Introducing the Docker Developer Certificate of Origin

We’re really excited by the level of engagement and effort we’ve seen from the many contributors to Docker. This week we’ve reached 291 individual contributors to the Docker core with the project being forked almost 1300 times. The project has grown amazingly fast and we want to thank you all for your awesome work!

As the project gains momentum, we want to make sure that we put in place the appropriate legal structure for contributions. With the huge number of organizations using Docker, and with over 150 derivative projects built on top of Docker, we want everyone to be sure that they can use Docker without worrying about a copyright claim or having some important piece of functionality ripped out of Docker.

By the same token, we don’t want to put an onerous legal block to contributing. And, we want everyone who contributes to know that they—not Docker—have the copyright to their code.

To that end, we’ve borrowed a great idea from the Linux Kernel Project—A Developer’s Certificate of Origin or DCO.

Rather than having individual contributors have to read through, print off, sign, or get approval for a Contributor License Agreement, you instead put a one line DCO signature int your contribution.

For our DCO we’ve chosen one that is almost identical to that used by the Linux Kernel project because it’s simple, well known and well accepted.

This DCO lets us know that you are entitled to contribute this code to Docker and that you are willing to have it used in distributions and derivative works. This means that should there be any kind of legal issue in the future as to the origins and ownership of any particular piece of code, we will have the necessary information to protect contributors, derivative projects, and users from copyright claims.

More formally, by including the DCO signature, you are stating that one or more of the following is true of your contribution:

  1. You created this contribution/change and have the right to submit it to the Project; or
  2. You created this contribution/change based on a previous work with a compatible open source license; or
  3. This contribution/change has been provided to you by someone who did 1 or 2 and you are submitting the contribution unchanged.
  4. You understand this contribution is public and may be redistributed as open source software.

Practically what does this mean for you?  From today all commits you submit to the Docker or Docker-Registry projects needs to have the following sign off line in the commit message:

Docker-DCO-1.1-Signed-off-by: John Smith <jsmith@example.com> (github: jsmith_github)

Replacing John Smith’s details with your name, email address and GitHub username.

These guidelines will also always be available in the source of the Docker project.

If you have already made contributions, we’ll be contacting you with a simple, one step way to sign all existing contributions.


Introducing the Docker Developer Certificate of Origin


One Response to “Introducing the Docker Developer Certificate of Origin”

Leave a Reply to Marco Roy

Click here to cancel reply.

Get the Latest Docker News by Email

Docker Weekly is a newsletter with the latest content on Docker and the agenda for the upcoming weeks.