Why Every Dev Needs to Signoff Commits (Before It's Too Late)

Fahmi Aulia Rahman 5 min read Updated

Hey devs! Let me write something that might seem boring but could literally save your career one day.

TL;DR (For My Fellow Attention-Span-Challenged Devs)

Signing off your commits is like having insurance for your code contributions. It’s this simple legal thing that proves you had the right to contribute that code. It takes 2 seconds. Just add -s to your git commits. You’re welcome.

What Even Is Commit Sign-off? 🤔

Okay, so first things first - let’s not confuse this with signing commits (that’s the cryptographic stuff with GPG keys). Signoff is way simpler and arguably more important.

When you signoff a commit, you’re basically saying:

“Hey, I wrote this code (or I have permission to contribute it), and I’m allowed to submit it under this project.”

It shows up in your commit message like this:

feat: add super cool feature that will definitely not break prod

This feature does amazing things and totally won't cause any issues.

Signed-off-by: Your Name <your.email@example.com>

That Signed-off-by line? That’s your signoff. Simple as that.

The DCO (Developer Certificate of Origin) 📜

Most projects use something called the Developer Certificate of Origin (DCO). It’s basically a legal document that says you certify four things:

  1. You wrote the code (or have the right to submit it)
  2. If you based it on existing code, you have permission to use it
  3. If someone else wrote it, they gave you permission and certified it too
  4. You understand this is public and permanent

Think of it as a digital receipt that proves you didn’t just copy-paste proprietary code from your day job.

Real Talk: Why This Matters

When you signoff, you’re basically saying “I take responsibility for this contribution being legally clean.” It protects both you and the project.

How to actually do it (Talk is cheap, show me the code)

Herewith i already summarize several option to do the sign-off thing.

Option 1: The Manual Way

Just add -s or --signoff to your commit:

git commit -s -m "fix: fixed the bug"

Option 2: The “I Always Forget” Solution

Set up an alias so you don’t have to remember:

# Create an alias for commit + signoff
git config --global alias.cs "commit --signoff"

# Now just use:
git cs -m "feat: another brilliant contribution"

Option 3: The “Make It Automatic” Approach

You can set up a git hook to automatically add signoff, but honestly, the alias is probably easier.

Forgot to Signoff? No Problem

If you forgot and need to add it to your last commit:

git commit --amend --signoff

For older commits, you’ll need to do an interactive rebase, but let’s not overcomplicate things.

Signoff vs Signing: Know the Difference 🔐

Since people always mix these up:

Signoff (What We’re Talking About)

  • Legal thing: “I have the right to contribute this”
  • Easy: Just add -s flag
  • Shows up: In commit message as “Signed-off-by:”
  • Purpose: Legal protection and contribution tracking

Signing (Check details here) (The Crypto Thing) 🔑

  • Security thing: “This commit actually came from me”
  • Harder: Need GPG or SSH keys set up
  • Shows up: As verification badges on GitHub/GitLab
  • Purpose: Authentication and integrity

You can (and should) do both if the project supports it.

Common Gotchas and How to Avoid Them 🚨

1. Wrong Email Address

Make sure your signoff email matches your Git config:

git config --global user.name "Your Real Name"
git config --global user.email "your.email@example.com"

2. Squashing/Rebasing Issues

When you squash commits, make sure to preserve the signoff lines. Most Git tools handle this automatically, but double-check.

3. Contributing on Behalf of Your Company

If you’re contributing code as part of your job, make sure you’re authorized to do so. The signoff says YOU certify you have the right - so make sure you actually do.

4. Multiple Contributors

If multiple people worked on a commit, you can have multiple signoff lines:

Signed-off-by: Developer One <dev1@example.com>
Signed-off-by: Developer Two <dev2@example.com>

Making It a Habit 💡

Here’s how to make signoff second nature:

  1. Set up that alias I mentioned earlier
  2. Add it to your IDE - Most support commit signoff
  3. Use git hooks if you want full automation
  4. Practice on personal projects - Build the muscle memory

The goal is to make it so automatic you don’t even think about it.

The Bottom Line

Look, I get it. We know we just want to write code. But spending 2 seconds to add -s to your commits could save you from serious legal issues down the road.

Plus, it makes you look professional and shows you understand how real open source development works. And honestly, once you get in the habit, you won’t even notice you’re doing it.

So yeah, signoff your commits. Your future self will thank you.

Quick Reference Card 📋

# Basic signoff commit
git commit -s -m "your message"

# Set up alias
git config --global alias.cs "commit --signoff"

# Amend last commit to add signoff
git commit --amend --signoff

# Check if your commit has signoff
git log --oneline --grep="Signed-off-by"

Remember: This isn’t just about following rules - it’s about being a responsible contributor to the open source ecosystem. And honestly, it takes way more effort to write this article than to just add -s to your commits. So… just do it? ✌️

Happy coding (and signing off)! 🎉

About the author

Portrait of Fahmi Aulia Rahman

Fahmi Aulia Rahman

Software Engineer

Software engineer with 6+ years under the hood with new dad vibes — shipping cool stuff, learning out loud and keeping it real.