typeshed
typeshed copied to clipboard
python
CLA requirement
@encukou just announced the new python organization repository policy: https://discuss.python.org/t/new-python-organization-repository-policy/17376
One of the points is that:
all repositories under python will need to require the CLA
While this is an overall understandable policy and not much of an hindrance for other typing-related repositories, I feel that this would be quite detrimental for typeshed. We often rely on small, low-threshold contributions from new users. Signing the CLA would create an unreasonable barrier to contributions. I also don't think signing the CLA should be required, as most of the contributions to typeshed stubs would most likely not be copyrightable as they are not in any way "creative", but purely technical.
So what are our options here? Maybe we could ask the SC for exemption for typeshed? Or move organizations? Does the psf organization have a similar requirement?
While this is an overall understandable policy and not much of an hindrance for other typing-related repositories, I feel that this would be quite detrimental for typeshed. We often rely on small, low-threshold contributions from new users. Signing the CLA would create an unreasonable barrier to contributions.
I fully agree.
I'm also not sure what the best option here is, but engagement with the Steering Council sounds like it would be a good first step.
It is worth noting, though, that the new CLA bot is much easier for contributors to use than the old Knights Who Say Ni.
(The requirement still seems to me to be unnecessary for typeshed.)
Also, requiring signing the CLA is perfectly fine for non-stubs contributions.
I also asked about this on Discuss (https://discuss.python.org/t/new-python-organization-repository-policy/17376/3). It's not clear to me that the CLA requirement is an intentional change.
I agree that contributing to typeshed should require as little boilerplate as possible, and a CLA would be just bad and unnecessary boilerplate.
~~I'm also a bit worried about 2FA. If it's off by default, that adds extra boilerplate too, especially for developers who don't regularly contribute to open source.~~
In general, applying the same policy to typeshed and cpython just doesn't make sense to me. These are very different projects. CPython has 1.5k open pull requests, and it makes sense to require contributors to be reasonable in various ways: CLA, ~~2FA~~ and issue templates all make sense. Despite all this, CPython still gets quite a bit of pull requests that don't belong in CPython. But in typeshed, we want anyone to be able to contribute as quickly and easily as possible.
move organizations?
While it doesn't make sense for typeshed to be outside python/, this seems like a good option if python/ begins to mean a strict policy that brings in a lot of boilerplate.
The 2FA requirement would be only for people with commit access, not for people just writing a PR. I think that's perfectly reasonable; having commit access should come with the responsibility to make sure your account is secure.