Issue under discussion here:
https://github.com/OpenChain-Project/License-Compliance-Specification/issues/62

== Here is what we currently have: ==

3.5.1 - Contributions
If an organization considers contributions to open source projects, then
a written policy shall exist that governs contributions to open source projects;
the policy shall be internally communicated; and
a process shall exist that implements the policy

Verification material(s):

If an organization permits contributions to open source projects, then the following shall exist:
3.5.1.1 - A documented open source contribution policy;
3.5.1.2 - A documented procedure that governs open source contributions; and
3.5.1.3 - A documented procedure that makes all program participants aware of the existence of the open source contribution policy (e.g., via training, internal wiki, or other practical communication method).

== Discussion ==

On the January 2023 North America / Europe call we discussed whether more details were needed. For example, should we say what the policy should contain?

It was agreed that with our official focus of "the what and why" (avoid the how and when), it is appropriate to remain high level.

== January 2023 North America / Asia call participants outcome ==

Discussion on call had this outcome: the current text fits the "what" approach and we should avoid going to "how," so we will not change this text in the next iteration of the specification. Issue is being closed. Can reopen if people feel strongly.