LFX EasyCLA v2 Blog

We’re making some significant improvements to EasyCLA that we want to make sure you’re aware of. We would like to give everyone a preview of what’s coming with the v2 release that will roll out in phases over the next few weeks.

This release is particularly exciting for us. We’ve spent a lot of time listening to feedback from people among the 14,700+ CLA Contributors that have used prior versions of our contributor license agreement (CLA) tools. The result was a number of usability and workflow improvements that will make signing and managing CLAs even easier for contributors. Keep reading for details on what’s new and how this release will impact you and your project(s).

Context: Contributor License Agreements and EasyCLA

Not all projects use contributor license agreements (CLAs). Many projects hosted by the Linux Foundation use the Developer Certificate of Origin (DCO) as their contribution mechanism. Some project communities have chosen to use a CLA to define the terms under which contributions are licensed to the project. We don’t require a CLA at the Linux Foundation, but some projects do choose to use them. Once that decision is made, the key community challenge is to make the CLA signing and tracking as effortless as possible so that companies and individuals can contribute.

For those projects that choose to use CLAs, typically they need to ensure that a CLA is signed before a new contributor’s patch can be accepted by the project. For someone contributing on their own behalf, this is straightforward: They will need to sign an Individual CLA (ICLA) before they contribute to that project for the first time.

The process is more complicated for someone contributing on behalf of their employer, however. The workflow used by other CLA bots–to just have each contributor sign a CLA–may not be appropriate here. The contributor might not be authorized to sign legal agreements like a CLA on behalf of their company. And, once a Corporate CLA (CCLA) is signed, the company needs a way to be able to manage which of its employees are authorized to contribute to the project under that CLA, as new employees start to participate and others leave.

“EasyCLA allows me to quickly on-board new contributors from my company and add them to the approved list within minutes of their request.”

Ranny Haiby, Director, Open Source Group at Samsung

The Linux Foundation built EasyCLA to help address these challenges in an automated, scalable way. It is the only tool to appropriately support both individual and corporate CLA workflows at scale.

EasyCLA includes functionality to check repos hosted on GitHub or Gerrit, and to confirm that contributors are authorized under a signed CLA. If they are not, then EasyCLA includes workflows to help the contributor pass along the CLA to someone at their company who is authorized to sign it. It then provides flexible controls to each company’s “CLA Managers” to manage the set of authorized contributors from their company for a particular project.

“Using EasyCLA at the Academy Software Foundation to entirely automate CLA management and compliance has made it easier for new contributors to join our projects.”

Rob Bredow, SVP, Chief Creative Officer of Industrial Light & Magic, member of the Board of Governors of the Academy of Motion Picture Arts and Sciences, and Governing Board chairperson, Academy Software Foundation

The Linux Foundation first released EasyCLA in July 2019. With the v2 release that we are announcing today, there are significant improvements to the user interface and available functionality, described in more detail below.

How Will This Impact Me?

Regardless of your role in the CLA process, all users will see a better user interface (UI) and process improvements. This is based on feedback and input from many users of the system who were asking for more help navigating the features.

For those contributors currently using EasyCLA version 1 or prior, your current CLAs, approved lists, and workflows should not be impacted by this release. However, you’ll notice new features and a better user interface that will make signing and managing CLAs even easier.

New contributors who are not yet authorized under a CLA and therefore gated by EasyCLA will follow the same process as before, with improved UI and contextualized help to ensure a smooth workflow.

There’s no change to the overall process for CLA Manager and Project Manager workflows either. That said, new features and improved UI will make managing your CLAs easier.

What’s New in EasyCLA

For all Users:
  • Improved user experience & streamlined workflows
  • Contextualized help including tooltips & links to support resources
  • Audit Logs record key activity related to CLA actions & authorizations
For Corporate CLA Workflows:
  • Streamlined UI for adding authorized contributors
  • Search, filter, or download authorized contributor lists for your company
  • Easier to identify who are your company’s CLA Managers
  • Download signed CLAs as PDFs
For Project Manager Workflows:
  • Auto-enable new repositories under a GitHub Organization
  • Auto set-up Branch Protection for the default repository branch

How to Get Started?

For existing EasyCLA users, you’ll automatically have access to EasyCLA v2 once the cut-over takes place.

How to Create a CLA Group for Your Project
How to Sign an Individual CLA
How to Sign and Approve a Corporate CLA
EasyCLA Bot Permissions

This release will introduce two new features called Auto Branch Protection and Auto Configure GitHub repositories. These features allow Project Managers to automatically protect GitHub repositories and branches from the EasyCLA administration console. In order to roll this out, we need to update the EasyCLA bot permissions for all connected GitHub repositories.

  • GitHub Organization owners: Please accept the new permissions request when prompted within your GitHub organization.

These permissions allow the tool to enforce CLA checks, receive events related to Pull Requests, read public email addresses for code committers, update GitHub comments and status entries, allow developers to re-check the status by adding the “/easycla” command in a GitHub comment, and receive notifications when repositories are added.

The Auto Branch Protection and Auto-Configure GitHub repository features will not work until the GitHub permissions request is accepted by the GitHub Organization owner. All other features will continue to work as before. For further information on EasyCLA and how the GitHub status checks are enforced, please see our documentation.

Want to Learn more?

Please join us for a webinar on April 8th, LFX EasyCLA: Streamline Your Development Workflow. In this webinar, you’ll learn how EasyCLA can help streamline the process of enforcing contribution policies and why this is crucial to maintaining project health. Discover best practices for completing a CLA and managing authorized contributors using the only tool to appropriately support both individual and corporate CLA workflows at scale. We’ll introduce you to the latest release of EasyCLA, which includes improved UX features that make the CLA process even easier for everyone.