> I don’t think that we should go this way. Kohsuke always tried to keep the barrier for contributions very low and I think we should continue this way. I think that we would not have so many plugins (or PRs for plugins) if we make the contribution process more complex
I would prefer to avoid setting extra boundaries as well. At the same time, it makes sense to review the current model with the LF legal team. Right now we indeed avoid the contribution obstacles, but effectively common code contributors and plugin maintainers do not sign CLA. It may cause some legal loopholes, especially in the terms of the patent right which is not covered by the MIT License used in Jenkins. Not that I expect any real issues with that, but maybe there is a way to be on the safe side with minimum impact on contributors. On Tue, Mar 23, 2021 at 10:29 PM Ullrich Hafner <[email protected]> wrote: > > > Am 23.03.2021 um 10:23 schrieb Oleg Nenashev <[email protected]>: > > Hi all, > > The Jenkins trademark is now transferred to the CDF, and Software in > Public Interest has officially removed the Jenkins project from its listing > of the projects. It means that the transition is [almost] over. > > One remaining thing is Contributor and Company License agreements. We use > this CLA process only for contributors with advanced permissions (like > Jenkins core merge, access to the infrastructure, security team membership, > etc.). Our current process (https://github.com/jenkinsci/infra-cla) is > quite tedious, and it would be great to replace it by EasyCLA provided by > the Linux Foundation: https://easycla.lfx.linuxfoundation.org/#/ . It > would allow to automate signing and storage of the contributor license > agreements, and it would be a big relief for the Jenkins Governance Board. > > I propose to: > > 1. Move the CLA process to https://easycla.lfx.linuxfoundation.org/#/ > 2. Update individual and company CLAs to use "Linux Foundation" > instead of CLA. For example, Tekton CLAs > <https://github.com/cdfoundation/cla/tree/master/projects/tekton> are > equal to the Jenkins ones except the header. We could follow the same > approach if the LF/CDF Legal team does not have specific requirements. > 3. File the new process as a JEP which would deprecate the current > process. > > +1 > > Open questions for a discussion: > > - Do we want current CLA signees (individuals and companies) to > re-sign the CLAs on EasyCLA? I am not a lawyer, but I suspect the answer > would be "yes". There is only a limited number of contributors who would > need to resign that. I believe this is doable, and it is also a good > opportunity to revise permissions of inactive contributors. > > I think that makes sense and should be not a complicated process for the > small number of people. > > > - Do we want to have a separate CLA for sensitive areas like Jenkins > Security Team membership? The current CLA is focused only on granting > license/patent to protect the project, but there is no Non-disclosure > statements which might be important for unreleased security fixes > - Do we want to change the policy and to require all contributors to > sign CLA? It might be reasonable for the Jenkins core components, with > assumption that we have an easy process and bots assisting with > verification. I am not a huge fan of that, but this is how many projects > operate. > > I don’t think that we should go this way. Kohsuke always tried to keep the > barrier for contributions very low and I think we should continue this way. > I think that we would not have so many plugins (or PRs for plugins) if we > make the contribution process more complex. > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Jenkins Developers" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/jenkinsci-dev/MMCTtaJZ7z0/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/BED89653-649A-4259-9589-2184B4D62A40%40gmail.com > <https://groups.google.com/d/msgid/jenkinsci-dev/BED89653-649A-4259-9589-2184B4D62A40%40gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPfivLCK9c0igJwHgxsiB5wGheM1jE8RdwtBs%2BS%3DS_uSbQ-%2BOw%40mail.gmail.com.
