Jimmy-ahlberg
commented
11 months ago The background here being that some Organizations have chosen to delegate/not delegate with a Power of Attorney (PoA) or similar the signing of CLA's and similar documents. Thus a project, unless they have a copy of said PoA, does not really know if a CLA was properly signed or not.
To reduce risk for organizations contributing to a project, the project itself, and downstream users, having clarity on if the CLA is correctly signed or not is beneficial. For this purpose would be beneficial if a contact point within the organization existed, or if an organization has communicated that it uses this specification the project and downstream recipients can trust that any CLA has been properly signed. Thus reducing IP risks and frictions to contributors, projects, and downstream users.
From Item 4 here: https://github.com/OpenChain-Project/Contribution-Process-Specification/issues/2
Should we include a requirement that a process exists to check and get necessary signatures for CLA's? If so it should also be documented and communicated to the program participants.