cla-bot
cla-bot copied to clipboard
finos
Add the ability to whitelist members of an org
It would be quite useful if we could whitelist an org. Each commit author would be verified to see if they are a member of a given GitHub org.
I personally think this is a really important feature that would also be useful to reduce frictions for part of "regulated" entities onboarding.
I would think though the the requirement would be twofold (and maybe worth splitting issues):
- Whitelist all github users with email address from a certain domain (e.g. [email protected] and [email protected])
- Whitelist all github users from a certain Github org
@maoo do you agree?
Agreed. I see the first being easier to adopt than the second, since for the latter option, public membership is required for APIs to collect affiliation, and often orgs don't enforce it. That said, it would be useful to give admins the option to configure the CLA Bot using the 2 different flavours.
Per this thread with @sribeiro-daitan, https://groups.google.com/a/finos.org/forum/#!topic/symphony/z-7NhT23Ils, I think this is an important feature to implement sooner than later. @maoo is this already in the ODP backlog? (CC @bingenito )
Also do we need to be careful here of different between being a member of github org that corresponds to an organization that has a CCLA vs. having an email address from an organization that has a CCLA.
Created https://finosfoundation.atlassian.net/browse/ODP-88 and pulled into the next ODP Sprint.
Note that our organization policy is we must mark our email as private and thus restricting us to the noreply email on git commits. (This is to avoid spam, not to hide who we are)
1 v 2 seems like a legal question. For 1, I was comfortable vouching for all users in my @greenkeytech.com domain (and sign whitelist doc as a company officer), and any users in it.
If 2, are we saying that PMCs would be responsible for making people sign a CLA waiver before joining the org? Assuming I can add people to the org myself.
