We may use this to assisting which CLA or DCO signature we should refer to for legal recordkeeping and auditing purposes.
To create commits on behalf of an organization ([per GitHub docs](https://docs.github.com/en/pull-requests/committing-changes-to-your-project/creating-and-editing-commits/creating-a-commit-on-behalf-of-an-organization)):
* you must be a member of the organization indicated in the trailer
* you must sign the commit
* your commit email and the organization email must be in a domain verified by the organization
* your commit message must end with the commit trailer on-behalf-of: @org `<name@organization.com>`
*`org` is the organization's username/slug
*`opensource@organization-name.tld`[^3] is in the organization's domain (the address can be used
as a public point of contact for open source efforts.)
[^3]:In the example, we use `opensource` as the email username part for `organization-name.tld` example domain,
but you can use something else, especially if you operate a [OSPO](https://go.recaptime.eu.org/handbook/ospo) with your organization/community.
If your organization does not have its own GitHub namespace or prefers not to mention it, you can use the organization's legal name instead[^4].
[^4]:For Fiscally Sponsored Organizations, especially those in open-source,
please consult with your fiscal sponsor's Terms of Fiscal Sponsorship for details on who hold the copyright. (Projects under Open Source Collective should consult their ToFS [here](https://docs.oscollective.org/getting-started/terms-of-fiscal-sponsorship).)
## Private sign off
If you would like to provide your legal name privately to the Recap Time Squad
# Frequently Asked Questions about Recap Time Squad DCO and CLA
## Developer Certificate of Origin
### How this work?
In DCO setup we follow a simple 'inbound=outbound' contribution model which simplify the process for anyone
while the FLA setup allows us to easily relicense contributions to any open-source [^1] license(s) as we see fit (though we may contact you privately if we want to use it internally)
at expense of going legalese.
[^1]:as approved by [our OSS licensing policy](../opensource/licensing-policy.md)
### Why I need to sign-off my commits? I also signed the Individual/Entity CLA too.
## Contributor Agreements
### How this work?
The Fiduciary License Agreement technically work like a traditional copyright assignment agreement, but with a special clause against
relicensing into proprietary one to prevent situtations like Elastic and more recently HashiCorp, unless we have direct permission from the Contributor as a original copyright holder before the transfer.
After signing, maintainers/copyright holders reciprocally grants the Contributor a non-exclusive worldwide, royalty-free, perpetual and irrevocable licence to same extent as it was originally transferred from the Contributor.
### Do I require to sign the CLA?
Signing the CLA alongside the DCO is recommended, although we do not force anyone to sign it alone.
### Under the Fiduciary Licence Agreement, who are considered as and can be a Trustee?
**TL;DR**: We mostly consult the `AUTHORS` file in the source directory to determine who's the copyright holder in each project. If that file doesn't exist, we follow the procedures stated below.
In officially-maintained projects from Recap Time Squad, the core team and community members who are chosen as copyright holders are the Trustees
alongside [our leadership council (collectively called "Squad Leads")][squad-leads] and [legal team][legal].
For community-maintained projects under our namespace(s), including those we adopt, we tend to err on the side of community maintainers unless they need our assistance.
These legal documents describe about our contributor license agreements within
our open-source projects, including any projects who adopt them in the future.
By default, we require users to sign-off their commits per [the Developer Certificate of Origin](./dco.md) to simplify the contribution process. Although we also have Individual and Entity CLAs based off the [FSFE]'s
[Fiduciary License Agreement 2.0][FLA-2.0], alongside maintaining a FAQ page to help ease some concerns.
