Native CLA support

[ndarville]

It is probably unlikely to to a serious FOSS project without a Contributor License Agreements these days, and as such, it should probably come natively with GitHub.

Furthermore, native support would make signing a CLA much easier, since people only contribute via their GitHub user account; using a CLA user database that maps to GitHub accounts is much easier than having people sign a huge form with phone number, address, etc.—if that information is needed, it could just be exposed via an oAuth-like permission system.

[rlidwka]

It is probably unlikely to to a serious FOSS project without a Contributor License Agreements these days

Show me CLA for Linux kernel please.

Furthermore, native support would make signing a CLA much easier

I wouldn't want any single project to require my phone number in order to submit a pull request. If you provide such tooling, that's what is going to happen. CLA needs to die, just like web trackers and other privacy invaders out there.

[samrocketman]

👍 @rlidwka

[jantman]

My company is working on on open sourcing a bunch of our stuff, and our legal department is going to require us to have contributors sign CLAs. The solution we came up with is:

Put the CLA language in a file in the repo. Contributing instructions ask the contributor to append their name to the bottom of the CLA file and commit it with something like "I agree to this CLA" as the commit message. When a PR comes in, we'll have a CI job that ensures the user opening the PR has made a change to the CLA file. Done. The only "database" needed is git history itself.

[samrocketman]

Another unfortunate reality of CLAs is they help protect you from things you invent outside your company when you're working on FOSS. I have a CLA for my important projects because if anybody from work wants to contribute I have the company sign a corporate CLA. This helps protect me from my own company attempting to take control of the project by contributing patches and then wanting to claim ownership. I wish the world was rosy and full of good common sense people but instead it's full of greedy, sue happy people. I'd rather protect the openness of my project because simply posting the GPL isn't enough any more.