docs: require DCO signoff on every commit (fixes #6 from adversarial review)
All checks were successful
All checks were successful
Every commit MUST be signed off (git commit -s). Preserves the copyright-holder's option to dual-license later — without a DCO/CLA instrument, every external contribution erodes that option (ADR-0004). Particularly load-bearing under multi-agent parallel authorship, where multiple sessions commit in parallel and the DCO is the only per-commit aggregation instrument. Adds DCO.md with the full Linux-Foundation DCO text + the agents-sign-off- with-the-human's-identity rule. AGENTS.md Git workflow gains the DCO bullet.
This commit is contained in:
@@ -250,6 +250,15 @@ and "why isn't X here?" questions. Consult it before adding anything.
|
||||
each land as separate commits when practical. Don't bundle unrelated work.
|
||||
- **Never commit secrets.** The `.gitignore` already covers `.env*`, `*.pem`, `*.key`. If
|
||||
a new secret pattern appears, extend `.gitignore` in the same commit.
|
||||
- **Developer Certificate of Origin (DCO) — REQUIRED on every commit.** Every commit
|
||||
MUST be signed off (`git commit -s` or `git commit --signoff`) to attest the author
|
||||
has the right to contribute the code under the project's license (GPL-3.0-or-later,
|
||||
ADR-0004). This preserves the copyright-holder's option to dual-license later —
|
||||
without a DCO/CLA instrument, every external contribution erodes that option. See
|
||||
[`DCO.md`](DCO.md) for the full text. The signoff line (`Signed-off-by: Name <email>`)
|
||||
is the canonical attestation; CI (planned) will reject unsigned commits. Agents
|
||||
committing on behalf of a human MUST sign off with the human's name + email, not
|
||||
their own identity.
|
||||
- **PR description template** (for non-trivial PRs):
|
||||
```
|
||||
## What lands
|
||||
|
||||
Reference in New Issue
Block a user