I reviewed the lists in https://github.com/jenkinsci/infra-cla , and it looks like we will need about 25 individuals and 2 companies to resign their CLAs. Maybe more if we count former maintainers who still have permissions but no longer active. Anyway, with EasyCLA automation it won't be a problem to handle this migration.
Best regards,. Oleg On Tuesday, March 23, 2021 at 10:43:25 AM UTC+1 Xiaojie Zhao wrote: > +1 from to support moving CLA process to EasyCLA > > It’s not necessary to let all contributors across all the projects to > adapt this process. But it’s necessary for Jenkins core and some important > projects. > > Best, > Rick > > > > On 03/23/2021 17:23,Oleg Nenashev<[email protected]> wrote: > > Hi all, > > The Jenkins trademark is now transferred to the CDF, and Software in > Public Interest has officially removed the Jenkins project from its listing > of the projects. It means that the transition is [almost] over. > > One remaining thing is Contributor and Company License agreements. We use > this CLA process only for contributors with advanced permissions (like > Jenkins core merge, access to the infrastructure, security team membership, > etc.). Our current process (https://github.com/jenkinsci/infra-cla) is > quite tedious, and it would be great to replace it by EasyCLA provided by > the Linux Foundation: https://easycla.lfx.linuxfoundation.org/#/ . It > would allow to automate signing and storage of the contributor license > agreements, and it would be a big relief for the Jenkins Governance Board. > > I propose to: > > 1. Move the CLA process to https://easycla.lfx.linuxfoundation.org/#/ > 2. Update individual and company CLAs to use "Linux Foundation" > instead of CLA. For example, Tekton CLAs > <https://github.com/cdfoundation/cla/tree/master/projects/tekton> are > equal to the Jenkins ones except the header. We could follow the same > approach if the LF/CDF Legal team does not have specific requirements. > 3. File the new process as a JEP which would deprecate the current > process. > > Open questions for a discussion: > > - Do we want current CLA signees (individuals and companies) to > re-sign the CLAs on EasyCLA? I am not a lawyer, but I suspect the answer > would be "yes". There is only a limited number of contributors who would > need to resign that. I believe this is doable, and it is also a good > opportunity to revise permissions of inactive contributors. > - Do we want to have a separate CLA for sensitive areas like Jenkins > Security Team membership? The current CLA is focused only on granting > license/patent to protect the project, but there is no Non-disclosure > statements which might be important for unreleased security fixes > - Do we want to change the policy and to require all contributors to > sign CLA? It might be reasonable for the Jenkins core components, with > assumption that we have an easy process and bots assisting with > verification. I am not a huge fan of that, but this is how many projects > operate. > > Any feedback would be appreciated! > > Best regards, > Oleg Nenashev > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/052ac23d-f3f9-4b60-8e34-945bc282e51en%40googlegroups.com > > <https://groups.google.com/d/msgid/jenkinsci-dev/052ac23d-f3f9-4b60-8e34-945bc282e51en%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/1e3e0782-fd1d-4fc4-9dc2-827c0c5db6b0n%40googlegroups.com.
