-
Notifications
You must be signed in to change notification settings - Fork 232
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove the usage google CLA choose between CNCF easyCLA vs DCO #90
Comments
DCO! |
@duglin I find DCO to be even more frustrating to use. |
I've contributed to envoy - it's just a matter of adding a
|
I'm aware of a few issues with the Google CLA bot. I believe we've been working with the team that owns the tool to see if we can improve the issue for multiple owners. The good thing is that we can work around the tool as necessary. If there's more feedback we can take to the team to improve how the bot works on a project like this, I'd love to capture that feedback and share it. With the structure of the project, the Google CLA is still required to be signed by all contributors or their organizations, which means we're not at the liberty to remove the Google CLA bot. |
Can you elaborate? Are you saying the SC can’t change this if they wanted?
…Sent from my iPad
On Feb 11, 2020, at 6:00 PM, Ryan Gregg ***@***.***> wrote:
I'm aware of a few issues with the Google CLA bot. I believe we've been working with the team that owns the tool to see if we can improve the issue for multiple owners. The good thing is that we can work around the tool as necessary. If there's more feedback we can take to the team to improve how the bot works on a project like this, I'd love to capture that feedback and share it.
With the structure of the project, the Google CLA is still required to be signed by all contributors or their organizations, which means we're not at the liberty to remove the Google CLA bot.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
Yes, with Google's ownership of the project and needing contributors to grant a license of the intellectual property, we need the Google contributor license agreement to be signed by all contributors. Creating our own Knative CLA bot to enforce a Knative-specific CLA would not be something that the steering committee can decide directly. I'd like to better understand the impact of the CLA bot not functioning well in this scenario is causing to the overall productivity for the project, since that appears to be what this issue is about. If there are concerns with the contents or requirements of the Google CLA, I'm also interested in hearing those concerns, but I think that's a separate issue from what was raised here (although the two were conflated in the original post). We always want to do the right thing for the community -- so I do want to make sure we understand the issue clearly. |
While not a blocker for IBM, I do know that having a company specific CLA on an open source project does raise some eyebrows during our internal reviews. And I have heard from other companies that they've run into similar concerns and even roadblocks over it. This falls into the category of "bad optics" when trying to convince people that this really is an open-source project and not just a Google project that allows other people to participate. This also is related to a question that I believe has been asked before... what exactly does the SC have control over? Most of the conversations have been around Google wanting to retain trademark enforcement, and now we have this. It begs the question... what other areas of control does Google have that people might assume are community/SC owned? I still question why we can't just use DCOs? Even with "Google's ownership of the project" (which is an interesting phrase unto itself), a DCO should be allowable and help remove some barriers for people. |
The only folks who can work around it are from Google. Which leads to a lot of "haallllp I need a googler..." |
Couple interesting articles that came up on a recent twitter thread:
Firecracker seems to use inbound=outbound (from the second article) |
Quoting the first article:
|
I don't understand why the CLA bot won't even rescan for non-Googlers 🙄 |
Bot issues aside; I believe everyone on the thread is covered by a corporate CLA already. Information on the Google CLA and the reasoning is here: https://opensource.google/docs/cla/policy/ |
That's a good point; I'll ask the team about it and see what we could potentially do to make that process easier. Has there been any success with closing and reopening PRs and force a rescan? That works in other orgs with other bots; curious if it would work here. |
There's some work in redoing the robot to make it less cumbersome. @thisisnotapril to follow up with the team on rough timelines, etc. |
@thisisnotapril do you happen to have any updates on this issue? |
Current ETA for the new bot is end of Q2 |
What's fixed in the new CLA bot? |
Just a quick update on this from yesterdays SC meeting. @thisisnotapril said the target for the new CLA bot is Nov 1st. It will make multi-author / cp much easier. |
Did the new bot get deployed? @thisisnotapril |
Today (2022-03-03) during the Steering Meeting we discussed switching over to the DCO. As part of the CNCF onboarding, we need to decide on which one we are using. Steering is leaning towards using DCO for a few reasons. Here's main reasons for switching to DCO:
|
It's exciting to see progress on this front and moving towards a better solution here! |
Here is how I see the scope of choice here:
This got me thinking about how to model the choices here. Ack that as an issue that we know was present with the Google CLA. Do we know of specific examples where potential contributors are prevented from signing the CNCF CLA? I am not attempting to express skepticism that some folks may be in that situation, but I would be willing to bet that CNCF CLA is lower friction than one specific to a particular company. I also wonder what the relative frequency of cases where potential contributors may be prevented from using a DCO is. Do we have any idea? I think these are the buckets of people to quantify:
Are those the right buckets? I think we should be framing our choice around the relative quantities of these different buckets. Thoughts? |
Only a single data point, but I for one have not. I do contribute to and maintain CNCF projects that use DCO. I have signed the Google CLA as an individual contributor, however.
I believe that the CLA / DCO requirement applies to each project. I could be mistaken, but as I understand it, there is not a blanket CLA for all CNCF projects. So there is no scenario where users have zero friction. In any case, the requirements in cncf/sandbox#218 say that each project in the
But I'm not sure there really is anyone who fits that last bucket. Using DCO is just adding a signature at the bottom of each commit, declaring yourself as the author, e.g.
If we can also eliminate the group of those who cannot use DCO as a bucket, then we end up with
Meaning there simply are more people who can use DCO vs CLA (if you accept all of my statements above, anyway). But the biggest bucket doesn't really mean it's the right answer, if using the DCO is considered to be too much friction. The DCO requires action on every commit, whereas the CLA is once and done. I personally don't have very strong feelings, but I use DCO for CloudEvents and |
I believe there is one and only one. Let’s find out for sure. |
The mechanical steps are one thing, whether your organization permits you to do that is another. The permission dimension is the one I was referring to. Does that make sense? |
If this is the case, then it does reduce friction, IMO. |
There is also this: https://easycla.lfx.linuxfoundation.org/ |
I wrote
Scott wrote
It looks like EasyCLA will allow us to have one CLA covering all repos, based on my reading of this.
This is not the same as a blanket CNCF CLA (I am skeptical about that even being a thing), but it is "once and done" for ALL Knative repos, which is appealing. |
Related to [INCUBATING PROJECT ONBOARDING] Knative cncf/sandbox#218 |
I asked in the CNCF Slack
|
Unless something else comes up, we're going to finalize the switch to EasyCLA next Thursday: 2022-03-31. Speak up if you have grave concerns or additions to the great discussion of pros/cons above. |
Are we still moving forward with the switch to EasyCLA? Looks like the Google CLA is still in place here. |
Yes, that was the decision. |
Who is on point for the switch? Wondering what we need to do next. |
@csantanapr is driving it here: |
I've got it now per #952 (comment) I have a couple of open tickets - one with the Linux Foundation and one with CNCF, to get access to the EasyCLA dashboard/portal before I can set it all up for Knative. |
@hh ^ |
The @googlebot CLA handling is broken for multi-authors and github suggestion acceptance.
We should make a Knative CLA that does not use the Google CLA so we can allow for correct handling of multi-contributors.
see knative/pkg#1066 for the typical broken interactions with @googlebot CLA.
The text was updated successfully, but these errors were encountered: