Skip to content

ECA Simplification for GitHub

Hello:)

I have an "feature request"/improve proposal regarding the ECA declaration of a contributor, perhaps you can find a way to support this. The ECA is from governance perspective an important point, but from OSS perspective in combination with GitHub a bit complicated. Let me describe it over an scenario:

  1. Eclipse Project is providing code on github repo
  2. Any person forks this repo and start using it, because it was nice stuff
  3. Person finds out "Oh there is a bug", fixes it in it's fork
  4. fork code is very cool, maintainer wants to have it! Maintainer does a PR or the person itself
  5. BUT PR is not mergeable because this person (could be a script kiddie) has never signed ECA, so PR pipeline blocks merging
  6. Maintainer contacts somehow this person (if possible, over comments, email whatever)
  7. Maintainer tries to force the person to create an eclipse account, enter GitHub handle, sign something (have fun)
  8. Person is never doing it, because they just have fun on cool code (and maybe never reading the emails used for GitHub accounts)
  9. Code is unmergeable, maintainer works around the GitHub processes and just copy and paste code, so far possible, which means literally breaking the author ownership, or ignores the ECA completely, or ignores the PR and the cool stuff
  10. Lose-Lose situation

Regarding this example, I want to simplify the ECA in the following direction:

  1. After an PR of someone the PR should check the commits for non ECA accounts
  2. If one of them found, the Pipeline should automatically add the ECA sign request as a comment for the contributor directly in the PR (could be the normal form as a MD representation)
  3. if the comment is signed (e.g. with the GitHub handle, signed gpg nonce of the commit, insertion of commit hash etc.) the pipeline will add in the eclipse repository a kind of "commit proof log" where the signatures are listed. could be a textile, or anything else
  4. PR is released after all non ECA accounts have resolved their threads in the PR itself
  5. If the persons are not reacting, and valid ECA account should be able to check if there is any problem, if not, another ECA account should be able to resolve the thread by their own signings for confirmation

This would simplify the OSS process on GitHub a lot and releases the power of the community, because it removes the "you must be eclipse member" barrier. The contributor has just to sign the statement during the normal code flow, which is handled in the normal review process without any off band registrations and signings. This could increase the contribution rate and the usage of eclipse software.

If you have any questions I would be happy to discuss with you about it:)

regards

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent