In a recently opened typo fixing PR [1], an issue came up regarding the lack of a signed CLA, where the author specifically mentioned they did not want to sign it for privacy concerns.
However, I was informed by Pablo Galindo that there are legal issues involved with merging any PRs without the CLA signed, including typo fixes. Personally, I have no strong opinion one way or the other, as I don't have an adequate understanding from a legal/licensing perspective. But, I think think there's definitely an issue with the lack of consistency regarding this policy.
To require a signed CLA for some minimal PRs but not others, solely based on who happens to be reviewing the PR, seems rather unfair to potential contributors. From my perspective, the solution seems to be clearly defining a more explicit stance on this policy, and having it apply as universally as possible to all PRs made to CPython.
For example, if the CLA should be required for all PRs, the policy might state something like this: "The author of any PR made to the CPython repository must have signed the CLA before their PR can be merged. Any PR opened by an author that has not signed the CLA can't be merged until it has been signed."
OTOH, if it's okay for minimal PRs to not have a signed CLA: "The author of any PR made to the CPython repository must have signed the CLA before their PR can be merged, except for minimal PRs. Some examples of minimal PRs include: ..."
Currently, the policy seems to be learning more towards the former based on the devguide [3], where it states "To accept your change we must have your formal approval for distributing your work under the PSF license. Therefore, you need to sign a contributor agreement which allows the Python Software Foundation to license your code for use with Python (you retain the copyright)".
However, it seems apparent to me that either this policy isn't explicit enough, has a lack of visibility, or simply isn't followed consistently. What might be a viable solution to this problem?
---
[2] - The term "minimal" can be interchanged with "trivial" for the most part in the above context, but I tend to prefer the former. IMO, it comes across as more respectful to the efforts made by the author, as even the smallest of PRs can require substantial efforts from first-time contributors that are entirely unfamiliar with the workflow; regardless of how small the change is.