Hi Samveen Here’s my thoughts, but others can chime in. I understood that need for the CLA to ensure that contributions made from the community was “given 100% to the project with no strings attached”. Once a PR is submitted, it’s owned by the project now. Someone would not come back at a later time and say we stole their work and result in some legal issues. But looking at other open source projects, CLAs seem pretty standard. I would suggest that we look at other projects to get ideas on how to handle it.
When Softlayer was acquired by IBM, I took interest in their open-sourced Python API and and I just went back to look… it looks like they also had a very similar CLA, but not sure if this is standard IBM practice. (perhaps) https://github.com/softlayer/softlayer-python/blob/master/CONTRIBUTING.md which links to https://github.com/softlayer/softlayer-python/blob/master/docs/dev/cla-individual.md but then looking at a Kubernetes project, they also have CLAs that are similar to what xCAT has today: https://github.com/kubernetes/community/blob/master/CLA.md For the signed CLA’s, when I was tracking it, we would accept the CLAs, store them in a safe place, and then I would add the user into the “Contributors” group in the xcat-core repo, which is set to “read-only”. At least this adds the github handle to be able to be mentioned and one way to easily know if someone has signed it. It would be up to the user whether they wanted to accept membership or not, if not, then they would not join and we can’t @ them anyway. There was probably some other internal location that I used to track…. I forgot. Looking at other projects today, I would probably have suggested creating a CONTRIBUTORS file in the repo and keep track of the github handle. (but not sure how people feel about that) As to where to store the CLAs, there probably needs to be a better way to do this moving forward that allows for the maintainers to have transparency and access to the CLA documents if needed. Regards, Victor From: Samveen Gulati via xCAT-user <xcat-user@lists.sourceforge.net> Date: Saturday, December 9, 2023 at 9:04 AM To: xcat-user@lists.sourceforge.net <xcat-user@lists.sourceforge.net> Cc: Samveen Gulati <samv...@yahoo.com> Subject: [EXTERNAL] [xcat-user] xCAT CLA status and questions Hi all, Now that the project is starting to get back to it's feet, there are a couple of legal aspects I'm hoping to get clarified: - As of now, all contributors to xCAT were required to sign the xCAT Contributors License Agreement (the xCAT ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization. <https://us-phishalarm-ewt.proofpoint.com/EWT/v1/PjiDSg!2e-g474_Ktma2mV4GKFlz6bn8z502T4QKHkZ6P9HUGmzc1sM1C5-jR5WyE7GkyvvKd2XbMTjBV5d6A5DiccY_LYEtPrU$> Report Suspicious <https://us-phishalarm-ewt.proofpoint.com/EWT/v1/PjiDSg!2e-g474_Ktma2mV4GKFlz6bn8z502T4QKHkZ6P9HUGmzc1sM1C5-jR5WyE7GkyvvKd2XbMTjBV5d6A5DiccY_LYEtPrU$> ZjQcmQRYFpfptBannerEnd Hi all, Now that the project is starting to get back to it's feet, there are a couple of legal aspects I'm hoping to get clarified: - As of now, all contributors to xCAT were required to sign the xCAT Contributors License Agreement (the xCAT CLA), whether the individual version or the Corporate version (https://github.com/xcat2/xcat-core/tree/master/docs/source/developers/license<https://github.com/xcat2/xcat-core/tree/master/docs/source/developers/license>) - Once of the terms of the license state the following: “xCAT Community” shall mean International Business Machines Corporation and other users of xCAT. Accepted Contributions will be made available to the xCAT Community at large through sourceforge.net or other open source community. - With regards to the CLA, does the definition of xCAT community work as here, or will this need updating, given the new structure of management? - In case the agreement is changed to update this, would the previous signers have to resign and send the updated CLA? - Can the CLA be made implicit, instead of explicit? Should it be (i.e add a large disclaimer in the README, that by contributing to the project, the contributor is accepting the CLA and thus the "Grant of Copyright License" section of the CLA)? Jarrod, Victor and Nathan, would you also chime in on how you managed tracking the CLA of first-time contributors. I ask this as there are a few PRs on Github by first-time contributors, and now that the project activity is picking back up, I'd rather possible legal gotchas don't hit the community. Regards, -- Samveen S. Gulati The best-laid schemes o' mice an 'men Gang aft agley, An'lea'e us nought but grief an' pain, For promis'd joy! -- Robert Burns (The best laid plans of mice and men often go awry, and bring nothing but grief and pain of the ..)
_______________________________________________ xCAT-user mailing list xCAT-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xcat-user