From cabb9ef3ad01884b98c003acba39b98034e41bbf Mon Sep 17 00:00:00 2001
From: Jennifer Power <barnabei.jennifer@gmail.com>
Date: Mon, 26 Aug 2024 08:24:38 -0400
Subject: [PATCH] docs: updates contributing guide with DCO information (#67)

* docs: updates contributing guide with DCO information

Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>

* docs: adds additional information around DCO requirements and background

Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>

---------

Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
---
 CONTRIBUTING.md | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 73b60db..646cc5c 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -60,6 +60,8 @@ We have also adopted [Contributor Covenant Code of Conduct](CODE_OF_CONDUCT.md).
 
 ## Legal
 
+### License Headers
+
 Each source file must include a license header for the Apache
 Software License 2.0. Using the SPDX format is the simplest approach.
 e.g.
@@ -80,13 +82,19 @@ e.g.
 # limitations under the License.
 ```
 
-We have tried to make it as easy as possible to make contributions. This
-applies to how we handle the legal aspects of contribution. We use the
-same approach - the [Developer's Certificate of Origin 1.1 (DCO)](https://oscal-compass.github.io/compliance-trestle/contributing/DCO/) - that the Linux® Kernel [community](https://elinux.org/Developer_Certificate_Of_Origin)
-uses to manage code contributions.
+### Developer's Certificate of Origin
+
+We have tried to make it as easy as possible to make contributions. This applies to how we handle the legal aspects of contribution. 
+
+We use the [Developer's Certificate of Origin 1.1 (DCO)](https://developercertificate.org/) to manage code contributions (the same approach as the Linux® Kernel [community](https://elinux.org/Developer_Certificate_Of_Origin))
+
+The DCO requires developers to sign off each of their commits to certify that they have the right to submit the code to the project and that they agree to license their contribution under the project's open source license.
 
-We simply ask that when submitting a patch for review, the developer
-must include a sign-off statement in the commit message.
+You can read more about the DCO and its guidelines [here](https://github.com/cncf/foundation/blob/main/dco-guidelines.md).
+
+Note that DCO sign-off is enforced on all repositories by [DCO bot](https://github.com/probot/dco). Commits with a missing sign-off will be required to be rebased with the sign-off statement added before being accepted.
+
+#### How to Sign Off
 
 Here is an example Signed-off-by line, which indicates that the
 submitter accepts the DCO:
@@ -100,7 +108,4 @@ local git repository using the following command:
 
 ```bash
 git commit --signoff
-```
-
-Note that DCO signoff is enforced by [DCO bot](https://github.com/probot/dco). Missing DCO's will be required to be rebased
-with a signed off commit before being accepted.
+```
\ No newline at end of file