Merge pull request #601 from dev-sec/contribute_dco

add notice to sign-off work to contributor guideline
2024-11-10 09:14:18 +00:00 · 2022-11-17 13:58:08 +01:00 · 2022-11-17 13:58:08 +01:00 · 006e3bf75b
commit 006e3bf75b
parent dd97a90b65 98c645db5f
1 changed files with 19 additions and 1 deletions
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -15,7 +15,7 @@ In order to contribute code please:
 1. Fork the project on GitHub
 2. Clone the project
 3. Add changes (and tests)
-4. Commit and push
+4. Commit, sign off and push your changes
 5. Create a merge-request

 To have your code merged, see the expectations listed below.
@ -28,6 +28,24 @@ Some great guidelines can be found [here](https://wiki.openstack.org/wiki/GitCom

 ## Expectations

+## Sign off Your Work
+
+The Developer Certificate of Origin (DCO) is a lightweight way for contributors to certify that they wrote or otherwise have the right to submit the code they are contributing to the project.
+[Here is the full text of the DCO](http://developercertificate.org/).
+Contributors must sign-off that they adhere to these requirements by adding a `Signed-off-by` line to commit messages.
+
+```text
+This is my commit message
+
+Signed-off-by: Random J Developer <random@developer.example.org>
+```
+
+Git even has a -s command line option to append this automatically to your commit message:
+
+```text
+git commit -s -m 'This is my commit message'
+```
+
 ### Don't reinvent the wheel

 This hardening project doesn't intend to reinvent the configuration stack for services. Aim to use official configuration projects first and provide hardening as a layer on top. The goal is remove the need for a user to configure all aspects of services and maintain security configuration. This way, the user can still configure a service using the interface provided by the official project.