Add Developer Certificate of Origin (DCO)

[schiessle]

As discussed with @karlitschek this PR adds a "Developer Certificate of Origin" (DCO) and a description how to apply it.

Basically all commits need to be signed with signed-off-by: your name <your email address>. git commit -s already does this for you.

Additionally I would add a bot which checks all commits of a PR if it contains this "signed-off-by" line.

cc @jospoortvliet to review the textual changes to CONTRIBUTING.md

[mention-bot]

@schiessle, thanks for your PR! By analyzing the annotation information on this pull request, we identified @LukasReschke, @MariusBluem and @MorrisJobke to be potential reviewers

[karlitschek]

nice 👍

[MariusBluem]

👍 I've already done this on several PRs 😉

[LukasReschke]

Additionally I would add a bot which checks all commits of a PR if it contains this "signed-off-by" line.

Let's wait with the merge until this is in. See .drone.yml on how to do that. Basically copy and adjust

server/.drone.yml

Lines 19 to 28 in e9780b7

	app-check-code:
	image: nextcloudci/php7.0:php7.0-2
	commands:
	- ./occ app:check-code admin_audit
	- ./occ app:check-code comments
	- ./occ app:check-code federation
	- ./occ app:check-code workflowengine
	when:
	matrix:
	TESTS: app-check-code

and

server/.drone.yml

Line 159 in e9780b7

- TESTS: app-check-code

[LukasReschke]

This is not a good explanation. This is what the git commit history is for. I'd rather start with the actual reasoning that this is for.

[schiessle]

That's not from me. That's the from https://github.com/wking/signed-off-by and more or less the default way to do it.

But let's see what I can do.

[LukasReschke]

Suuuuper complicated stuff above and I doubt it will ever be used as it implies rewriting the history. ;)

[schiessle]

we don't want to rewrite history... We want to use it from now on

[LukasReschke]

Yes. But NOBODY will use Tested-by orAcked-by and so on after a PR has been reviewed (as it requires rewriting the branch history).

This is superfluos information that just confuses user. See https://github.com/docker/docker/blob/master/CONTRIBUTING.md#sign-your-work on how to make it smaller.

[schiessle]

That's just a "you can if you want". if nobody want to... fine. Anyway I just removed it. I don't care about it. It doesn't hurt if someone add extra tags but it also doesn't hurt if we don't mention it.

[LukasReschke]

Not a fan of that. But well… whatever…

[LukasReschke]

Note that with the ownCloud CLA you can easily commit anonymous or with pseudonyms by just stating the contribution to be MIT licensed.

[schiessle]

If you want to have something legally valid you need a real name. A "yes I have the right to give it to you under the AGPL" by SuperHacker83 doesn't make any sense

[schiessle]

Simplified as much as possible. Yes, this adds some additional overhead for contributors. But the overhead is quite small and it improves the legal certainty, that's why we want to have it.

[LukasReschke]

Fair enough. No idea about it to be honest but let me add a CI entry.

That said:

👎, your commit doesn't include the DCO. 😉

[schiessle]

but let me add a CI entry.

Thanks!

your commit doesn't include the DCO. 😉

At the moment the contributor guidelines doesn't say that it have to... Anyway, just for Lukasli... 😉 

[LukasReschke]

👍 , added the checker to drone

[blizzz]

Yes, this adds some additional overhead for contributors. But the overhead is quite small and it improves the legal certainty, that's why we want to have it.

Isn't the overhead that you as contributor need to verify whether you hurt a random patent?

[oparoz]

FYI, there is zero overhead with the new PHPStorm. Just tick the box and your commits are signed.

[blizzz]

Adding the -s to git commit is easily possible in multiple ways, but this is not my concern. It's a legal-related question.

[oparoz]

Sorry, I wasn't replying to you directly. I just wanted to mention that it's now easily possible to do without having to create aliases and use alternative git commands :)