Related to #1
This appears to be a fairly widespread mechanism as an alternative to requiring contributors to sign a CLA. It is published by the Linux Foundation and used by several prominent projects, such as the Linux Kernel and git. Its text is found here: https://developercertificate.org/
Github has an app which enforces the policy on PR's so that they cannot merge until appropriately signed off.
https://github.com/apps/dco
This page looks to be a great reference to get new contributors familiar with the requirements. It also describes how to correct commits which had not been signed off correctly.
https://www.secondstate.io/articles/dco/
Related to #1
This appears to be a fairly widespread mechanism as an alternative to requiring contributors to sign a CLA. It is published by the Linux Foundation and used by several prominent projects, such as the Linux Kernel and git. Its text is found here: https://developercertificate.org/
Github has an app which enforces the policy on PR's so that they cannot merge until appropriately signed off.
https://github.com/apps/dco
This page looks to be a great reference to get new contributors familiar with the requirements. It also describes how to correct commits which had not been signed off correctly.
https://www.secondstate.io/articles/dco/