[RFC] switching from Contributor License Agreement to Developer Certificate of Origin for contirubition

[sangjinhan]

TL;DR - Shall we move to Signed-off-by:, instead of signing a CLA? Please share your thoughts on it.

At the moment BESS requires all contributors to sign up the CLA for their PRs to get merged. We also know that it has been a barrier because of the bureaucracy it may impose, especially for developers working for a for-profit company.

Because of this issue, I am considering to switch to DCO, which is used for many projects, including Linux kernel and DPDK. There have been many articles about CLA vs DCO you can read on:

• https://opensource.com/article/18/3/cla-vs-dco-whats-difference
• https://about.gitlab.com/blog/2017/11/01/gitlab-switches-to-dco-license/
• https://julien.ponge.org/blog/developer-certificate-of-origin-versus-contributor-license-agreements/

Please let me know what you think about this. Does this make your life easier? Any strong objection?

[nrdmao]

Sounds good to me. I am sure we would have been able to upstream a lot more stuff if this was the original contribution agreement.

I hope that there will also be some permissiveness associated with commits in the sense that user A should be able to contribute commits generated from 'git am' that were originally added to the local repository by user B. In other words one user from a company should be able to upstream commits that are actually attributed to some other user in the company. Else, everyone in the company needs to have a git hub account and such. I think it is good that the commit be attributed to the person who actually contributed it rather than the person who happened to upstreamed the patch.

On Tue, Dec 10, 2019 at 3:52 PM Sangjin Han notifications@github.com wrote:

TL;DR - Shall we move to Signed-off-by:, instead of signing a CLA. Please share your thoughts on it.

At the moment BESS requires all contributors to sign up the CLA https://www.clahub.com/agreements/NetSys/bess for their PRs to get merged. We also know that it has been a barrier because of the bureaucracy it may impose, especially for developers working for a for-profit company.

Because of this issue, I am considering to switch to DCO https://developercertificate.org/, which is used for many projects, including Linux kernel and DPDK. There have been many articles about CLA vs DCO you can read on:

• https://opensource.com/article/18/3/cla-vs-dco-whats-difference

• https://about.gitlab.com/blog/2017/11/01/gitlab-switches-to-dco-license/

• https://julien.ponge.org/blog/developer-certificate-of-origin-versus-contributor-license-agreements/

Please let me know what you think about this. Does this make your life easier? Any strong objection?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/NetSys/bess/issues/951?email_source=notifications&email_token=AFRAPLQ3QCQP2IVX2ON2QIDQYATVVA5CNFSM4JZGPYY2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4H7TUJ6A, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFRAPLTO3XCHCF35M5FR72DQYATVVANCNFSM4JZGPYYQ .