This shows you the differences between two versions of the page.
Next revision | Previous revision Next revision Both sides next revision | ||
dco [2017/07/17 19:40] emsearcy created |
dco [2017/07/17 22:48] emsearcy re-word |
||
---|---|---|---|
Line 3: | Line 3: | ||
===== Background ===== | ===== Background ===== | ||
- | The DCO is a //per-commit// sign-off made by a contributor stating that they agree to the terms published at [[https://developercertificate.org/]] for that //particular// contribution. | + | The DCO is a per-commit sign-off made by a contributor stating that they agree to the terms published at [[https://developercertificate.org/]] for that //particular// contribution. |
When creating a commit with the Git CLI, a sign-off can be added with the ''%%-s%%'' option: [[https://git-scm.com/docs/git-commit#git-commit--s]]. The sign-off is stored as part of the commit message itself, as a line of the format: | When creating a commit with the Git CLI, a sign-off can be added with the ''%%-s%%'' option: [[https://git-scm.com/docs/git-commit#git-commit--s]]. The sign-off is stored as part of the commit message itself, as a line of the format: | ||
Line 15: | Line 15: | ||
* A contributor agreement may be signed by a third party, like a company, on behalf of its employees, whereas the DCO is always an attestation by the author of the contribution. | * A contributor agreement may be signed by a third party, like a company, on behalf of its employees, whereas the DCO is always an attestation by the author of the contribution. | ||
- | ===== Policy ===== | + | ===== IP policy requirements ===== |
- | All Linux Foundation projects MUST incorporate a mandatory mechanism to enforce the DCO. | + | When a Linux Foundation project's IP policy requires DCO signoffs for contributions, a mechanism shall be set up to enforce them. |
- | In the contributing guidelines for each project (e.g. a CONTRIBUTING.md file) the project SHOULD make explicit that the DCO is required, and that commit sign-offs of the form ''Signed-off-by:'' are attestations according to [[https://developercertificate.org/]]. | + | In the contribution guidelines for each project (e.g. a CONTRIBUTING.md file) the project should explain the DCO requirement, and that commit sign-offs of the form ''Signed-off-by:'' are attestations according to [[https://developercertificate.org/]]. |
===== Enabling DCO enforcement ===== | ===== Enabling DCO enforcement ===== | ||
- | |||
- | ==== Gerrit ==== | ||
- | |||
- | The project.config file must have the following configuration set, or inherited from a parent repository: | ||
- | |||
- | <code ini> | ||
- | [receive] | ||
- | requireSignedOffBy = true | ||
- | </code> | ||
==== GitHub ==== | ==== GitHub ==== | ||
- | Log in as user with Owner rights to an organization. Browse to the URL [[https://github.com/apps/dco]] and hit the "Install" (or "Configure") button. Select the organization to install it to. Select "All repositories". | + | Log in as user with Owner rights to a GitHub organization. Browse to the URL [[https://github.com/apps/dco]] and hit the "Install" (or "Configure") button. Select the organization to install it to. Select "All repositories". |
Browse to the settings for //each repository// in that organization. Choose "Branches" from the menu. If "master" does not show up under Protected Branches, select it from the "Choose a branch" drop-down. Enable "Protect this branch", "Require status checks to pass before merging" (and check the "DCO" status check if it is available). Repeat for the remaining repositories. | Browse to the settings for //each repository// in that organization. Choose "Branches" from the menu. If "master" does not show up under Protected Branches, select it from the "Choose a branch" drop-down. Enable "Protect this branch", "Require status checks to pass before merging" (and check the "DCO" status check if it is available). Repeat for the remaining repositories. | ||
- | For full protection, you should return to the branch protection screen for the branch to check "DCO" once it has been seen by GitHub. | + | To complete the configuration, you should return to the master branch protection screen---on each repository---to check "DCO" after this status check has been seen by GitHub. |
==== GitLab ==== | ==== GitLab ==== | ||
TBD | TBD | ||
+ | |||
+ | ==== Gerrit ==== | ||
+ | |||
+ | The project.config file must have the following configuration set, or inherited from a parent repository: | ||
+ | |||
+ | <code ini> | ||
+ | [receive] | ||
+ | requireSignedOffBy = true | ||
+ | </code> | ||
+ |