dcoapp/app

Reduces cost of using DCO

alexec opened this issue · 1 comments

alexec commented

Is there anyway to make DCO fundamentally less costly to use?

I’ve seen that engineers spend a lot of time fixing DCO checks, if you factor in the merge conflicts and time lost to context switching, I’d estimate around 30m per pull request. If DCO is used on (say) 5,00,000 pull requests a year and engineers cost around $100/hr, then we’re looking at $250,000,000 spend of fixing DCO each year for the Open Source community. Maybe you think there are fewer pull requests with DCO, so maybe you think fixing it is only $100,000,00 a year? LMK if you have better numbers.

I see even experienced engineers loosing time to fixing DCO checks because there are just too many ways to fail to sign-off a commit. Just forget, use wrong args, merge in master, rebase, use Codespaces, accept a suggestion to a pull request can cause this and you only need one non-signed-off commit to fail a PR.

How can we make it less costly?

  • Remove DCO for all projects.
  • Github provides a button to sign-off commits post-hoc.
  • DCO check only requires one commit signed-off.
  • DCO check provides a button to fix commits.

What else?

I think this could be fixed buy having it respect GPG signatures, since I assume your and many other corporate teams are gpg signing commits. That's something I definitely would like and would make me a lot less frustrated when using this thing.