cloud





--

Brian Warner
The Linux Foundation
+1 724 301-6171


Dan Lorenc <dlorenc@...>
 

Jumping back up thread:

We don't have a blanket CLA policy for the CDF - we allow projects to choose what they want. The LF has tooling in place (EasyCLA) to make it easy for projects to use a CLA if they choose (Tekton uses this for example). Jenkins X and Spinnaker on the other hand, do not use CLAs. As far as recommendations/reasons to use one or not use one - we'd need to ask LF/corporate legal teams for their recommendations.

Repo access controls are now a bit easier - thanks Brian! We could setup automation on this (check out how Tekton does this: https://github.com/tektoncd/community/tree/master/org), but it may be overkill. 

Dan Lorenc

On Tue, Jul 7, 2020 at 2:57 PM Tara Hernandez <tarahernandez@...> wrote:
Damn, had forgotten all about those (so, yay for me adding it to the notes against that eventuality)

:)

I don't have a list of repos per se,  this was more around a general policy question that arose out of another discussion -- do we have any kind of consistent policy or recommended best practice for our projects with regards to CLAs and should the CDF be handling that on behalf of the projects.  Put another way, is there a reason NOT to just do it everywhere?  

The second item also came up during that discussion because we realized the CDF repos were pretty locked down and nobody seemed to have admin access other than Dan (and now Brian), so getting some teams and roles in there would be lovely.

On Tue, Jul 7, 2020 at 6:07 AM Dan Lorenc <dlorenc@...> wrote:
Tara had a couple TOC agenda items for today:
  • [tara] Need a CLA or similar for ambassadors/contributors to clarify contributions from individuals vs. corps 
Tara, could you clarify which repos you'd like to get the CLA setup on? We should be able to use EasyCLA for this.
I agree here. +Brian Warner - do you have the admin permissions on github.com/cdfoundation? Would you mind adding me so I can setup teams/permissions?

Dan Lorenc


--
Tara Hernandez
Engineering Manager Google Cloud




Jithin Emanuel
 

Screwdriver used to have a CLA signer bot for making contributions, but we got rid of it and streamlined across all Verizon Media open source projects to have this Pull Request template. https://github.com/screwdriver-cd/.github/blob/master/PULL_REQUEST_TEMPLATE.md#license

--
Jithin


On Fri, Jul 10, 2020 at 8:28 AM Dan Lorenc via lists.cd.foundation <dlorenc=google.com@...> wrote:
Jumping back up thread:

We don't have a blanket CLA policy for the CDF - we allow projects to choose what they want. The LF has tooling in place (EasyCLA) to make it easy for projects to use a CLA if they choose (Tekton uses this for example). Jenkins X and Spinnaker on the other hand, do not use CLAs. As far as recommendations/reasons to use one or not use one - we'd need to ask LF/corporate legal teams for their recommendations.

Repo access controls are now a bit easier - thanks Brian! We could setup automation on this (check out how Tekton does this: https://github.com/tektoncd/community/tree/master/org), but it may be overkill. 

Dan Lorenc

On Tue, Jul 7, 2020 at 2:57 PM Tara Hernandez <tarahernandez@...> wrote:
Damn, had forgotten all about those (so, yay for me adding it to the notes against that eventuality)

:)

I don't have a list of repos per se,  this was more around a general policy question that arose out of another discussion -- do we have any kind of consistent policy or recommended best practice for our projects with regards to CLAs and should the CDF be handling that on behalf of the projects.  Put another way, is there a reason NOT to just do it everywhere?  

The second item also came up during that discussion because we realized the CDF repos were pretty locked down and nobody seemed to have admin access other than Dan (and now Brian), so getting some teams and roles in there would be lovely.

On Tue, Jul 7, 2020 at 6:07 AM Dan Lorenc <dlorenc@...> wrote:
Tara had a couple TOC agenda items for today:
  • [tara] Need a CLA or similar for ambassadors/contributors to clarify contributions from individuals vs. corps 
Tara, could you clarify which repos you'd like to get the CLA setup on? We should be able to use EasyCLA for this.
I agree here. +Brian Warner - do you have the admin permissions on github.com/cdfoundation? Would you mind adding me so I can setup teams/permissions?

Dan Lorenc


--
Tara Hernandez
Engineering Manager Google Cloud





--
Thanks
Jithin Emmanuel


Oleg Nenashev
 

Hi,

The Jenkins project uses Individual and Company CLAs (see this repo). This CLA is required ONLY for contributors who want to get special permissions (i.e. Jenkins core repo permissions, Security team membership, access to social media and YouTube accounts, etc.). We do not require the CLA to be signed by plugin maintainers or by common contributors.

In any case the Jenkins CLA process is subject to rework once the project assets are officially transferred to CDF. Our CLA process is also pretty tedious and time-consuming for signees and board members who process CLAs and verify that the submitted documents are correct and, in the case of Company CLAs, legit. The CLA doc is also quite obsolete, and it does not fully represent the current community processes (e.g. no reference to Jenkins code of conduct which was introduced after CLA). Switching to EasyCLA is one of the options we discussed last time, and I believe there was a consensus that we'd like to explore that in the future. According to the blogs and video recordings I watched, it is a pretty convenient tool if a project wants to enforce CLA.

Best regards,
Oleg Nenashev


On Fri, Jul 10, 2020 at 8:15 PM Jithin Emanuel <jithin1987@...> wrote:
Screwdriver used to have a CLA signer bot for making contributions, but we got rid of it and streamlined across all Verizon Media open source projects to have this Pull Request template. https://github.com/screwdriver-cd/.github/blob/master/PULL_REQUEST_TEMPLATE.md#license

--
Jithin

On Fri, Jul 10, 2020 at 8:28 AM Dan Lorenc via lists.cd.foundation <dlorenc=google.com@...> wrote:
Jumping back up thread:

We don't have a blanket CLA policy for the CDF - we allow projects to choose what they want. The LF has tooling in place (EasyCLA) to make it easy for projects to use a CLA if they choose (Tekton uses this for example). Jenkins X and Spinnaker on the other hand, do not use CLAs. As far as recommendations/reasons to use one or not use one - we'd need to ask LF/corporate legal teams for their recommendations.

Repo access controls are now a bit easier - thanks Brian! We could setup automation on this (check out how Tekton does this: https://github.com/tektoncd/community/tree/master/org), but it may be overkill. 

Dan Lorenc

On Tue, Jul 7, 2020 at 2:57 PM Tara Hernandez <tarahernandez@...> wrote:
Damn, had forgotten all about those (so, yay for me adding it to the notes against that eventuality)

:)

I don't have a list of repos per se,  this was more around a general policy question that arose out of another discussion -- do we have any kind of consistent policy or recommended best practice for our projects with regards to CLAs and should the CDF be handling that on behalf of the projects.  Put another way, is there a reason NOT to just do it everywhere?  

The second item also came up during that discussion because we realized the CDF repos were pretty locked down and nobody seemed to have admin access other than Dan (and now Brian), so getting some teams and roles in there would be lovely.

On Tue, Jul 7, 2020 at 6:07 AM Dan Lorenc <dlorenc@...> wrote:
Tara had a couple TOC agenda items for today:
  • [tara] Need a CLA or similar for ambassadors/contributors to clarify contributions from individuals vs. corps 
Tara, could you clarify which repos you'd like to get the CLA setup on? We should be able to use EasyCLA for this.
I agree here. +Brian Warner - do you have the admin permissions on github.com/cdfoundation? Would you mind adding me so I can setup teams/permissions?

Dan Lorenc


--
Tara Hernandez
Engineering Manager Google Cloud





--
Thanks
Jithin Emmanuel


 

Thanks Oleg, if you do decide to migrate the CLA platform, I'm happy to help. It's pretty straightforward on our end.

Best,
Brian



On Mon, Jul 13, 2020 at 3:20 AM Oleg Nenashev <o.v.nenashev@...> wrote:
Hi,

The Jenkins project uses Individual and Company CLAs (see this repo). This CLA is required ONLY for contributors who want to get special permissions (i.e. Jenkins core repo permissions, Security team membership, access to social media and YouTube accounts, etc.). We do not require the CLA to be signed by plugin maintainers or by common contributors.

In any case the Jenkins CLA process is subject to rework once the project assets are officially transferred to CDF. Our CLA process is also pretty tedious and time-consuming for signees and board members who process CLAs and verify that the submitted documents are correct and, in the case of Company CLAs, legit. The CLA doc is also quite obsolete, and it does not fully represent the current community processes (e.g. no reference to Jenkins code of conduct which was introduced after CLA). Switching to EasyCLA is one of the options we discussed last time, and I believe there was a consensus that we'd like to explore that in the future. According to the blogs and video recordings I watched, it is a pretty convenient tool if a project wants to enforce CLA.

Best regards,
Oleg Nenashev


On Fri, Jul 10, 2020 at 8:15 PM Jithin Emanuel <jithin1987@...> wrote:
Screwdriver used to have a CLA signer bot for making contributions, but we got rid of it and streamlined across all Verizon Media open source projects to have this Pull Request template. https://github.com/screwdriver-cd/.github/blob/master/PULL_REQUEST_TEMPLATE.md#license

--
Jithin

On Fri, Jul 10, 2020 at 8:28 AM Dan Lorenc via lists.cd.foundation <dlorenc=google.com@...> wrote:
Jumping back up thread:

We don't have a blanket CLA policy for the CDF - we allow projects to choose what they want. The LF has tooling in place (EasyCLA) to make it easy for projects to use a CLA if they choose (Tekton uses this for example). Jenkins X and Spinnaker on the other hand, do not use CLAs. As far as recommendations/reasons to use one or not use one - we'd need to ask LF/corporate legal teams for their recommendations.

Repo access controls are now a bit easier - thanks Brian! We could setup automation on this (check out how Tekton does this: https://github.com/tektoncd/community/tree/master/org), but it may be overkill. 

Dan Lorenc

On Tue, Jul 7, 2020 at 2:57 PM Tara Hernandez <tarahernandez@...> wrote:
Damn, had forgotten all about those (so, yay for me adding it to the notes against that eventuality)

:)

I don't have a list of repos per se,  this was more around a general policy question that arose out of another discussion -- do we have any kind of consistent policy or recommended best practice for our projects with regards to CLAs and should the CDF be handling that on behalf of the projects.  Put another way, is there a reason NOT to just do it everywhere?  

The second item also came up during that discussion because we realized the CDF repos were pretty locked down and nobody seemed to have admin access other than Dan (and now Brian), so getting some teams and roles in there would be lovely.

On Tue, Jul 7, 2020 at 6:07 AM Dan Lorenc <dlorenc@...> wrote:
Tara had a couple TOC agenda items for today:
  • [tara] Need a CLA or similar for ambassadors/contributors to clarify contributions from individuals vs. corps 
Tara, could you clarify which repos you'd like to get the CLA setup on? We should be able to use EasyCLA for this.
I agree here. +Brian Warner - do you have the admin permissions on github.com/cdfoundation? Would you mind adding me so I can setup teams/permissions?

Dan Lorenc


--
Tara Hernandez
Engineering Manager Google Cloud





--
Thanks
Jithin Emmanuel



--

Brian Warner
The Linux Foundation
+1 724 301-6171