Kong: How should an organization sign the CLA

Created on 25 Sep 2019 · 5Comments · Source: Kong/kong

The organisation Ville de Montreal would like to be able to make contributions to the Kong project (https://github.com/VilledeMontreal). The idea is that anyone part of the organisation should be allowed to contribute.

From looking at cla-assistant here is what I believe must be done:

have the proper authority at the Ville de Montreal sign the Kong CLA
once the CLA is signed, have Kong whitelist the VilledeMontreal org in the cla-assistant configuration

How should signing the CLA be done, considering it is for an entire organisation?

Thank you

Source

marckhouzam

All 5 comments

@marckhouzam Hello,

We are glad that your organization is considering contributing to Kong. I pointed the Kong's legal folks to your question, stay tuned.

thibaultcha on 26 Sep 2019

👍1

@marckhouzam As per our initial internal conversation, it seems like the current CLA isn't ideal for it to be signed by organizations.

To paraphrase the answer I got from our legal folks: under the current CLA, the contributor can only be the exclusive owner of the copyright. However, the contributor should ideally either be the exclusive owner, _or_ have the right/authority over the copyright granted by their employer. This is currently missing under Kong's current CLA (see Section 4). For the time being, it has been said that whitelisting an entire organization isn't going to be a sustainable approach, as we'd rather have a CLA associated with each individual contributor.

We are planning on updating the CLA so that it aligns with Apache's CLA, which will allow for establishing the proper chain of authority between contributing organizations and their employees. Updating this may take a few days on our end, and we'll get back to you. Thanks!

thibaultcha on 27 Sep 2019

👍1

@thibaultcha any news on this? We don't have a planned PR but I would like the contribution process to be ready if/when we do. Thanks!

marckhouzam on 7 Nov 2019

Hi @marckhouzam,

We just updated our CLA (https://cla-assistant.io/Kong/kong) to incorporate the changes we discussed. In particular, see the updates to section 4. Leaving this open for a few more days, let us know if you have any questions!

thibaultcha on 3 Dec 2019

Thanks for this.

If I understand correctly:

Someone entitled to sign for the corporation must first electronically sign the CLA using their own GitHub account
Once the above is done, a contributor from the corporation must also sign the CLA using their own GitHub account
That contributor can then make the contribution

There is no automated verification that the first step is done before accepting the contribution. But the CLA does stipulate this requirement.

That's sounds good to me. We just have to make sure our CIO has a valid GitHub account 😉

marckhouzam on 4 Dec 2019

👍1

Was this page helpful?

0 / 5 - 0 ratings

Related issues

ACL White list synchronisation in Kong hybrid mode

ypscotto · 3Comments

Bug: 1.4.0rc1 basic-auth password should not be required

hbagdi · 3Comments

how to pass query parameters to apis in kong

gopirajum · 3Comments

Kong plugins doesn't get executed unless kong reloaded or restarted

rucciva · 3Comments

failed to open plugin kong: plugin.Open("/tmp/go-plugins/kong"): plugin was built with a different version of package github.com/Kong/go-pdk/bridge

antoniott15 · 3Comments