[OpenStack Foundation] Follow up on Future of CLA and DCO

Mark McLoughlin markmc at redhat.com
Thu Jul 30 08:55:36 UTC 2015

On Thu, 2015-06-18 at 14:22 -0400, Sean Dague wrote:
> Posting here about -
> http://lists.openstack.org/pipermail/foundation-board/2015-June/000080.html
> because that's a board only post list.
> As the next board meeting is only a month away, I just wanted to
> reiterate what I believe was said in the meeting, hopefully to be really
> crisp about what's being asked for.
> The Board has currently been going through the process of working out a
> way that for people covered by a corporate CLA, they would not need to
> sign an ICLA, which would simply their entry in the community. This
> would cover over 90% of current contributors to OpenStack.
> The suggestion was made that with such large coverage of the community,
> the Board would then feel comfortable that individuals, contributing as
> individuals, not under a corporate CLA, would be able to contribute
> under a DCO model. I believe this was called the "Johnathan Plan", and
> presented by Monty.
> The TC representatives in the room (which was nearly all of us)
> *strongly* desire that end state. The TC has previously formally passed
> a formal resolution prefering the DCO over the CLA -
> https://github.com/openstack/governance/blob/master/resolutions/20140909-cla.rst.
> And would be happy to reaffirm that if there is any doubt that it
> remains the current view of the TC.
> The TC would like to see this "plan of record" voted on and approved by
> the board:
> Step 1: Remove the need for the ICLA by people contributing on behalf of
> an entity that has signed the corporate CLA.
> Step 2: Remove the need for the ICLA by individuals not contributing
> under a CLA, because they are contributing on their own behalf (and
> instead accept their contributions under a DCO).
> It's ok that Step 1 happens before Step 2 for implementation reasons,
> but we really want the go Board stamp that Step 2 is approved to happen.
> And that sounded like it needed a formal, roll call vote.
> If anyone remembers things differently, please respond. This has been a
> matter of great interest by many of the TC members, me included, for
> quite a while, and it seemed like we got very close to a real plan at
> the last joint meeting, and don't want to loose that progress.

Mark Radcliffe responded here:


  Sorry for the delay in responding.  You are correct that under the 
  Bylaws, the Board has the responsibility for determining how 
  contributions are made to the OpenStack project.  At the Board 
  meeting in Vancouver, the Board discussed ways to deal with the 
  concerns raised about the contributor license agreement process.  As 
  you noted, contributions made on behalf of corporations are made 
  under the Corporate Contribution License Agreement ("CCLA") but all 
  individuals whether making contributions on behalf of corporations 
  or themselves, sign the Individual Contribution License Agreement 
  ("ICLA").  During the  Board/TC session, we also discussed whether 
  the project can move from  requiring all contributors to execute the 
  ICLA and provide that  individuals who contribute on behalf of 
  themselves can use the Developer's  Certificate of Origin ("DCO") 
  instead of the ICLA.  I believe that the general view of the Board 
  is that this approach should be adopted, but the change needs to 
  formally approved by the Board. The issue is on the agenda for the 
  next Board meeting on July 28, 2015.

  However, the Foundation is not waiting for formal Board approval of 
  the ICLA issue to implement the significant technical changes 
  required for the agreed-upon CLA process improvements. We will 
  summarize those changes below. With regard to the CCLA process, the 
  Foundation needs to automate the CCLA  process to ensure (1) that
  all companies whose employees are  contributing code/documentation 
  have executed the CCLA and (2) that  each company's contributing 
  employees are appropriately associated  with their employer.  By 
  identifying the individuals who are contributing under the CCLA, the 
  Foundation can identify contributions made by individuals on their 
  own behalf and implement the DCO process for such contributions  In 
  addition, the bug tracking system needs to be migrated from 
  Launchpad before migrating Gerrit to openstackid. The Gerrit system 
  is maintained by the Infra team and the majority of those resources 
  are not on the Foundation staff. We understand that the necessary 
  changes should be in place prior to the Mikata release process.

  Here are the action items and their status or proposed dates of 
  completion for this implementation:
  1. The Foundation staff has completed the openstackid CCLA tracking 
  dashboard including developer affiliations.
  2. July 28: Approval of CCLA DCO approach
  3. Prior to Mitaka release process
  a. Foundation staff and Infra team will complete migration of Gerrit 
  to openstackid;
  b. Foundation staff confirms that signed CCLAs are captured by the 
  system and that openstackid implements the CCLA tracking dashboard; 
  c. Once confirmed, the system will be implemented fully

As a result of a Legal Affairs Committee meeting last week (where, as
usual, there was a restricted attendance, and no published agenda or
minutes) there has been a significant change in tone around the
question of replacing the ICLA with the DCO.

The new issues raised were quite vague and confusing so I asked for a
summary to be sent here. However, let me try and summarize my
understanding, and others can correct me if I got anything wrong:

  * Apparently not all corporate members feel their legal 
    representation was adequately involved in this process to date. I 
    understand we're specifically talking about IBM here, but the 
    concern is that other member companies may feel similarly. The
    plan is to have a further meeting where (unlike with the Legal 
    Affairs Committee) counsel from all member companies will be 

    (I asked whether attendance needed to be limited to lawyers; it 
    was felt that a "full and frank" discussion would only happen if
    attendance was so limited. There was some talk about a subsequent
    follow-on public meeting)

  * "Changes to the compliance landscape" was mentioned, and further
    elaborated as referring to the very recent coming to light of
    potentially/allegedly bad faith GPL enforcement behavior.

  * There was a brief mention to contributions from academia, I think
    in relation to concerns about patent grant coverage with ALv2+DCO 
    versus ICLA.

  * A mention of "further information needed from the community about
    the concerns with the ICLA", but I think that was later retracted.

Hope that helps,

More information about the Foundation mailing list