Requiring Signed-off-by in commits

[jbenet]

As @chriscool pointed out in #204, many Open Source projects have begun requiring Signed-off-by in commits, for example:

• Git: https://github.com/git/git/blob/master/Documentation/SubmittingPatches
• Docker: https://github.com/docker/docker/blob/master/CONTRIBUTING.md#sign-your-work

Additionally, we can also require commits to have a License trailer in the commit message itself. This would ensure the code is licensed appropriately.

This change would make it cumbersome to contribute (as all commits would have to bear the sign-off and license trailers), but it would ensure proper OSS hygiene. The alternative is to do what other projects also do: setup a signature-collection CLA form.

There are also tools (like git interpret-trailers, https://github.com/wking/signed-off-by) that make this much easier. We can also include github hooks that fail the build if the commit isn't signed + licensed properly (e.g. https://www.clahub.com/).

---

At this point I'm not certain on the path forward, just opening this for discussion + decision making.

[jbenet]

Side note: wish git commits included a "License" field :)

[chriscool]

Its easy to use a commit template and this way you don't even need to use git interpret-trailers, just try the following:

$ cat >commit_template.txt <<EOF

License: MIT
Signed-off-by: Christian Couder chriscool@tuxfamily.org
EOF
$ git config commit.template commit_template.txt

Or you can use the commit-msg hook like this:

$ cat >.git/hooks/commit-msg <<EOF
#!/bin/sh
echo "License: MIT" >>"$1"
echo "Signed-off-by: $(git config user.name) &lt;$(git config user.email)>" >>"$1"
EOF
$ chmod +x .git/hooks/commit-msg

We could ship a shell script that does the above and ask every one to run it before sending PR.

[chriscool]

FYI the git interpret-trailers doc is here:

https://github.com/git/git/blob/master/Documentation/git-interpret-trailers.txt

There is an EXAMPLES section at the end.

[chriscool]

I made a mistake in the above commit-msg hook.
The following works:

$ cat >.git/hooks/commit-msg <<'EOF'
#!/bin/sh

grep "^License:" "$1" || {
        echo >>"$1"
        echo "License: MIT" >>"$1"
        echo "Signed-off-by: $(git config user.name) <$(git config user.email)>" >>"$1"
}
EOF
$ chmod +x .git/hooks/commit-msg

In fact I will send a PR with a script doing the above.

[jbenet]

A wrench thrown into signoffs: vendoring code into the repo carries a different license and thus the "all the code contributed in this commit carries the license specified in this commit message" statement gets comlicated.