Closed jmeridth closed 6 months ago
Am now aware of GitHub's ToS (inbound=outbound) (thank you @zkoppert) and also after reading Ben Balter's blog post on this topic, I'm torn. If the ToS is sufficient, I don't think additional overhead is warranted. I'm still a fan of authors signing their commits 😄 🤔
Closing in favor of (inbound = outbound) aka Contribution under Repository License
Is your feature request related to a problem?
I'm a fan of having PRs use the DCO GitHub App to enforce the Developer Certificate of Origin aka commit signing on all commits (contribution confirmation and ownership).
It's better than CLAs (in my opinion) and easier to ensure.
Related OSPO Tool
automatic-contrib-prs GitHub Action, cleanowners GitHub Action, contributors GitHub Action, evergreen GitHub Action, issues-metrics GitHub Action, stale-repos GitHub Action, internal-contribution-forks GitHub App
Describe the solution you'd like
Add the app to each of the OSPO tools. Before we do that we'd update the pull request template and CONTRIBUTING.md mentioning the change and requirement.
Describe alternatives you've considered
Certificate License Agreement (CLA) is an older way to do the same thing, confirm ownership and who is contributing.
Additional context
Currently we mention Legal Notice in our CONTRIBUTING.md but don't confirm it in any way.