-
Notifications
You must be signed in to change notification settings - Fork 162
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clarify whether it is a requirement to use either CLA or DCO at OpenJS Foundation #778
Comments
There is a requirement to use either a CLA or DCO and it is documented here: https://github.com/openjs-foundation/cross-project-council/blob/main/IP_POLICY_GUIDANCE.md#4-adopting-the-dco-or-a-cla |
Isn't a DCO implicit by use of github itself? |
IANAL but IIRC no. I would not recommend relying on that. |
No, though that's a common point of confusion. "Using the DCO" is a specific process not covered or duplicated by the GitHub Terms of Service. |
What contributor action is required for a DCO? or is there a way the presence of a file in the repo/phrase in CONTRIBUTING.md could be sufficient? |
OK. I see there is a link on the checklist to the IP polic. Because of the words used for the link, I assumed the link was just going to tell me what a CLA and DCO were (which I already know), so didn't consider it might be a link to a policy. It looks like multiple people, who are very involved, are unclear on absolute requirements. When I read the IP policy, it says "Except as may be approved by the Board ... new code contributions to any Project shall be made under the Project Code License accompanied by a Developers Certificate of Origin". My reading is, the default MUST be DCO, and may be CLA if approved by the board. Regardless, and maybe as an aside which warrants its own issue, given the list on the project progression document is "informal", I still don't know where I find the formal list of requirements / progression. |
That is a correct reading. What's important to understand and which the IP policy doesn't say is that the Board has pre-approved a CLA, as mentioned in the IP Policy Guidance document that you linked to (emphasis mine):
I welcome any way of making this clearer which doesn't imply changing the IP Policy itself, as that would require a huge amount of work and social capital to get approved. |
To be clear, it is marked as informational not informal, so there isn't really the implication of a formal list existing somewhere. My reading is that the informational aspect is there to outline the fact that the CPC makes the decision at the end and that in and of itself completing the list isn't necessarily sufficient to get approval. For example, there might be additional, project-specific requirements. I again welcome suggestions as to how to improve the language, here. And to be clear, @Relequestual, I feel for you. I went through the process a while back and it is relatively complex. I've done my best to clarify a number of issues I bumped into, but there will always be more work. :) |
The final discussion was that we'll keep this open. If/when there is some other update to the IP policy then we'll bring up clarifying this point. In the mean time, the guidance doc is pretty clear: https://github.com/openjs-foundation/cross-project-council/blob/main/IP_POLICY_GUIDANCE.md#4-adopting-the-dco-or-a-cla |
Good call. I think I got mixed up somewhere there.
That's helpful. Thanks.
Given I raised an issue with the language here, if you can, assign the issue to me, and I'll reflect and come back with a PR.
Oh sure, nothing is perfect. At least the lines of communication are open! =] |
OK. I'll see if there's any suggestion I can make to improve the phrasing to make it clear for "spec author mindset". |
The project progression document says that adopting a CLA or DCO is one of the required steps, however according to nodejs/TSC#1053 (comment) this is not actually a requirement.
Re-reading the "Onboarding Checklist", it says it is an informational list. It's not clear to me if all items in the list are required or not.
Is there a non-informational list which is used by admin? Is there a list which makes absolute requirements clear?
I'm always in favour of clear communication, and I'm not sure of the implications of the above linked comment. I assumed the onboarding checklist was a list of absolute requirements.
Raised after response on slack server. (See thread: https://openjs-foundation.slack.com/archives/C01C80BCK9B/p1626690102062000)
@ljharb @joesepi
The text was updated successfully, but these errors were encountered: