Clarify and simplify contribution rules #552
Conversation
|
You should be able to see the resulted document here: https://github.com/theia-ide/theia/blob/06e933d2bea82df669c45f273752b38da4be5dc4/CONTRIBUTING.md |
There was a problem hiding this comment.
While removing the requirement to sign-off by contributors (as kind of a poor man's CLA) this change doesn't replace that aspect with anything. But it adds lots of process on other parts which I find unnecessary.
To replace the sign-off we should really go with a real CLA workflow. Using something like CLAHub or so should do.
|
|
||
| Developer's Certificate of Origin 1.1 | ||
| Committers sign-off on a pull request by explicitly stating their approval in the PR text or associated comment stream. |
There was a problem hiding this comment.
I having a committer sign-off is additional process about responsibility / code ownership, but has nothing to do with copyright. I don't think we need that.
There was a problem hiding this comment.
I having a committer sign-off is additional process about responsibility / code ownership, but has nothing to do with copyright.
I am not sure about it. Any sign-off is about copyright. If one signs other unsigned work he declares that he reviewed it and the work is developed under an open-source license to his knowledge. If he is not sure he should not sign but ask the originator.
At node.js they use a PR approval as the sign-off. The DCO does not say that github sign off should be used. The process is very simple a PR should be revied by a committer and approved to be signed.
|
|
||
| By making a contribution to this project, I certify that: | ||
| All pull requests submitted by individuals who are not committers must be signed-off on by an existing committer before the PR can be landed. The sponsoring committer becomes responsible for the PR. |
There was a problem hiding this comment.
see my comment above.
|
This post is quite interesting on that matter : https://julien.ponge.org/blog/developer-certificate-of-origin-versus-contributor-license-agreements/ |
|
Reading up on this some more, it seems like our current approach (DCO with signed-off-by) is the most lightweight one. |
If we continue to use the current approach then it should be fine, according to the case (b) of the DCO, to sign-off trivial contributions, which are obviously based on our work, with our signatures. Linux/git commiters do it like that as well: https://lkml.org/lkml/2004/5/25/126 |
|
Ok, but be aware that then you are responsible for that part. |
The changes are inspired by Node.js Foundation's contribution policy:
They use the DCO as well instead of the CLA to avoid the bureaucracy, but treat it in the wider sense, particularly the contribution sign-off.
The main change is that a contributor does not need to use git to sign-off commits, but each contribution should be signed off by an existing committer by approving a PR. If you reread the DCO you should see that the third point allows it.
So there are no requirements for contributors who are not committers and committers agree to this rules by accepting the invitation to become a committer.