LFX EasyCLA

The latest EasyCLA full user documentation is found at https://docs.linuxfoundation.org/lfx/easycla/v2-current/getting-started

Known Issues


In the CLA Corporate Console at organization.lfx.linuxfoundation.org, when adding an Approval Criteria or a CLA Manager, the "pop-up" window appears in the bottom left side of the screen and the user is unable to perform any action.

The CLA Corporate Console javascript is trying to get timezone prefix from the Date object. However, if the locale setting is not in English, the Date object will have timezone prefix in its local language, causing the issue. 

While the fix is being implemented for this, we ask the CLA Managers to set their browser language setting to English. This will allow the "pop-up" window to show correctly.


Installing EasyCLA on GitLab repositories

GitLab changed how they managed their authorization for the EasyCLA integration. It now requires a rotating token rather than a static long-lived token. As a result, the EasyCLA GitLab integration is experiencing token expired errors. This issue was reported and is being tracked at https://github.com/communitybridge/easycla/issues/3537

Some FAQ

Do you need an LFID account to sign the Corporate CLA?

No, only the user that will become the Initial CLA Manager will need to have a LFID account to initiate the signatory process in the Corporate CLA Console at organization.lfx.linuxfoundation.org. That user will be prompted with the question "Are you authorized to sign this CLA on your company's behalf?". Selecting "No", the Initial CLA Manager can add the Name and the Email Address of the person authorized to sign the Corporate CLA. This person will receive a DocuSign email and perform the signature without needing to log into the CLA Corporate Console. Once completed, the Initial CLA Manager will received a confirmation email. For more information, please visit: https://docs.linuxfoundation.org/lfx/easycla/v2-current/corporate-cla-managers/coordinate-signing-cla-and-become-initial-cla-manager.


Why does the Linux Foundation ask contributors to some projects to sign CLAs?

Some project communities have elected to use CLAs as a required step for contributions to their code. For those that have, the Linux Foundation wants to ensure that contributions comply with the IP policies of that project, including ensuring that contributors have accepted the corresponding CLA.


What is the difference between the Corporate CLA and the Individual CLA?

A Corporate CLA needs to be in place if you are contributing code on behalf of your employer. A Corporate CLA should be signed by an individual who is authorized to enter into it on behalf of the company. After the Corporate CLA is signed, your email address needs to be included in a Approved List that is associated with your employer for this project. A CLA manager for your company is responsible for managing the Approved Lists.

An Individual CLA is signed by an individual for contributions that they contribute on their own behalf, as opposed to contributions on behalf of their employer or another entity.


Which Corporate CLA Approved List option has the lowest maintenance overhead?

The Domain Approved List option requires less overhead for signatories and CLA managers because it allows entities to contribute under any email address under that domain name. When signatories and CLA managers use the Email Approved List instead of the Domain Approved List, they must use the tool to add an email address every time a new company contributor joins the project. Therefore, using the Domain Approved List requires less overhead because signatories and CLA managers do not need to add and manage numerous employee email addresses.


I contribute to an open source project as an employee for a company. Do I need to complete, sign, and submit a DocuSign document?

No. Your company's CLA signatory has signed a Corporate CLA, you simply confirm your association to the company during your code submission process. However, If you are the first one from your company who has contributed to the project, then your company's CLA signatory will not have signed a Corporate CLA yet.


If my project community has elected to use CLAs as a required step for contributions to their code, do I need to sign an agreement for each project to which I contribute?

Yes, provided that the project has a CLA.

  • If you are contributing as an individual—you must sign an Individual CLA for each project to which you contribute.

  • If you are contributing as an employee of a company, your company's CLA signatory must sign a Corporate CLA.


Do I have to sign a CLA every time I contribute code?

Signing a CLA for a project covers all code contributions to that project. You may, however, need to sign additional CLAs if you choose to contribute to other projects that require CLAs.


Why does EasyCLA redirect and update a previous opened PR instead of the one I performed the signature on?

When there are two or more opened PRs in the same repository, during the signature process EasyCLA will always redirect and update the earliest opened PR. Once the signature has been completed, you can add "/easycla" comment on the other PRs to trigger the EasyCLA bot and update your authorization status for each open PR.


The cla/linuxfoundation check on my PR for a Kubernetes repo is not marked as passed after signing the CNCF CLA through EasyCLA?

Kubernetes repositories are in the process of migrating from CLA v1 (cla/linuxfoundation check) to EasyCLA (EasyCLA check). During this migration, the cla/linuxfoundation check is not being updated even when the users have properly signed the CLA. If the PR has the label "cncf-cla: yes", it means the authorization for the user has been granted. Note that the cla/linuxfoundation check is not a requirement nor a blocker for merging the PR once all the required labels have been included.

Once the migration has been completed cla/linuxfoundation check will be removed.