FINOS CLA
Permissions for access to the LFX Organization console were designed with a little extra gating: if a new user tries to access but and is already associated with a company who had never before signed any cla, then it will ask them to open a ticket for access. As soon as the ticket is created, feel free to send the ticket URL to help@finos.org , so we can help expediting the resolution.
The FINOS IP policy specifies that projects should adopt the FINOS contributor license agreement (CLA). The FINOS Governing Board has adopted both an Individual and a Corporate CLA derived from the commonly used Apache-style CLA template.
FINOS uses EasyCLA (more information, direct access) to ensure that all contributors have signed the appropriate documents when contributing to a project requiring a CLA. This tool was created and is maintained by the Linux Foundation, and has a number of features designed to support our open source project communities:
- Once a contributor is authorized for one FINOS project, the signature is recognized for any other FINOS repositories that use EasyCLA.
- Contributors may sign as individuals, or be covered under a Corporate CLA, if the contributor is employed by a firm
- Companies can elect a CLA Manager, a person within the firm that can update approval configurations, using the EasyCLA Organization Dashboard.
- Companies who sign the CLA can authorize employee usernames individually, or use email domain or github organization affiliation containing their employees as members.
There is no cost to signing the FINOS CLA. Please note that this is different from membership in FINOS. If your organization relies upon our projects, please become a member. Membership dues are an essential source of funding, and we rely upon them to support the FINOS project ecosystem.
It is important to notice that - for any given contributor covered by a Corporate CLAs - there are 2 steps necessary in order for EasyCLA to approve her/his contributions:
- The CLA Manager adds an approval criteria that applies to the Contributor
- The Contributor confirms her/his affiliation to the firm, by following the link provided in the first Pull Request being submitted to an EasyCLA-covered gitHub repository (see below,
Click here to be authorized
)
How to use EasyCLA
Who signs the documents?
You can sign the FINOS CLA as an individual, or your company can sign and authorize you as a contributor.
The individual workflow is for people who can make CLA commitments on their own behalf (e.g., hobbyists, students, sole proprietors, etc). This workflow is fast and easy, but may not be appropriate for people who are doing work-for-hire. The corporate workflow involves more steps, but allows a company to sign one document, once, for all of their contributors.
At a high level, the signature process works like this:
- Open a PR against a repo covered by EasyCLA (including this one).
- A bot will check whether your GitHub user is covered by a signed CLA.
- If you're already covered you will get a green checkmark, and your contribution can be merged.
- If you're not covered, you'll be prompted through the signature process.
Standards projects
FINOS currently hosts few Standards projects, like FDC3 and CDM; each of them uses a "dedicated instance" EasyCLA (also known as EasyCLA Group), which ensures that each Standard can manage a dedicated/isolated list of approved contributors; on the contrary, all (other) FINOS non-Standards software projects are covered by the same EasyCLA Group, therefore enrolling into one project will allow contributors to also be covered across all other ones.
Initiating the signature process against a test repo
The easiest way to initiate the process is to open a PR against any covered repo, for example proposing a small change to software-project-blueprint/EASYCLA_CHANGEME.md; note that these types of PRs will be closed periodically. For more information about EasyCLA, please visit our Community website.
Sign as an individual
If you are working on your own behalf and can make IP commitments about what you produce, you can sign as an individual contributor.
- Open a PR against a repo that uses EasyCLA.
- When blocked by the bot, follow the prompts and choose Individual.
- Fill in the details and sign the DocuSign form.
- Wait a little while for the check to re-run.
That's all there is to it.
Have your company sign for you
If you are doing work for someone else (e.g., it's your job), the company might need to sign for you. The advantage here is that they can authorize other employees with a single signature. If your company has already signed the document but you're still blocked, you may just need to request your username be added to the list of authorized contributors. Once this is complete you'll just have to confirm you work for them by clicking through the process one final time.
Here are the steps to have your company sign the CLA.
If your company hasn't yet signed the agreement
1) Open a PR against a repo that uses EasyCLA. 2) When blocked by the bot, follow the prompts and choose Corporate Contributor.
3) Choose your company from the list. If it's not there, add it.
4) If you're a CLA Manager, press Yes
and login with your LFID (or create an LF Account)
5) Designate someone with signing authority (generally an officer or attorney, if in doubt ask your manager) to receive the DocuSign. This person is the CLA Manager.
6) Follow up with the CLA Manager and ask them to sign the DocuSign form; if the CLA Manager have already approved you, the Pull Request will automatically update and be marked as Covered
. If not...
6.1. The CLA Manager can now designate other CLA Managers who are allowed to manage your company's list of authorized contributors.
6.2. The EasyCLA bot can be re-triggered by adding a comment on the Pull Request with the content /easycla
When your company has finished signing the agreement
- Once the agreement is signed, any CLA manager can log into the EasyCLA site (choose EasyCLA v2) and either:
- Add your GitHub username individually to the list of authorized contributors, or
- Add your corporate email domain, which authorizes anyone who has that email in their GitHub account, or
- Add a corporate GitHub Organization, where any member of the org is covered by the CLA.
- Once this is done, you'll need to click the Details link in the PR (again) and click a button that acknowledges you want to be covered by the company.
- Wait a little while for the check to re-run.
At this point, your PRs will no longer be blocked by EasyCLA on any FINOS repo.
Best practices
- Ask the CLA Manager to add the corporate email domain to the list of authorized contributors, or ask them to add your corporate GitHub organization. This is much easier than adding contributors individually.
Getting help
If your company is in the system but you don't know who your CLA manager is, you can email help@finos.org.
If you run into issues, you can open a ticket in JIRA.
Adding EasyCLA to your project
Here are the steps to add EasyCLA to your project.
1. Prepare your core contributors
The single most valuable thing you can do prior to adding EasyCLA is to ensure your core contributors have already been authorized. This minimizes the potential for disruption, and can be accomplished by them simply opening a trivial PR against this repo and following the steps. (Contributors who have already signed the FINOS CLA in EasyCLA for another project do not need to do this.)
You may also want to open an issue letting others know that this will be happening.
2. Add instructions to your project
We recommend adding something like the following to your main README
and/or CONTRIBUTING
files, so that new contributors are not surprised. You may also consider updating your PR template to point to the instructions.
Here is some suggested text you can use:
This repository is managed by EasyCLA. Project participants must sign the free [FINOS CLA](/docs/governance/Software-Projects/easycla) before making a contribution. You only need to do this one time, and it can be signed by individual contributors or their employers.
To initiate the signature process please open a PR against this repo. The EasyCLA bot will block the merge if we still need a CLA from you.
You can find [detailed instructions here](https://easycla.lfx.linuxfoundation.org). If you have issues, please email [help@finos.org](mailto:help@finos.org).
If your company benefits from this project and you would like to provide essential financial support for the systems and people that power our community, please also consider [membership in FINOS](https://www.finos.org/membership-benefits).
3. Request that EasyCLA be enabled
When the above steps are complete, please reach out to help@finos.org and EasyCLA will be enabled for your repos.