New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add DCO 1.1; remove reference to CLA #3609
Conversation
cc @mochajs/core since this is kind of Important |
This should affect new PRs going forward. If the CLA is already signed, I don't want to require the DCO as well. Contributors of existing PRs are welcome to sign off on their commits, of course, but we should not require this. |
Signed-off-by: Christopher Hiller <boneskull@boneskull.com>
Mind if i ask why you think its less painful? |
I've found people are usually much more squeamish about CLAs--I'm one of those people, in fact. Here are some reasons:
My feeling is that CLAs are loved more by legal counsel for companies that tend to get sued over IP. Google is very pro-CLA, for example. The JSF's CLA is rather light as these things go--it's little more than the DCO + some stuff about how you abide by each project's license. That being said, if others aren't sold on the idea, and feel signing off on commits is worse, we can just keep the CLA. If undecided, I encourage you to use your favorite search engine to read about CLAs vs DCOs. I'll disable the DCO bot for now, probably shouldn't have left it on! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CLA is not painful for me, but I sometimes saw a case of that developers use multiple emails for a PR and they had a trouble to fix them for CLA.
I'm already using DCO for a while.
Should we remove CLA check when we merge this PR? |
@outsideris that's the idea, yeah. still would appreciate more input esp. from @plroebuck and @Munter. |
So if someone commits something that would have been illegal, under CLA they'd have been responsible. Under DCO, who is? Can both of them be used without conflict? I prefer CLA scheme we already have myself, but don't care excessively either way. |
Who is ultimately responsible is an open question, as there's no legal precedent yet (to my knowledge).
Let's keep in mind that the people who would find CLAs to be an impediment to contributing are likely not seeing this PR. I do see the benefits of a CLA if you've already signed it. That said, I don't want to flip-flop back and forth. Maybe it'd be workable to allow for both? I'll follow up on that with JSF legal. |
Closing to keep our review queue small. The current CLA system works and nobody from OpenJS has yelled at us to change it. 🙂 |
We're able to ditch the CLA (yay!) for a DCO, which (IMO) is a lot less painful for developers to deal with.
I've already configured probot/dco to handle the checks; once this is ready, it will be a requirement to merge any PR across the org.
The most straightforward way I've found to signoff automatically is just to create an alias, e.g.,
git config alias.ci 'commit -s'
, then usegit ci
to commit.Often you can configure GUIs such as SourceTree to do this automatically, as well.