Automate CLA submitting

[quarckster]

CLA submission should be automated to avoid manual work. Contributors should just fill a web form without any email interaction as we do now. It will require reorganizing the CLA DB and CLA check workflow. As a reference we can take Google CLA form.

[t8m]

Can I sign the Google CLA without a Google account?

A Google account is required to sign the CLA. Google accounts are used to link individual and corporate CLAs to covered contributors and provide authentication for CLA management.

How do you want to authenticate the user submitting a CLA via a web form? Would submitting an unauthenticated web form be at least somehow legally binding action? They could always say, that they did not submit anything.

[baentsch]

How many CLAs are processed (per day/month)? How much automation (and proper authentication as per @t8m's comment) effort is it worth saving that? Considering how important having (correct/binding) CLAs is --I just need to re-do a lot of work because of this (not having them for PQ code)-- some manual effort doesn't seem over the top (unless it's indeed dozens of CLAs to be processed per day).

[t8m]

I'd say its 5-10 CLAs per month at max.

[quarckster]

Would submitting an unauthenticated web form be at least somehow legally binding action?

It's the same legal as we do now, we don't have any authentication for CLA submitting in the current workflow.

They could always say, that they did not submit anything.

The could do the same with the current procedure. We trust our CLA submitters.

[t8m]

Yes, but we require them to do the manual steps and we review the PDF they submitted. We do not blindly and automatically fill in the CLA database with data submitted from an unauthenticated form. We also require the confirmation of the CCLA requirement (or not) as a separate second step by e-mailing to the submitter. This also at least requires some form of active behavior on the submitter's side.

So I could imagine some automation here and submission via a web form, but at least we should confirm that at least one of the e-mails of the submitter works and there should be a manual review of the signed PDF before the CLA is accepted.

[arapov]

It should be done using DocuSign or a similar service that communicates via email. I expect a human to review the I/CCLA before marking an individual as having completed the CLA.

The goal is to make the process easier for contributors and somewhat easier for us. I don’t expect this process to be entirely automated without requiring human involvement.

[t8m]

Yeah, that works. The initial description was oversimplifying things.