Hi Matthew, +1, I’ve seen that “signed-off” mechanism also being used in projects, that would be much lower weight process IMO. I like it.
Victor From: Matthew Alton <mal...@ocf.co.uk> Date: Monday, December 11, 2023 at 10:55 AM To: xCAT Users Mailing list <xcat-user@lists.sourceforge.net> Cc: VICTOR HU <v...@us.ibm.com> Subject: [EXTERNAL] RE: [xcat-user] xCAT CLA status and questions Hello, Thank you Samveen for your initial questions and to Victor for your response. We’ve just been discussing this on one of our weekly consortium calls today and the necessity of some form statement or agreement was a talking point. ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization. <https://us-phishalarm-ewt.proofpoint.com/EWT/v1/PjiDSg!1g-uTV4zSvlaFYv7eIGFzq9M0QW2Doio2DkGyCYsFGiTZp7ho2DXIEwEMUvng5VjoriEi2m_q078hhEZlKKjlQDDR2zKIHeMfSHxWBbpmP8i01Lji1ArqJWc0_rG6_nibx2opw$> Report Suspicious <https://us-phishalarm-ewt.proofpoint.com/EWT/v1/PjiDSg!1g-uTV4zSvlaFYv7eIGFzq9M0QW2Doio2DkGyCYsFGiTZp7ho2DXIEwEMUvng5VjoriEi2m_q078hhEZlKKjlQDDR2zKIHeMfSHxWBbpmP8i01Lji1ArqJWc0_rG6_nibx2opw$> ZjQcmQRYFpfptBannerEnd Hello, Thank you Samveen for your initial questions and to Victor for your response. We’ve just been discussing this on one of our weekly consortium calls today and the necessity of some form statement or agreement was a talking point. The consortium will continue to require a contributor’s license agreement to ensure, as Victor highlights, the code contributed to the project is something owned by the project from the point of submission and no individual can revoke the inclusion of submitted code or bring any future legal cases against xCAT for the continued use of code. “ “xCAT Community” shall mean International Business Machines Corporation and other users of xCAT. Accepted Contributions will be made available to the xCAT Community at large through sourceforge.net or other open source community. With regards to the CLA, does the definition of xCAT community work as here, or will this need updating, given the new structure of management?“ This is something that will be updated in due course to reflect how the project will be managed when the consortium officially takes ownership of the project. “In case the agreement is changed to update this, would the previous signers have to resign and send the updated CLA?” Existing CLAs will remain with IBM and these will not be transferred to the consortium. Existing CLAs IBM hold will be stored securely within IBM and only accessible to IBM for legacy purposes should any legal issues arise with code added to the project prior to the consortium taking ownership. No action will be required by anyone who has previously signed an agreement and any existing agreements will not automatically enrol signers with the new management of xCAT. A new CLA will be required for any contributions post IBM ownership. “Can the CLA be made implicit, instead of explicit? Should it be (i.e add a large disclaimer in the README, that by contributing to the project, the contributor is accepting the CLA and thus the "Grant of Copyright License" section of the CLA)?” We, the consortium, are keen to ensure that anyone can submit code to the project in an open and timely manner. We are assessing a different model of CLA not requiring a full legal document to be signed before submitting any code and are looking at how Open MPI and Kernel projects CLAs are implemented. Using the model seen in these projects will require each commit to be explicitly “signed off” as a contribution as part of the commit message and this will streamline the entire administrative process. The mechanism expected for this will be much the same as other projects where the legal agreement text is visible, and version controlled on Github and the commit messages on individual commits or pull requests contains a line stating a contributor’s agreement with this. There are many administrative and legal aspects we are discussing between consortium members and lawyers to ensure our opensource philosophy of the project does still meet the necessary legal requirements and protections of running such a project as xCAT. There will be other announcements from the consortium in due course to outline some of our progress so far and to give a general update of how we are progressing. Regards, Matt. Matthew Alton MBCS | Research & Development Lead [Image removed by sender.]<https://www.ocf.co.uk/> Phone: +44 (0)114 257 2200 Mobile: +44 (0)7943 594 084 Address: OCF Limited, Unit 5 Rotunda Business Centre, Thorncliffe Park, Chapeltown, Sheffield S35 2PG Website: www.ocf.co.uk<http://www.ocf.co.uk/> [Image removed by sender. LinkedIn icon]<https://www.linkedin.com/company/ocf-limited/> [Image removed by sender. Twitter icon] <https://twitter.com/ocf_hpc?lang=en> [Image removed by sender.] OCF Limited is a company registered in England and Wales. Registered number 4132533, VAT number GB 780 6803 14. Registered office address: OCF Limited, 5 Rotunda Business Centre, Thorncliffe Park, Chapeltown, Sheffield, S35 2PG. This message is private and confidential. If you have received this message in error, please notify us immediately and remove it from your system. From: VICTOR HU via xCAT-user <xcat-user@lists.sourceforge.net> Sent: Monday, December 11, 2023 1:53 PM To: xCAT Users Mailing list <xcat-user@lists.sourceforge.net> Cc: VICTOR HU <v...@us.ibm.com> Subject: Re: [xcat-user] xCAT CLA status and questions Hi Samveen Here’s my thoughts, but others can chime in. I understood that need for the CLA to ensure that contributions made from the community was “given 100% to the project with no strings attached”. Once a PR is submitted, it’s owned by the project now. Someone would not come back at a later time and say we stole their work and result in some legal issues. But looking at other open source projects, CLAs seem pretty standard. I would suggest that we look at other projects to get ideas on how to handle it. When Softlayer was acquired by IBM, I took interest in their open-sourced Python API and and I just went back to look… it looks like they also had a very similar CLA, but not sure if this is standard IBM practice. (perhaps) https://github.com/softlayer/softlayer-python/blob/master/CONTRIBUTING.md<https://github.com/softlayer/softlayer-python/blob/master/CONTRIBUTING.md> which links to https://github.com/softlayer/softlayer-python/blob/master/docs/dev/cla-individual.md<https://github.com/softlayer/softlayer-python/blob/master/docs/dev/cla-individual.md> but then looking at a Kubernetes project, they also have CLAs that are similar to what xCAT has today: https://github.com/kubernetes/community/blob/master/CLA.md<https://github.com/kubernetes/community/blob/master/CLA.md> For the signed CLA’s, when I was tracking it, we would accept the CLAs, store them in a safe place, and then I would add the user into the “Contributors” group in the xcat-core repo, which is set to “read-only”. At least this adds the github handle to be able to be mentioned and one way to easily know if someone has signed it. It would be up to the user whether they wanted to accept membership or not, if not, then they would not join and we can’t @ them anyway. There was probably some other internal location that I used to track…. I forgot. Looking at other projects today, I would probably have suggested creating a CONTRIBUTORS file in the repo and keep track of the github handle. (but not sure how people feel about that) As to where to store the CLAs, there probably needs to be a better way to do this moving forward that allows for the maintainers to have transparency and access to the CLA documents if needed. Regards, Victor From: Samveen Gulati via xCAT-user <xcat-user@lists.sourceforge.net<mailto:xcat-user@lists.sourceforge.net>> Date: Saturday, December 9, 2023 at 9:04 AM To: xcat-user@lists.sourceforge.net<mailto:xcat-user@lists.sourceforge.net> <xcat-user@lists.sourceforge.net<mailto:xcat-user@lists.sourceforge.net>> Cc: Samveen Gulati <samv...@yahoo.com<mailto:samv...@yahoo.com>> Subject: [EXTERNAL] [xcat-user] xCAT CLA status and questions Hi all, Now that the project is starting to get back to it's feet, there are a couple of legal aspects I'm hoping to get clarified: - As of now, all contributors to xCAT were required to sign the xCAT Contributors License Agreement (the xCAT ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization. Report Suspicious<https://us-phishalarm-ewt.proofpoint.com/EWT/v1/PjiDSg!2e-g474_Ktma2mV4GKFlz6bn8z502T4QKHkZ6P9HUGmzc1sM1C5-jR5WyE7GkyvvKd2XbMTjBV5d6A5DiccY_LYEtPrU$> ZjQcmQRYFpfptBannerEnd Hi all, Now that the project is starting to get back to it's feet, there are a couple of legal aspects I'm hoping to get clarified: - As of now, all contributors to xCAT were required to sign the xCAT Contributors License Agreement (the xCAT CLA), whether the individual version or the Corporate version (https://github.com/xcat2/xcat-core/tree/master/docs/source/developers/license<https://github.com/xcat2/xcat-core/tree/master/docs/source/developers/license>) - Once of the terms of the license state the following: “xCAT Community” shall mean International Business Machines Corporation and other users of xCAT. Accepted Contributions will be made available to the xCAT Community at large through sourceforge.net or other open source community. - With regards to the CLA, does the definition of xCAT community work as here, or will this need updating, given the new structure of management? - In case the agreement is changed to update this, would the previous signers have to resign and send the updated CLA? - Can the CLA be made implicit, instead of explicit? Should it be (i.e add a large disclaimer in the README, that by contributing to the project, the contributor is accepting the CLA and thus the "Grant of Copyright License" section of the CLA)? Jarrod, Victor and Nathan, would you also chime in on how you managed tracking the CLA of first-time contributors. I ask this as there are a few PRs on Github by first-time contributors, and now that the project activity is picking back up, I'd rather possible legal gotchas don't hit the community. Regards, -- Samveen S. Gulati The best-laid schemes o' mice an 'men Gang aft agley, An'lea'e us nought but grief an' pain, For promis'd joy! -- Robert Burns (The best laid plans of mice and men often go awry, and bring nothing but grief and pain of the ..)
_______________________________________________ xCAT-user mailing list xCAT-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xcat-user