Right, just keep in mind: For contributions, you as the committer would be responsible for the content being IP clean, not the pull request submitter.
How do you do this from a larger contribution (e.g. 3 new classes) from a github user known only as "msTentactle"? If she has signed the CLA, then she is responsible instead, as it includes: > 4. You represent that you are legally entitled to grant the above license. Note that this also applies to the committer that does the merge from non-CLA contribs. For patches that probably is not even copyrightable or unlikely to be say copy-pasted from Oracle code, then no need for a CLA. On 19 Mar 2015 20:39, "Mark Thomas" <ma...@apache.org> wrote: > On 19/03/2015 17:32, Bruno P. Kinoshita wrote: > > Hello, > > > > There is a pending pull request at GitHub to the incubator [text] > > component that I would like to merge. Before doing so, could someone > > confirm whether I have to check if the user has already signed a CLA > > [1], and if not, ask him/her to sign it, please? > > Warning: Personal pet peeve ahead. Apologies in advance for the shouting :) > > No, no, no, no, NO! > > CLAs are NEVER *required* for the ASF to use patch. Section 5 of the > Apache License V2 gives us all the legal permissions we *need* to use a > patch, assuming the conditions of that section are met. There is the > question of what is an intentional submission but it is safe to assume - > unless the author states otherwise - that something submitted via Jira > or a pull request is an intentional submission. > > There is a view among many projects that for 'large' contributions is is > prudent to have a CLA on file. I do not share that view. The only folks > we *require* CLAs from are committers. > > > IIRC, when users > > submit patches via JIRA it displays an option to donate the code > > submitted via patch to ASF. > > We removed that option years ago because it served no purpose (and it > was a PITA to maintain the custom plug-in that implemented it). Again, > section 5 of the ALv2 gives us all the cover we need. > > Bugzilla (which pre-dates Jira) has never had such an option. > > > If signing CLA's is a requirement for > > GitHub pull requests, maybe we could ping @infra and check with them > > if we could use clabot [2] for that? > > No need. Just review the pull request and - if it is acceptable - merge it. > > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
