[OpenStack Foundation] Follow up on Future of CLA and DCO
Mark McLoughlin
markmc at redhat.com
Thu Jul 30 08:55:36 UTC 2015
On Thu, 2015-06-18 at 14:22 -0400, Sean Dague wrote:
> Posting here about -
> http://lists.openstack.org/pipermail/foundation-board/2015-June/000080.html
> because that's a board only post list.
>
> As the next board meeting is only a month away, I just wanted to
> reiterate what I believe was said in the meeting, hopefully to be really
> crisp about what's being asked for.
>
> The Board has currently been going through the process of working out a
> way that for people covered by a corporate CLA, they would not need to
> sign an ICLA, which would simply their entry in the community. This
> would cover over 90% of current contributors to OpenStack.
>
> The suggestion was made that with such large coverage of the community,
> the Board would then feel comfortable that individuals, contributing as
> individuals, not under a corporate CLA, would be able to contribute
> under a DCO model. I believe this was called the "Johnathan Plan", and
> presented by Monty.
>
> The TC representatives in the room (which was nearly all of us)
> *strongly* desire that end state. The TC has previously formally passed
> a formal resolution prefering the DCO over the CLA -
> https://github.com/openstack/governance/blob/master/resolutions/20140909-cla.rst.
> And would be happy to reaffirm that if there is any doubt that it
> remains the current view of the TC.
>
> The TC would like to see this "plan of record" voted on and approved by
> the board:
>
> Step 1: Remove the need for the ICLA by people contributing on behalf of
> an entity that has signed the corporate CLA.
> Step 2: Remove the need for the ICLA by individuals not contributing
> under a CLA, because they are contributing on their own behalf (and
> instead accept their contributions under a DCO).
>
> It's ok that Step 1 happens before Step 2 for implementation reasons,
> but we really want the go Board stamp that Step 2 is approved to happen.
> And that sounded like it needed a formal, roll call vote.
>
> If anyone remembers things differently, please respond. This has been a
> matter of great interest by many of the TC members, me included, for
> quite a while, and it seemed like we got very close to a real plan at
> the last joint meeting, and don't want to loose that progress.
Mark Radcliffe responded here:
http://lists.openstack.org/pipermail/foundation/2015-July/002030.html
Sorry for the delay in responding. You are correct that under the
Bylaws, the Board has the responsibility for determining how
contributions are made to the OpenStack project. At the Board
meeting in Vancouver, the Board discussed ways to deal with the
concerns raised about the contributor license agreement process. As
you noted, contributions made on behalf of corporations are made
under the Corporate Contribution License Agreement ("CCLA") but all
individuals whether making contributions on behalf of corporations
or themselves, sign the Individual Contribution License Agreement
("ICLA"). During the Board/TC session, we also discussed whether
the project can move from requiring all contributors to execute the
ICLA and provide that individuals who contribute on behalf of
themselves can use the Developer's Certificate of Origin ("DCO")
instead of the ICLA. I believe that the general view of the Board
is that this approach should be adopted, but the change needs to
formally approved by the Board. The issue is on the agenda for the
next Board meeting on July 28, 2015.
However, the Foundation is not waiting for formal Board approval of
the ICLA issue to implement the significant technical changes
required for the agreed-upon CLA process improvements. We will
summarize those changes below. With regard to the CCLA process, the
Foundation needs to automate the CCLA process to ensure (1) that
all companies whose employees are contributing code/documentation
have executed the CCLA and (2) that each company's contributing
employees are appropriately associated with their employer. By
identifying the individuals who are contributing under the CCLA, the
Foundation can identify contributions made by individuals on their
own behalf and implement the DCO process for such contributions In
addition, the bug tracking system needs to be migrated from
Launchpad before migrating Gerrit to openstackid. The Gerrit system
is maintained by the Infra team and the majority of those resources
are not on the Foundation staff. We understand that the necessary
changes should be in place prior to the Mikata release process.
Here are the action items and their status or proposed dates of
completion for this implementation:
1. The Foundation staff has completed the openstackid CCLA tracking
dashboard including developer affiliations.
2. July 28: Approval of CCLA DCO approach
3. Prior to Mitaka release process
a. Foundation staff and Infra team will complete migration of Gerrit
to openstackid;
b. Foundation staff confirms that signed CCLAs are captured by the
system and that openstackid implements the CCLA tracking dashboard;
and
c. Once confirmed, the system will be implemented fully
As a result of a Legal Affairs Committee meeting last week (where, as
usual, there was a restricted attendance, and no published agenda or
minutes) there has been a significant change in tone around the
question of replacing the ICLA with the DCO.
The new issues raised were quite vague and confusing so I asked for a
summary to be sent here. However, let me try and summarize my
understanding, and others can correct me if I got anything wrong:
* Apparently not all corporate members feel their legal
representation was adequately involved in this process to date. I
understand we're specifically talking about IBM here, but the
concern is that other member companies may feel similarly. The
plan is to have a further meeting where (unlike with the Legal
Affairs Committee) counsel from all member companies will be
invited.
(I asked whether attendance needed to be limited to lawyers; it
was felt that a "full and frank" discussion would only happen if
attendance was so limited. There was some talk about a subsequent
follow-on public meeting)
* "Changes to the compliance landscape" was mentioned, and further
elaborated as referring to the very recent coming to light of
potentially/allegedly bad faith GPL enforcement behavior.
* There was a brief mention to contributions from academia, I think
in relation to concerns about patent grant coverage with ALv2+DCO
versus ICLA.
* A mention of "further information needed from the community about
the concerns with the ICLA", but I think that was later retracted.
Hope that helps,
Mark.
More information about the Foundation
mailing list