Introduce a CLA or a DCO

[ttoine]

In order to improve the maturity of its intellectual property, the PrestaShop project needs to know well the authors of its code.

The best way is to ask code authors to sign a CLA, or to accept the terms of a DCO. (It means also signing commits, and other stuff like that)

Let's study what is the most appropriate, and list what are advantages and flaws of both. And then take a decision with the community.

[sam-pires]

Hello My 2 cents on the topic as we are implementing it at Strapi:

• We are using https://cla-assistant.io/ from SAP (OS)
• We had to create a CLA for individual contributors and one for corporate contributors. If a contributor is part of a company, we need her/him to ask her/his company to sign the corporate one as well to avoid disputes over code property. The legislation is not well defined on the topic, we followed what Facebook and other major tech companies do, so it works a bit like a standard regarding this topic

Here is a couple of resources: https://ubuntu.com/legal/contributors/agreement https://www.apache.org/licenses/icla.pdf https://opensource.google/docs/cla/#sign https://docs.gitlab.com/ee/legal/individual_contributor_license_agreement.html

[matks]

@sam-pires Thanks for the infos!

What one the item we are afraid about for this topic is that it would be considered as an hindrance by some contributors and it would reduce the number of contributions. It's just a thought, we have no data to say whether it's something to be wary of or not. Do you have feedback about that ?

[sam-pires]

We are still implementing it so I can't tell you the impact yet, but for sure I'll let you know when I have some data.

I guess if it is well explained and if the CLA signature is easy to do that should not have an impact. Contributors to React/Facebook and VScode/Microsoft have to sign a CLA, and there are still hundreds/thousands of them. I feel like it is mostly about explaining what is a CLA and why we require signing it 🙂

[matks]

I guess if it is well explained and if the CLA signature is easy to do that should not have an impact. Contributors to React/Facebook and VScode/Microsoft have to sign a CLA, and there are still hundreds/thousands of them.

There are multiple profiles of contributors 😄 I dont think we have the same contributors profile as React/Facebook, VScode/Microsoft, Linux kernel or Magento. Even between language communities (PHP devs, JS devs, Python devs, Ruby devs) there are differences in culture, mindset, skillsets, usages.

[ttoine]

CLA assistant has been studied as an option, but it is not really an independent project, and the terms of use are not acceptable because SAP can use the data collected by the app. Currently the plan is to manage that directly on contributors.prestashop.com.

The way to simplify the process, is to add a check in GitHub: when someone submit a PR, it checks if the author is a known contributor already. If not, a button is displayed and the author has to do his paperwork. (note that it's possible to do that with cla assistant, and that is why we studied this option)

While it might have an impact on the kind of contributor you usually dislike (let say, the guy throwing some poor quality code will not spend time to check a CLA), it will be a proof of seriousness for corporate and active contributors. And, we want to attract this kind of contributors. Note that in all serious project, with a foundation managing IP, this is mandatory.

That said, the problem has been studied with Marine: a retro active CLA is needed in order to manage code contributed by an author before they sign the CLA. So it's a tricky topic for a quite old project. Also, the CLA of the project should be signed to the benefit of a PrestaShop foundation or something like that, and not to the benefice of the company. That's why currently this is not yet ready.

[sam-pires]

If you want to have more infos about CLA at Strapi: https://strapi.io/blog/switching-from-dco-to-cla

I'll let you know how it goes and if the feedback is positive after a couple of weeks