From 900420cb072e55e4092e8a76f975c9fd3ec8b7b4 Mon Sep 17 00:00:00 2001 From: stianst Date: Mon, 30 Oct 2023 12:16:52 +0100 Subject: [PATCH] Blog post for DCO --- blog/2023/dco.adoc | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 blog/2023/dco.adoc diff --git a/blog/2023/dco.adoc b/blog/2023/dco.adoc new file mode 100644 index 00000000..7df0dc10 --- /dev/null +++ b/blog/2023/dco.adoc @@ -0,0 +1,29 @@ +:title: Developer Certificate of Origin +:date: 2023-10-30 +:publish: true +:author: Stian Thorgersen + +For any Open Source Project it is important that any contributions contain code that can legally be contributed to the +project, and that the project has the right to distribute it under its license. There are many ways to achieve this, +where two popular approaches are Developer Certificate of Origin (DCO) and Contributor License Agreement (CLA). + +https://developercertificate.org/[Developer Certificate of Origin (DCO)] is the most lightweight approach, which +requires contributors to sign-off on individual commits that are part of a contribution. This is easily done by using +the `--signoff` (`-s`) option when creating a commit. For example: + +.... +git commit -s -m "Description of the commit" +.... + +This adds a `Signed-off-by` statement at the end of the commit, where the contributor certifies they are following the +agreement laid out in the https://developercertificate.org/[Developer Certificate of Origin (DCO)]. + +Contributor License Agreement (CLA) on the other hand is a more complicated approach. As part of CLA any contributors +are required to sign an upfront agreement with the project before making any contributions. This provides a higher +barrier for contributors, and also a higher cost for the Open Source Project as it has to maintain a list of approved +contributors with a corresponding maintained archive of agreements. + +For Keycloak we decided to go with DCO as we believe it is much simpler both for contributors as well as maintainers. + +If you are interested in learning more about CLA vs DCO, +https://opensource.com/article/18/3/cla-vs-dco-whats-difference[opensource.com has an excellent article on the subject]. \ No newline at end of file