I don't see that they have a CLA -- I can only find their note about the license contributors must take[0].
I guess that's one way around the CLA -- they don't need one if they force all contributions to be MIT in a file most people wouldn't read.
In the end people the actual likelihood of someone making a credible legal threat is low so it all seems somewhat spurious but great way to go around the overt beacon that requiring CLA signing is.
For a project that deals with signatures it should be pretty obvious that this does not quite work in a legally sound way. At least in the PR they will need some prove that I acknowledge to have read this Contributing.md. They is a reason why people go through the hassle of CLA signing flows. Wonder why they do not dog food their own system.
I guess that's one way around the CLA -- they don't need one if they force all contributions to be MIT in a file most people wouldn't read.
In the end people the actual likelihood of someone making a credible legal threat is low so it all seems somewhat spurious but great way to go around the overt beacon that requiring CLA signing is.
[0]: https://github.com/OpenSignLabs/OpenSign/blob/bb846442ecbaa3...