On 3/23/21 2:54 PM, Oleg Nenashev wrote: >> I don’t think that we should go this way. Kohsuke always tried to keep > the barrier for contributions very low and I think we should continue > this way. I think that we would not have so many plugins (or PRs for > plugins) if we make the contribution process more complex > > I would prefer to avoid setting extra boundaries as well. At the same > time, it makes sense to review the current model with the LF legal team. > Right now we indeed avoid the contribution obstacles, but effectively > common code contributors and plugin maintainers do not sign CLA. It may > cause some legal loopholes, especially in the terms of the patent right > which is not covered by the MIT License used in Jenkins. Not that I > expect any real issues with that, but maybe there is a way to be on the > safe side with minimum impact on contributors.
I'm not legal council for LF, but since I do work with several of the projects at LF I can give you some perspective. That being said, talking with legal is still a good idea! There's one hard and fast thing that I can recommend and that's to require DCO (Signed-off-by) on all changes coming in. If the DCO Probot is not setup on the GitHub org, it should be and enabled as a required check on all repositories. That's the lowest bar that legal is going to tell you that you really need to do. After that, CLAs are a thing that some of our projects use and others don't. Those that don't, just stick with DCO. Since you already have CLAs in play on some repos, legal is likely to push for you to go all out and make it a blanket thing. That being said, EasyCLA can be configured to only be required on some repos and not all, so that really is going to come down to what you as a project want. -Andy- -- Andrew J Grimberg Manager Release Engineering The Linux Foundation -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/3824c8de-c2f8-ed85-641c-54b27b538939%40linuxfoundation.org.
OpenPGP_0x3360FFB703A9DA1F_and_old_rev.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
