vis.gl icon indicating copy to clipboard operation
vis.gl copied to clipboard
verified publisher icon visgl

OpenJS Graduation: Adopt DCO or CLA

Open bensternthal opened this issue 1 year ago • 6 comments

I am opening this issue in Vis.gl but it is applicable to all the repos underneath the visgl organization.

Part of the OpenJS graduation requirements is to adopt a DCO or CLA. DCO is probably a bit more lightweight, but I would be happy to help implement whichever you choose. If we went with DCO, there is a PROBOT app that we could turn on for the entire org.

Note this might also be as simple as including the DCO in a PR template, I think this is the approach Node.js has taken.

This is not a minor change so let's discuss how best to go about implementing and ensuring any questions or concerns you have are answered.

@chrisgervang for visibility

bensternthal avatar May 31 '24 21:05 bensternthal

To satisfy this is it a matter of either adding a PR template, or signing off on each commit using -s and adding a bot?

I think Kepler.gl already has DCO bot implemented.

Our publish scripts might need a minor update to include sign off in the commits they make if we went that route, other than that I'm wondering what else needs to change?

I'm probably fine with either option, but it does seem like the PR template would break the least amount of things.

Just to clarify, is using the -s to add the "Signed off by" bit required with the PR template route or just the bot route?

chrisgervang avatar May 31 '24 22:05 chrisgervang

I am poking around on the same questions. I'll get some clear answers and add them here.

bensternthal avatar May 31 '24 22:05 bensternthal

From CPC call - Jun 4: Node context: We've been using DCO forever, Brian W. was trying to find a way to add to that and lead to CLA. Also fielding feedback from the community about not adding increased friction. That effort somewhat died out over time - The DCO bot could be an more robust solution but it needs effort. Unless the Foundation says it's not good enough, Node is unlikely to change that, but unclear if all related Node repos fall into that scope (do they?)

@bensternthal - taking an approach to understand what Node does then where we can go for recommendations when projects want to adopt or stay with DCO. Will work with legal on this.

  • For new projects coming in, CLA strongly recommended (easiest path forward), for projects that want to adopt or stay with DCO there can be guidance (consulting with legal - likely to incure attorney fees)

PaulaPaul avatar Jun 04 '24 16:06 PaulaPaul

For new projects coming in, CLA strongly recommended (easiest path forward),

  • I can say that moving our repos into OpenJS foundation and getting rid of the CLA imposed by previous repo owner was a big milestone for us.
  • CLA was a blocker for some bigger companies like Apple where engineers had been wanting contribute but have been unable to do so because of CLA.
  • So perhaps naively, I would personally vote for not introducing CLA and limiting to DCO.
  • FWIW, at least we have no concerns with introducing DCO, so that is something we could do asap.

ibgreen avatar Jun 04 '24 16:06 ibgreen

Thanks for this context @ibgreen - it seems like DCO needs to be part of the solution from what I heard today, and @bensternthal raised that it is going to involve some discussions with legal (and likely some legal fees). @bensternthal if there is something I can do to help support this happy to join in - it's an area I would like to learn more about.

PaulaPaul avatar Jun 04 '24 17:06 PaulaPaul

Yep DCO will always be an option. I'm just looking to solidify OpenJS best practices on implementation.

bensternthal avatar Jun 04 '24 17:06 bensternthal