Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clarify + standardize contributing requirements across repos #17

Closed
annabellegoth2boss opened this issue Jun 9, 2021 · 3 comments
Closed

Comments

@annabellegoth2boss
Copy link

There doesn't appear to be standard contributing requirements across OSSF projects (ie do we use an LF CLA? Should projects set up EasyCLA? Do we use DCO?)

There's lots of good info about setting up environments to contribute, but could use some boilerplate about contributing that's consistent across the OSSF.

@justaugustus
Copy link
Member

From ossf/scorecard#1553:

I've left a few reviews/comments here and there on PRs and it's worth reviewing contribution guidelines, just to ensure everyone has the tools they need to effectively contribute to the project.

To be clear, we've got a lot of great documentation today. Let's see if we can get even better!

Eventually, this could be abstracted as general guidance for all OpenSSF projects, similar to https://github.com/kubernetes/community.

For current and potential contributors/maintainers, please feel free to leave comments about what kind of doc improvements you'd like to see.

* [ ]  Contributor ladder: [community: Is there a contributor ladder? #1529](https://github.com/ossf/scorecard/issues/1529)

* [ ]  Contributor review guidance: [Reviewer/maintainer guidance/expectations #1552](https://github.com/ossf/scorecard/issues/1552)

* [ ]  Code signoffs: [Determine whether code sign-offs should be required/enforced #1533](https://github.com/ossf/scorecard/issues/1533)

* [ ]  Handling copyright dates: [Handling dates in copyright headers #1534](https://github.com/ossf/scorecard/issues/1534)

cc: @azeemshaikh38 @inferno-chromium @justaugustus @laurentsimon @naveensrinivasan @olivekl @david-a-wheeler @jeffmendoza @vmbrasseur

@annabellegoth2boss
Copy link
Author

  • @jorydotcom if there's items above that overlap with things you're working on

@david-a-wheeler
Copy link
Contributor

david-a-wheeler commented Jul 11, 2022

The OpenSSF Charter says projects should be using DCOs.

It does not require CLAs or copyright assignments. We (the LF) have tools if you really want to manage CLAs. However, I recommend against them in general. CLAs greatly increase risk of project failure due to lack of contributions.

I think the simpler approach is to add DCO enforcement to the automated pull requests. Then it's easily enforced. We already do this on the best practices badge (which is an OpenSSF project).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants