Hi Matthew,

+1, I’ve seen that “signed-off” mechanism also being used in projects, that 
would be much lower weight process IMO. I like it.

Victor

From: Matthew Alton <mal...@ocf.co.uk>
Date: Monday, December 11, 2023 at 10:55 AM
To: xCAT Users Mailing list <xcat-user@lists.sourceforge.net>
Cc: VICTOR HU <v...@us.ibm.com>
Subject: [EXTERNAL] RE: [xcat-user] xCAT CLA status and questions
Hello, Thank you Samveen for your initial questions and to Victor for your 
response. We’ve just been discussing this on one of our weekly consortium calls 
today and the necessity of some form statement or agreement was a talking 
point. 
ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside your organization.
<https://us-phishalarm-ewt.proofpoint.com/EWT/v1/PjiDSg!1g-uTV4zSvlaFYv7eIGFzq9M0QW2Doio2DkGyCYsFGiTZp7ho2DXIEwEMUvng5VjoriEi2m_q078hhEZlKKjlQDDR2zKIHeMfSHxWBbpmP8i01Lji1ArqJWc0_rG6_nibx2opw$>
Report Suspicious 
<https://us-phishalarm-ewt.proofpoint.com/EWT/v1/PjiDSg!1g-uTV4zSvlaFYv7eIGFzq9M0QW2Doio2DkGyCYsFGiTZp7ho2DXIEwEMUvng5VjoriEi2m_q078hhEZlKKjlQDDR2zKIHeMfSHxWBbpmP8i01Lji1ArqJWc0_rG6_nibx2opw$>


ZjQcmQRYFpfptBannerEnd
Hello,

Thank you Samveen for your initial questions and to Victor for your response.

We’ve just been discussing this on one of our weekly consortium calls today and 
the necessity of some form statement or agreement was a talking point. The 
consortium will continue to require a contributor’s license agreement to 
ensure, as Victor highlights, the code contributed to the project is something 
owned by the project from the point of submission and no individual can revoke 
the inclusion of submitted code or bring any future legal cases against xCAT 
for the continued use of code.

“
“xCAT Community” shall mean International Business Machines Corporation and 
other users of xCAT. Accepted Contributions will be made available to the xCAT 
Community at large through sourceforge.net or other open source community.

With regards to the CLA, does the definition of xCAT community work as here, or 
will this need updating, given the new structure of management?“

This is something that will be updated in due course to reflect how the project 
will be managed when the consortium officially takes ownership of the project.

“In case the agreement is changed to update this, would the previous signers 
have to resign and send the updated CLA?”

Existing CLAs will remain with IBM and these will not be transferred to the 
consortium. Existing CLAs IBM hold will be stored securely within IBM and only 
accessible to IBM for legacy purposes should any legal issues arise with code 
added to the project prior to the consortium taking ownership. No action will 
be required by anyone who has previously signed an agreement and any existing 
agreements will not automatically enrol signers with the new management of 
xCAT. A new CLA will be required for any contributions post IBM ownership.

“Can the CLA be made implicit, instead of explicit? Should it be (i.e add a 
large disclaimer in the README, that by contributing to the project, the 
contributor is accepting the CLA and thus the "Grant of Copyright License" 
section of the CLA)?”

We, the consortium, are keen to ensure that anyone can submit code to the 
project in an open and timely manner. We are assessing a different model of CLA 
not requiring a full legal document to be signed before submitting any code and 
are looking at how Open MPI and Kernel projects CLAs are implemented. Using the 
model seen in these projects will require each commit to be explicitly “signed 
off” as a contribution as part of the commit message and this will streamline 
the entire administrative process. The mechanism expected for this will be much 
the same as other projects where the legal agreement text is visible, and 
version controlled on Github and the commit messages on individual commits or 
pull requests contains a line stating a contributor’s agreement with this.

There are many administrative and legal aspects we are discussing between 
consortium members and lawyers to ensure our opensource philosophy of the 
project does still meet the necessary legal requirements and protections of 
running such a project as xCAT. There will be other announcements from the 
consortium in due course to outline some of our progress so far and to give a 
general update of how we are progressing.

Regards,
Matt.

Matthew Alton MBCS | Research & Development Lead
[Image removed by sender.]<https://www.ocf.co.uk/>
Phone:
+44 (0)114 257 2200
Mobile:
+44 (0)7943 594 084
Address:
OCF Limited, Unit 5 Rotunda Business Centre, Thorncliffe Park, Chapeltown, 
Sheffield S35 2PG
Website:
www.ocf.co.uk<http://www.ocf.co.uk/>
[Image removed by sender. LinkedIn 
icon]<https://www.linkedin.com/company/ocf-limited/>   [Image removed by 
sender. Twitter icon] <https://twitter.com/ocf_hpc?lang=en>
[Image removed by sender.]
OCF Limited is a company registered in England and Wales.  Registered number 
4132533, VAT number GB 780 6803 14. Registered office address: OCF Limited, 5 
Rotunda Business Centre, Thorncliffe Park, Chapeltown, Sheffield, S35 2PG.
This message is private and confidential. If you have received this message in 
error, please notify us immediately and remove it from your system.

From: VICTOR HU via xCAT-user <xcat-user@lists.sourceforge.net>
Sent: Monday, December 11, 2023 1:53 PM
To: xCAT Users Mailing list <xcat-user@lists.sourceforge.net>
Cc: VICTOR HU <v...@us.ibm.com>
Subject: Re: [xcat-user] xCAT CLA status and questions

Hi Samveen

Here’s my thoughts, but others can chime in.  I understood that need for the 
CLA to ensure that contributions made from the community was “given 100% to the 
project with no strings attached”.  Once a PR is submitted, it’s owned by the 
project now.  Someone would not come back at a later time and say we stole 
their work and result in some legal issues.  But looking at other open source 
projects, CLAs seem pretty standard.  I would suggest that we look at other 
projects to get ideas on how to handle it.

When Softlayer was acquired by IBM, I took interest in their open-sourced 
Python API and and I just went back to look…  it looks like they also had a 
very similar CLA, but not sure if this is standard IBM practice. (perhaps)
https://github.com/softlayer/softlayer-python/blob/master/CONTRIBUTING.md<https://github.com/softlayer/softlayer-python/blob/master/CONTRIBUTING.md>
 which links to 
https://github.com/softlayer/softlayer-python/blob/master/docs/dev/cla-individual.md<https://github.com/softlayer/softlayer-python/blob/master/docs/dev/cla-individual.md>

but then looking at a Kubernetes project, they also have CLAs that are similar 
to what xCAT has today: 
https://github.com/kubernetes/community/blob/master/CLA.md<https://github.com/kubernetes/community/blob/master/CLA.md>

For the signed CLA’s, when I was tracking it, we would accept the CLAs, store 
them in a safe place, and then I would add the user into the “Contributors” 
group in the xcat-core repo, which is set to “read-only”.  At least this adds 
the github handle to be able to be mentioned and one way to easily know if 
someone has signed it.  It would be up to the user whether they wanted to 
accept membership or not, if not, then they would not join and we can’t @ them 
anyway.  There was probably some other internal location that I used to track…. 
 I forgot.

Looking at other projects today, I would probably have suggested creating a 
CONTRIBUTORS file in the repo and keep track of the github handle.  (but not 
sure how people feel about that)  As to where to store the CLAs, there probably 
needs to be a better way to do this moving forward that allows for the 
maintainers to have transparency and access to the CLA documents if needed.

Regards,
Victor


From: Samveen Gulati via xCAT-user 
<xcat-user@lists.sourceforge.net<mailto:xcat-user@lists.sourceforge.net>>
Date: Saturday, December 9, 2023 at 9:04 AM
To: xcat-user@lists.sourceforge.net<mailto:xcat-user@lists.sourceforge.net> 
<xcat-user@lists.sourceforge.net<mailto:xcat-user@lists.sourceforge.net>>
Cc: Samveen Gulati <samv...@yahoo.com<mailto:samv...@yahoo.com>>
Subject: [EXTERNAL] [xcat-user] xCAT CLA status and questions
Hi all, Now that the project is starting to get back to it's feet, there are a 
couple of legal aspects I'm hoping to get clarified: - As of now, all 
contributors to xCAT were required to sign the xCAT Contributors License 
Agreement (the xCAT
ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside your organization.
Report 
Suspicious<https://us-phishalarm-ewt.proofpoint.com/EWT/v1/PjiDSg!2e-g474_Ktma2mV4GKFlz6bn8z502T4QKHkZ6P9HUGmzc1sM1C5-jR5WyE7GkyvvKd2XbMTjBV5d6A5DiccY_LYEtPrU$>


ZjQcmQRYFpfptBannerEnd
Hi all,

Now that the project is starting to get back to it's feet, there are a couple 
of legal aspects I'm hoping to get clarified:
- As of now, all contributors to xCAT were required to sign the xCAT 
Contributors License Agreement  (the xCAT CLA), whether the individual version 
or the Corporate version 
(https://github.com/xcat2/xcat-core/tree/master/docs/source/developers/license<https://github.com/xcat2/xcat-core/tree/master/docs/source/developers/license>)
- Once of the terms of the license state the following:

“xCAT Community” shall mean International Business Machines Corporation and 
other users of xCAT. Accepted Contributions will be made available to the xCAT 
Community at large through sourceforge.net or other open source community.

- With regards to the CLA, does the definition of xCAT community work as here, 
or will this need updating, given the new structure of management?
- In case the agreement is changed to update this, would the previous signers 
have to resign and send the updated CLA?
- Can the CLA be made implicit, instead of explicit? Should it be (i.e add a 
large disclaimer in the README, that by contributing to the project, the 
contributor is accepting the CLA and thus the "Grant of Copyright License" 
section of the CLA)?

Jarrod, Victor and Nathan, would you also chime in on how you managed tracking 
the CLA of first-time contributors.

I ask this as there are a few PRs on Github by first-time contributors, and now 
that the project activity is picking back up, I'd rather possible legal gotchas 
don't hit the community.

Regards,
 --
Samveen S. Gulati
The best-laid schemes o' mice an 'men
                Gang aft agley,
An'lea'e us nought but grief an' pain,
                For promis'd joy!
                          -- Robert Burns
(The best laid plans of mice and men often go awry, and bring nothing but grief 
and pain of the ..)
_______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

Reply via email to