Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automate CLA submitting #856

Open
quarckster opened this issue Oct 9, 2024 · 7 comments
Open

Automate CLA submitting #856

quarckster opened this issue Oct 9, 2024 · 7 comments
Assignees
@quarckster

Comments

@quarckster
Copy link

CLA submission should be automated to avoid manual work. Contributors should just fill a web form without any email interaction as we do now. It will require reorganizing the CLA DB and CLA check workflow. As a reference we can take Google CLA form.
@quarckster quarckster self-assigned this Oct 9, 2024
@t8m
Copy link
Member

t8m commented Oct 9, 2024
edited
Loading

Can I sign the Google CLA without a Google account?

A Google account is required to sign the CLA. Google accounts are used to link individual and corporate CLAs to covered contributors and provide authentication for CLA management.

How do you want to authenticate the user submitting a CLA via a web form? Would submitting an unauthenticated web form be at least somehow legally binding action? They could always say, that they did not submit anything.

@baentsch
Copy link

baentsch commented Oct 9, 2024

How many CLAs are processed (per day/month)? How much automation (and proper authentication as per @t8m's comment) effort is it worth saving that? Considering how important having (correct/binding) CLAs is --I just need to re-do a lot of work because of this (not having them for PQ code)-- some manual effort doesn't seem over the top (unless it's indeed dozens of CLAs to be processed per day).

@t8m
Copy link
Member

t8m commented Oct 9, 2024

I'd say its 5-10 CLAs per month at max.

@quarckster
Copy link
Author

quarckster commented Oct 9, 2024
edited
Loading

Would submitting an unauthenticated web form be at least somehow legally binding action?

It's the same legal as we do now, we don't have any authentication for CLA submitting in the current workflow.

They could always say, that they did not submit anything.

The could do the same with the current procedure. We trust our CLA submitters.

@t8m
Copy link
Member

t8m commented Oct 9, 2024

Yes, but we require them to do the manual steps and we review the PDF they submitted. We do not blindly and automatically fill in the CLA database with data submitted from an unauthenticated form. We also require the confirmation of the CCLA requirement (or not) as a separate second step by e-mailing to the submitter. This also at least requires some form of active behavior on the submitter's side.

So I could imagine some automation here and submission via a web form, but at least we should confirm that at least one of the e-mails of the submitter works and there should be a manual review of the signed PDF before the CLA is accepted.

@arapov
Copy link
Member

arapov commented Oct 9, 2024

It should be done using DocuSign or a similar service that communicates via email. I expect a human to review the I/CCLA before marking an individual as having completed the CLA.

The goal is to make the process easier for contributors and somewhat easier for us. I don’t expect this process to be entirely automated without requiring human involvement.

@t8m
Copy link
Member

t8m commented Oct 9, 2024

Yeah, that works. The initial description was oversimplifying things.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@quarckster quarckster

Labels
None yet
Projects
Project Board
Status: To do
Milestone
No milestone
Development

No branches or pull requests
4 participants
@quarckster @arapov @t8m @baentsch