Hi all, The Jenkins trademark is now transferred to the CDF, and Software in Public Interest has officially removed the Jenkins project from its listing of the projects. It means that the transition is [almost] over.
One remaining thing is Contributor and Company License agreements. We use this CLA process only for contributors with advanced permissions (like Jenkins core merge, access to the infrastructure, security team membership, etc.). Our current process (https://github.com/jenkinsci/infra-cla) is quite tedious, and it would be great to replace it by EasyCLA provided by the Linux Foundation: https://easycla.lfx.linuxfoundation.org/#/ . It would allow to automate signing and storage of the contributor license agreements, and it would be a big relief for the Jenkins Governance Board. I propose to: 1. Move the CLA process to https://easycla.lfx.linuxfoundation.org/#/ 2. Update individual and company CLAs to use "Linux Foundation" instead of CLA. For example, Tekton CLAs <https://github.com/cdfoundation/cla/tree/master/projects/tekton> are equal to the Jenkins ones except the header. We could follow the same approach if the LF/CDF Legal team does not have specific requirements. 3. File the new process as a JEP which would deprecate the current process. Open questions for a discussion: - Do we want current CLA signees (individuals and companies) to re-sign the CLAs on EasyCLA? I am not a lawyer, but I suspect the answer would be "yes". There is only a limited number of contributors who would need to resign that. I believe this is doable, and it is also a good opportunity to revise permissions of inactive contributors. - Do we want to have a separate CLA for sensitive areas like Jenkins Security Team membership? The current CLA is focused only on granting license/patent to protect the project, but there is no Non-disclosure statements which might be important for unreleased security fixes - Do we want to change the policy and to require all contributors to sign CLA? It might be reasonable for the Jenkins core components, with assumption that we have an easy process and bots assisting with verification. I am not a huge fan of that, but this is how many projects operate. Any feedback would be appreciated! Best regards, Oleg Nenashev -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/052ac23d-f3f9-4b60-8e34-945bc282e51en%40googlegroups.com.
