[ALL] Ask for CLA before merging pending GitHub pull requests

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[ALL] Ask for CLA before merging pending GitHub pull requests

Bruno P. Kinoshita
Hello,

There is a pending pull request at GitHub to the incubator [text] component that I would like to merge. Before doing so, could someone confirm whether I have to check if the user has already signed a CLA [1], and if not, ask him/her to sign it, please?
IIRC, when users submit patches via JIRA it displays an option to donate the code submitted via patch to ASF. If signing CLA's is a requirement for GitHub pull requests, maybe we could ping @infra and check with them if we could use clabot [2] for that?

Thanks!Bruno

[1] https://people.apache.org/committer-index.html#unlistedclas[2] https://github.com/clabot/clabot
 
Reply | Threaded
Open this post in threaded view
|

Re: [ALL] Ask for CLA before merging pending GitHub pull requests

Mark Thomas
On 19/03/2015 17:32, Bruno P. Kinoshita wrote:
> Hello,
>
> There is a pending pull request at GitHub to the incubator [text]
> component that I would like to merge. Before doing so, could someone
> confirm whether I have to check if the user has already signed a CLA
> [1], and if not, ask him/her to sign it, please?

Warning: Personal pet peeve ahead. Apologies in advance for the shouting :)

No, no, no, no, NO!

CLAs are NEVER *required* for the ASF to use patch. Section 5 of the
Apache License V2 gives us all the legal permissions we *need* to use a
patch, assuming the conditions of that section are met. There is the
question of what is an intentional submission but it is safe to assume -
unless the author states otherwise - that something submitted via Jira
or a pull request is an intentional submission.

There is a view among many projects that for 'large' contributions is is
prudent to have a CLA on file. I do not share that view. The only folks
we *require* CLAs from are committers.

> IIRC, when users
> submit patches via JIRA it displays an option to donate the code
> submitted via patch to ASF.

We removed that option years ago because it served no purpose (and it
was a PITA to maintain the custom plug-in that implemented it). Again,
section 5 of the ALv2 gives us all the cover we need.

Bugzilla (which pre-dates Jira) has never had such an option.

> If signing CLA's is a requirement for
> GitHub pull requests, maybe we could ping @infra and check with them
> if we could use clabot [2] for that?

No need. Just review the pull request and - if it is acceptable - merge it.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [ALL] Ask for CLA before merging pending GitHub pull requests

Bruno P. Kinoshita
Hi Mark,
Thanks a lot for clarifying! :)
All the best,Bruno
 

      From: Mark Thomas <[hidden email]>
 To: Commons Developers List <[hidden email]>
 Sent: Thursday, March 19, 2015 5:39 PM
 Subject: Re: [ALL] Ask for CLA before merging pending GitHub pull requests
   
On 19/03/2015 17:32, Bruno P. Kinoshita wrote:
> Hello,
>
> There is a pending pull request at GitHub to the incubator [text]
> component that I would like to merge. Before doing so, could someone
> confirm whether I have to check if the user has already signed a CLA
> [1], and if not, ask him/her to sign it, please?

Warning: Personal pet peeve ahead. Apologies in advance for the shouting :)

No, no, no, no, NO!

CLAs are NEVER *required* for the ASF to use patch. Section 5 of the
Apache License V2 gives us all the legal permissions we *need* to use a
patch, assuming the conditions of that section are met. There is the
question of what is an intentional submission but it is safe to assume -
unless the author states otherwise - that something submitted via Jira
or a pull request is an intentional submission.

There is a view among many projects that for 'large' contributions is is
prudent to have a CLA on file. I do not share that view. The only folks
we *require* CLAs from are committers.

> IIRC, when users
> submit patches via JIRA it displays an option to donate the code
> submitted via patch to ASF.

We removed that option years ago because it served no purpose (and it
was a PITA to maintain the custom plug-in that implemented it). Again,
section 5 of the ALv2 gives us all the cover we need.

Bugzilla (which pre-dates Jira) has never had such an option.



> If signing CLA's is a requirement for
> GitHub pull requests, maybe we could ping @infra and check with them
> if we could use clabot [2] for that?

No need. Just review the pull request and - if it is acceptable - merge it.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]



   
 
Reply | Threaded
Open this post in threaded view
|

Re: [ALL] Ask for CLA before merging pending GitHub pull requests

Stian Soiland-Reyes
In reply to this post by Mark Thomas
Right, just keep in mind:

For contributions, you as the committer would be responsible for the
content being IP clean, not the pull request submitter.

How do you do this from a larger contribution (e.g. 3 new classes) from a
github user known only as "msTentactle"?

If she has signed the CLA, then she is responsible instead, as it includes:

> 4. You represent that you are legally entitled to grant the above license.

Note that this also applies to the committer that does the merge from
non-CLA contribs.

For patches that probably is not even copyrightable or unlikely to be say
copy-pasted from Oracle code, then no need for a CLA.
On 19 Mar 2015 20:39, "Mark Thomas" <[hidden email]> wrote:

> On 19/03/2015 17:32, Bruno P. Kinoshita wrote:
> > Hello,
> >
> > There is a pending pull request at GitHub to the incubator [text]
> > component that I would like to merge. Before doing so, could someone
> > confirm whether I have to check if the user has already signed a CLA
> > [1], and if not, ask him/her to sign it, please?
>
> Warning: Personal pet peeve ahead. Apologies in advance for the shouting :)
>
> No, no, no, no, NO!
>
> CLAs are NEVER *required* for the ASF to use patch. Section 5 of the
> Apache License V2 gives us all the legal permissions we *need* to use a
> patch, assuming the conditions of that section are met. There is the
> question of what is an intentional submission but it is safe to assume -
> unless the author states otherwise - that something submitted via Jira
> or a pull request is an intentional submission.
>
> There is a view among many projects that for 'large' contributions is is
> prudent to have a CLA on file. I do not share that view. The only folks
> we *require* CLAs from are committers.
>
> > IIRC, when users
> > submit patches via JIRA it displays an option to donate the code
> > submitted via patch to ASF.
>
> We removed that option years ago because it served no purpose (and it
> was a PITA to maintain the custom plug-in that implemented it). Again,
> section 5 of the ALv2 gives us all the cover we need.
>
> Bugzilla (which pre-dates Jira) has never had such an option.
>
> > If signing CLA's is a requirement for
> > GitHub pull requests, maybe we could ping @infra and check with them
> > if we could use clabot [2] for that?
>
> No need. Just review the pull request and - if it is acceptable - merge it.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>