Ask HN: A simple and safe way to collect CLA:s? (contributor agreements)
- Add a file CLA-v1.txt to the repository, with the contributor license agreement text.
- Tell contributors to show their agreement, by appending "I agree to the contributor license agreement, CLA-v1.txt" to their commit messages.
Maybe write a commit hook, or post-push hook, or GitHub hook, that checks that all commit messages ends with that magic line.
Now the CLA:s are stored inside the repository itself. No need to rely on any SaaS. Can switch from GitHub to whatever else (maybe needs a new Git hosting provider hook though). Everyone who gets the source code, can verify him/herself that all is in order.
Also, if you want to amend the CLA: Create a file CLA-v2.txt, and require that people thereafter add the line "I agree to ... CLA-v2.txt". Now you'll see exactly which version of the CLA everyone has agreed to, per commit.
This is inspired by — maybe it's almost the same as — Linux' Developer Certificate of Origin (DCO), and their "Signed-off by (the author's name)" line. Is there any universal agreement about what "Signed-off by" means? I couldn't have guessed it means "I agree to the DCO", unless I had found some blog post about it. — Why don't they write "I agree to the DCO" instead?
(I wrote a longer text about this, maybe incorrectly arguing against other popular alternatives, see: https://www.effectivediscussions.org/-56/simple-safe-way-to-collect-clas )
What do you think about this approach to CLAs? Do you see any dangers? Or is a good approach?
0 comments
[ 1.6 ms ] story [ 6.9 ms ] threadNo comments yet.