Linux Foundation Wiki

project collaboration site

User Tools

Site Tools


dco

Developer Certificate of Origin (DCO)

Background

The DCO is a per-commit sign-off made by a contributor stating that they agree to the terms published at https://developercertificate.org/ for that particular contribution.

When creating a commit with the Git CLI, a sign-off can be added with the -s option: https://git-scm.com/docs/git-commit#git-commit--s. The sign-off is stored as part of the commit message itself, as a line of the format:

Signed-off-by: Full Name <email>

DCO sign-offs differ from contributor agreements:

  • Contributor agreements are typically made once, covering for all future contributions.
  • A contributor agreement may be signed by a third party, like a company, on behalf of its employees, whereas the DCO is always an attestation by the author of the contribution.

Enabling DCO enforcement

GitHub

Log in as user with Owner rights to a GitHub organization. Browse to the URL https://github.com/apps/dco and hit the “Install” (or “Configure”) button. Select the organization to install it to. Select “All repositories”.

Browse to the settings for each repository in that organization. Choose “Branches” from the menu. If “master” does not show up under Protected Branches, select it from the “Choose a branch” drop-down. Enable “Protect this branch”, “Require status checks to pass before merging” (and check the “DCO” status check if it is available). Repeat for the remaining repositories.

To complete the configuration, you should return to the master branch protection screen—on each repository—to check “DCO” after this status check has been seen by GitHub.

GitLab

TBD

Gerrit

The project.config file must have the following configuration set, or inherited from a parent repository:

[receive]
    requireSignedOffBy = true
dco.txt · Last modified: 2017/07/17 22:49 by emsearcy