Find an easy way to accept contributions

[akosyakov]

It should present the Certificate of Origin and have a Sign here, and keep a db of email -> signed that we can control and export.

[akosyakov]

After reading up on the CLA, it seems to me that it is worse than the DCO. With the DCO we have only technical issues with sign-offs, the CLA brings in legal barriers, e.g. from here:

In an effort to make it easier for users to contribute to Node.js the project has decided to lift the requirement of signing the CLA before contributions are eligible for integration. Having to sign the CLA could at times be a stumbling block for a contribution. It could involve a long conversation with your legal department to ultimately contribute typo corrections.

Node.js solves the sign-off issue with distinguishing between contributors and collaborators. Basically, a contributor is anybody who can open a PR, a collaborator is one who reviews, sign-offs and merges PRs: https://nodejs.org/en/get-involved/development/#landing-pull-requests. There are no special requirements to a contributor's commits like it should be signed off, the burden is put on the collaborator, e.g. nodejs/node@b811464. If a contributor wants to become a collaborator he should learn how to sign off commits for sure. Actually, after landing a nontrivial PR, a contributor automatically becomes a collaborator and gets the write access to the Node.js repo.

With this PR one of us could review it, rebase with sign off and merge. It sounds like the very easy way to get new contributions in and grows contributors base.

[akosyakov]

I did a bit more research and found out that GitHub has the default contribution agreement for all users:

Whenever you make a contribution to a repository containing notice of a license, you license your contribution under the same terms, and you agree that you have the right to license your contribution under those terms.

This default does not work for us though because we override it with the DCO:

If you have a separate agreement to license your contributions under different terms, such as a contributor license agreement, that agreement will supersede.

@svenefftinge @marcdumais Maybe we just should drop the DCO and stick to the GitHub default agreement?

GitHub Terms of Service: https://help.github.com/articles/github-terms-of-service/#6-contributions-under-repository-license.
A recommendation from here: https://opensource.guide/legal/#does-my-project-need-an-additional-contributor-agreement

[svenefftinge]

Great finding, thank you! Sounds like that's by far the best option.

[marcdumais-work]

Let me check on our side if this looks acceptable and get back to you.

[epatpol]

We just require PRs to have signed-off commits now so maybe this issue can be closed?

[marcdumais-work]

This might be moot in any case - when we move to the Eclipse Foundation, they have their own standards about how to accept contributions.

[vince-fugnitto]

This might be moot in any case - when we move to the Eclipse Foundation, they have their own standards about how to accept contributions.