Add Developer's Certificate of Origin (DCO) #44
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Several major projects and companies (Linux, Gitlab, Chef, in particular) have adopted a contribution agreement named the developer certificate of origin (“DCO”), which is clearer and less complex legally than Contributor License Agreements. I think this is a prudent move for compserv's projects, especially given that we will have large numbers of contributors (candidates, officers) who will rotate out due to inactivity, graduation, or the otherwise temporary commitment of officership. This will make it clear to everyone that we intend to redistribute the work of contributors, or potentially relicense this work (if consistent with the current license). Hopefully this will also avoid any future issues of a contributor attempting to revoke their work. In particular, open-sourcing hkn-rails may bump into these issues, because of the lack of explicit contribution agreement - we will most likely have to ask for written permission from each contributor. Workflow-wise, this will require committers sign-off on major commits (everything that isn't an obvious fix, i.e. pull requests), but git makes this easy with the `-s` flag (not the `-S` GPG signing flag): `git commit -s -m "..."` The original text can be found at https://developercertificate.org/. Gitlab's analysis: https://docs.google.com/document/d/1zpjDzL7yhGBZz3_7jCjWLfRQ1Jryg1mlIVmG8y6B1_Q. Chef's analysis: https://blog.chef.io/2016/09/19/introducing-developer-certificate-of-origin/
|
lol didn't sign off this commit, I think I already see how challenging this will be to get people to sign this |
4 tasks
|
Fall 2021 Officers are aware of this and decided to leave it open for future use |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Several major projects and companies (Linux, Gitlab, Chef, in particular) have adopted a
contribution agreement named the developer certificate of origin (“DCO”), which is clearer
and less complex legally than Contributor License Agreements.
I think this is a prudent move for compserv's projects, especially given that we will
have large numbers of contributors (candidates, officers) who will rotate out due
to inactivity, graduation, or the otherwise temporary commitment of officership. This
will make it clear to everyone that we intend to redistribute the work of contributors,
or potentially relicense this work (if consistent with the current license). Hopefully this
will also avoid any future issues of a contributor attempting to revoke their work.
In particular, open-sourcing hkn-rails may bump into these issues, because of the lack of
explicit contribution agreement - we will most likely have to ask for written permission
from each contributor.
Workflow-wise, this will require committers sign-off on major commits (everything that isn't an
obvious fix, i.e. pull requests), but git makes this easy with the
-sflag (not the-SGPG signingflag):
git commit -s -m "..."The major downside of this will most likely be having to request agreement from past committers, and having future committers use the
-sflag, but because of our cordial relations I think agreeing on signoffs on pull requests only (and not necessarily every individual commit) will be feasible.The original text can be found at https://developercertificate.org/.
Gitlab's analysis:
https://docs.google.com/document/d/1zpjDzL7yhGBZz3_7jCjWLfRQ1Jryg1mlIVmG8y6B1_Q.
Chef's analysis:
https://blog.chef.io/2016/09/19/introducing-developer-certificate-of-origin/