OpenStack Core Infrastructure

Add CLA signature enforcement to gerrit

Bug #902950 reported by Monty Taylor on 2011-12-11

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Core Infrastructure	Fix Released	Medium	James E. Blair

Bug Description

Gerrit supports knowing who has signed a CLA, and also preventing people who have not done from submitting code. We should take advantage of this, as it reduces the burden on the reviewers (they currently are technically supposed to check to ensure that the submitter has, in fact, signed the CLA. Computers do that sort of check better)

Tags:

Monty Taylor (mordred) on 2011-12-11

Changed in openstack-ci:
status:	New → Triaged
importance:	Undecided → Medium
assignee:	nobody → James E. Blair (corvus)
tags:	added: gerrit

Revision history for this message

James E. Blair (corvus) wrote on 2011-12-21:

Gerrit has full support for signing CLAs, and recording personal
information about that. But rather than trying to revamp the whole
legal process right now, let's take an approach where we can relieve
core reviewers of the burden of verifying signatures. Here's how
we can do that easily with existing gerrit and launchpad tools:

Set up a CLA in gerrit that essentially just says "Don't agree to
this, instead, follow these instructions...". People will still be able
to "agree" to that, but we'll turn off auto-verify and we'll just never
verify those. The instructions will tell people to do echosign and
apply to a group in launchpad. That group will be configured to have
agreed to the agreement, so once they are members, they will be able to
upload code.

This has the advantage of having a useful error message that directs
people to the agreement page. However it is weird that the agreement
page doesn't have any "real" agreements, just a fake one, that if you
select it, it tells you how to get set up. The error message:

======================================================================
fatal: A Contributor Agreement must be completed before uploading:

https://review-dev.openstack.org/#settings,agreements

fatal: The remote end hung up unexpectedly
======================================================================

Changed in openstack-ci:
status:	Triaged → In Progress

Revision history for this message

James E. Blair (corvus) wrote on 2011-12-21:

I should add that the revised process for new contributors will be:

1) Sign CLA via echosign
2) Record signature in wiki
3) Apply for membership in openstack-cla
4) Contribute!

With only step 3 being added by this change.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2011-12-28: Fix proposed to openstack-ci (master)

Fix proposed to branch: master
Review: https://review.openstack.org/2658

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2011-12-30: Fix merged to openstack-ci (master)

Reviewed: https://review.openstack.org/2658
Committed: http://github.com/openstack/openstack-ci/commit/00db77a92d7d5aee9a6871cfcc7c6fc1e0b54f3b
Submitter: Jenkins
Branch: master

commit 00db77a92d7d5aee9a6871cfcc7c6fc1e0b54f3b
Author: James E. Blair <email address hidden>
Date: Wed Dec 28 11:17:08 2011 -0800

Add script to sync CLA wiki and LP team.

People listed as having signed the CLA on the wiki page will
be added as Approved members of the openstack-cla LP team.

Addresses bug 902950.

Change-Id: I9261cfcffc97281432a122c98e05beae454a76a1

Changed in openstack-ci:
status:	In Progress → Fix Committed

James E. Blair (corvus) on 2012-01-06

Changed in openstack-ci:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.