Affiliations in practice?

I consider the affiliations valuable. They help me observe contributions from the company perspective and on a project level see the involved parties and their involvement. But how best to achieve affiliations from the status quo? I have past contributions signed off with a personal email address and there are past contributions of people that are no longer involved with the project and for which I have no contact information. So how can I best clean up the affiliations? I already reached out to support. They are very helpful, but I feel I need to take a step back and evaluate my approach. So that is why I post it here. Some questions that come to mind:

  1. In general, to what extent can projects and companies manage the affiliations of contributors and employees? And what is left to the individuals after having created their LFX account?
  2. I can request or invite people to create an LFX account to explicitly manage affiliation. Does that also mean they’ll now have the burden to keep their affiliations up to date?
  3. If an employee no longer works for us, can I terminate the affiliation from the company view?
  4. I have one contributor falsely affiliated as he contributed in his personal time despite working at another organization. Can I change this from a project view, or should I request the contributor to change their contribution affiliation to be a personal contribution?
  5. I notice quite some situations where there are multiple identified contributors which are mere aliases of the same identity. The reason seems to be how contributions have been made, for example signed of with corporate email, personal email and using a GitHub account directly. Can projects or organizations request the merging of these accounts?
  6. In the Employees tab of the LFX Organization Dashboard I don’t see the people that have contributed to LF projects as I would see in the ‘Code contributors from my organization’ frame on the Dashboard page. Is there some way to get a more complete overview of current and past accounts that are associated with my organization so I can ensure their affiliations match?

Besides these questions I’m looking for general advice how to deal with affiliations in practice. I get the impression that every Open Source contributor should create an LFX account to manage their affiliations but that doesn’t seem to work well because there is little incentive to do so.

3 Likes

Hi, @nicorikken, Thanks for your feedback. If you are open, we would like to discuss the above points in more detail. Can you please send us your availability at npatel@linuxfoundation.org?

I had a great online meeting with the team working on affiliations. For others ending up on this page looking for answers, let me summarize my conclusions here. Of course this is merely based on the status quo and therefore all subject to change.

  • Affiliations are hard to begin with, for several reasons:
    • People can contribute to the same project under different affiliations both intentionally (working for different employers or putting in some of your own free time) and unintentionally (making a contribution for your employer on your personal computer with a git configuration that doesn’t include the affiliation). As you don’t know which is which, the unintentional ones have to be corrected by explicitly managing affiliations in profiles or rewriting git history and changing email addresses.
    • Contributors can actively manage their affiliations but there is the risk of that information not getting updated.
    • The contributors, employers and projects all might want to adjust the affiliations to have it better represent the truth, but resolving this discussion can require communication and back-and-forth.
  • The best solution to me seems to be deliberate in the email address you use for making a commit. Then affiliations will normally automatically reflect the truth, even on a per-commit level. So if you use an online editor, ensure you use the correct email address there too. I’m now considering to rewrite the git history to correct affiliations this way. The codebases are scanned in their entirety so changes in git history should be reflected in the next scan.
  • One might say other information can be used to link identities together and manage affiliations, like LinkedIn and GitLab/GitHub profiles. But LFX has chosen to make that opt-in by the person, which I think is a good practice respecting privacy.
  • Explicitly managed affiliations by individuals and organizations take precedence over the affiliations in the codebase and thus can also be used to add affiliations or make corrections.
    • An individual can claim an identity by creating a profile on https://openprofile.dev There individuals can also connect GitHub and LinkedIn accounts to aid in managing affiliations. It is up to the individual to keep their affiliations up to date
    • Organizations can check their LFX Organization Dashboard https://myorg.lfx.dev Organizations can request an affiliation change which in the back-end results in a ticket to make the change.
  • Regarding the final question of viewing all contributors of an Organization, in the Organization Dashboard, under Employees there is a ‘View by:’ filter on the right side. This filter is set to ‘Most Active’ by default. If you change it to ‘Everyone’ there is no filtering taking place and all registered employees appear.

TLDR;

  • Each contributor should use the email address of the employer or personal email address that reflects the affiliation of that commit. This should make things work automatically. You can make corrections by modifying the commit history as the repositories will be scanned in their entirety.
  • Overrides are possible for individuals by creating an account, claiming the detected identities and setting affiliations.
  • Organizations can request to have affiliations modified.

Thanks for the LFX team for providing great in-depth answers in the videocall.

Hi @nicorikken thank you for your follow up here! :smiley: , glad we were able to assist you with this question!

I’m also glad you believe using email aliases is the best solution here as well.

@nicorikken are you apart of a company OSPO?