Thank you for the link.
The DCO includes an interesting section, which we currently don’t cover
in the CLA:
(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved.
With respect to the GDPR, this explicit consent to the use of personal
information (PII) is necessary - probably under other privacy
regulations as well.
The CLA process currently does include an explicit consent. At best,
it’s implicit, but that’s not enough to fulfill the GDPR
requirements.
The Apache License also includes an interesting twist with respect
to how “Contribution” is defined. Unlike our CLA, which requires
explicitly marking what constitutes the “Contribution”, the
Apache License regards all submissions as part of a “Contribution”
and requires the contributor to explicitly mark parts which are
not part of the “Contribution” to be marked as such. This approach
simplifies the process somewhat and avoids repeated copyright
and license notices in contributions.
Perhaps it’s time to start working on a new version of the CLA and
the associated process to get CPython prepared for the future ?!
Should we start a new topic on this ?