Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clarify whether it is a requirement to use either CLA or DCO at OpenJS Foundation #778

Open
Relequestual opened this issue Jul 20, 2021 · 11 comments
Labels
waiting-on-pull-request There's agreement as to what needs to happen, now someone has to do it.

Comments

@Relequestual
Copy link
Contributor

The project progression document says that adopting a CLA or DCO is one of the required steps, however according to nodejs/TSC#1053 (comment) this is not actually a requirement.
Re-reading the "Onboarding Checklist", it says it is an informational list. It's not clear to me if all items in the list are required or not.

Is there a non-informational list which is used by admin? Is there a list which makes absolute requirements clear?

I'm always in favour of clear communication, and I'm not sure of the implications of the above linked comment. I assumed the onboarding checklist was a list of absolute requirements.

Raised after response on slack server. (See thread: https://openjs-foundation.slack.com/archives/C01C80BCK9B/p1626690102062000)

@ljharb @joesepi

@joesepi joesepi changed the title Clarify Clarify whether it is a requirement to use either CLA or DCO at OpenJS Foundation Jul 20, 2021
@mhdawson
Copy link
Member

There is a requirement to use either a CLA or DCO and it is documented here: https://github.com/openjs-foundation/cross-project-council/blob/main/IP_POLICY_GUIDANCE.md#4-adopting-the-dco-or-a-cla

@ljharb
Copy link
Member

ljharb commented Jul 20, 2021

Isn't a DCO implicit by use of github itself?

@bnb
Copy link
Member

bnb commented Jul 20, 2021

Isn't a DCO implicit by use of github itself?

IANAL but IIRC no. I would not recommend relying on that.

@brianwarner
Copy link
Contributor

brianwarner commented Jul 20, 2021

No, though that's a common point of confusion.

"Using the DCO" is a specific process not covered or duplicated by the GitHub Terms of Service.

@ljharb
Copy link
Member

ljharb commented Jul 20, 2021

What contributor action is required for a DCO? or is there a way the presence of a file in the repo/phrase in CONTRIBUTING.md could be sufficient?

@Relequestual
Copy link
Contributor Author

There is a requirement to use either a CLA or DCO and it is documented here: https://github.com/openjs-foundation/cross-project-council/blob/main/IP_POLICY_GUIDANCE.md#4-adopting-the-dco-or-a-cla

OK. I see there is a link on the checklist to the IP polic. Because of the words used for the link, I assumed the link was just going to tell me what a CLA and DCO were (which I already know), so didn't consider it might be a link to a policy.

It looks like multiple people, who are very involved, are unclear on absolute requirements.

When I read the IP policy, it says "Except as may be approved by the Board ... new code contributions to any Project shall be made under the Project Code License accompanied by a Developers Certificate of Origin".

My reading is, the default MUST be DCO, and may be CLA if approved by the board.


Regardless, and maybe as an aside which warrants its own issue, given the list on the project progression document is "informal", I still don't know where I find the formal list of requirements / progression.
Does such a thing exist? Or is it an amalgamation of various policy documents?

@tobie
Copy link
Contributor

tobie commented Jul 21, 2021

When I read the IP policy, it says "Except as may be approved by the Board ... new code contributions to any Project shall be made under the Project Code License accompanied by a Developers Certificate of Origin".

My reading is, the default MUST be DCO, and may be CLA if approved by the board.

That is a correct reading. What's important to understand and which the IP policy doesn't say is that the Board has pre-approved a CLA, as mentioned in the IP Policy Guidance document that you linked to (emphasis mine):

The Board has pre-approved an individual CLA and a corporate CLA. Projects can choose to adopt either the individual CLA by itself or both the individual CLA and the corporate CLA without any further review.

I welcome any way of making this clearer which doesn't imply changing the IP Policy itself, as that would require a huge amount of work and social capital to get approved.

@tobie
Copy link
Contributor

tobie commented Jul 21, 2021

Regardless, and maybe as an aside which warrants its own issue, given the list on the project progression document is "informal", I still don't know where I find the formal list of requirements / progression.
Does such a thing exist? Or is it an amalgamation of various policy documents?

To be clear, it is marked as informational not informal, so there isn't really the implication of a formal list existing somewhere.

My reading is that the informational aspect is there to outline the fact that the CPC makes the decision at the end and that in and of itself completing the list isn't necessarily sufficient to get approval. For example, there might be additional, project-specific requirements.

I again welcome suggestions as to how to improve the language, here.

And to be clear, @Relequestual, I feel for you. I went through the process a while back and it is relatively complex. I've done my best to clarify a number of issues I bumped into, but there will always be more work. :)

@mhdawson
Copy link
Member

mhdawson commented Aug 3, 2021

The final discussion was that we'll keep this open. If/when there is some other update to the IP policy then we'll bring up clarifying this point. In the mean time, the guidance doc is pretty clear: https://github.com/openjs-foundation/cross-project-council/blob/main/IP_POLICY_GUIDANCE.md#4-adopting-the-dco-or-a-cla

@Relequestual
Copy link
Contributor Author

To be clear, it is marked as informational not informal, so there isn't really the implication of a formal list existing somewhere. - @tobie

Good call. I think I got mixed up somewhere there.
I think I'm SO used to having to think in terms of "normative" and "informative", that I assume normative must always exist before informative, and that "informational" means informative.

My reading is that the informational aspect is there to outline the fact that the CPC makes the decision at the end and that in and of itself completing the list isn't necessarily sufficient to get approval. For example, there might be additional, project-specific requirements.

That's helpful. Thanks.

I again welcome suggestions as to how to improve the language, here.

Given I raised an issue with the language here, if you can, assign the issue to me, and I'll reflect and come back with a PR.

And to be clear, @Relequestual, I feel for you. I went through the process a while back and it is relatively complex. I've done my best to clarify a number of issues I bumped into, but there will always be more work. :)

Oh sure, nothing is perfect. At least the lines of communication are open! =]

@Relequestual
Copy link
Contributor Author

The final discussion was that we'll keep this open. If/when there is some other update to the IP policy then we'll bring up clarifying this point. In the mean time, the guidance doc is pretty clear: https://github.com/openjs-foundation/cross-project-council/blob/main/IP_POLICY_GUIDANCE.md#4-adopting-the-dco-or-a-cla - @mhdawson

OK. I'll see if there's any suggestion I can make to improve the phrasing to make it clear for "spec author mindset".
I have no expected timeline. Happy for it to be closed as a result of someone elses PR.

@tobie tobie added the waiting-on-pull-request There's agreement as to what needs to happen, now someone has to do it. label Nov 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
waiting-on-pull-request There's agreement as to what needs to happen, now someone has to do it.
Projects
None yet
Development

No branches or pull requests

6 participants