[OpenSSF] Use Developer Certificate of Origin (DCO) #2026
Labels
enhancement
New feature or request
information
For development/intsructional purposes
standards / conventions
Suggestions on ways forward
Addressing a Problem?
When it comes to contributions, we currently use the Apache v2.0 software license, which all contributors are expected to have read and agreed to when they push code to the repository. The wording of the license is such that we probably don't need to manage Contributor Licensing Agreements (CLA, which is convenient for us).
There is however an issue that we don't currently ensure that the following information is available on every commit:
There is broad industry-wide adoption of the Developer Certificate of Origin (DCO), which is an assurance that the contributions/commits are being made with both the information of the contributor and with their informed agreement to the principles of the contributor guidelines and license.
This also helps contributors track ownership of their commits without relying on GitHub's history, if ever we decide to migrate the codebase in the future.
Potential Solution
Adoption is incredibly simple. The contributing documentation needs to add a mention that going forward, users agree to the Developer Certificate of Origin (DCO):
https://developercertificate.org/
Enabling DCO for all commits is very simple to enable
$ git config --global format.signoff true
If we want to enable a check for this:
dco-check
: https://github.com/WasmEdge/WasmEdge/pull/3451/filesAdditional context
https://medium.com/@michaelyuan_88928/a-complete-guide-to-dco-for-open-source-developers-fa063c17d9e7
https://wiki.linuxfoundation.org/dco
Contribution
Code of Conduct
The text was updated successfully, but these errors were encountered: