ytti/gist:7829e8484378c9b50d162555ee3eb8f1

## gistfile1.txt
Problem statement: You require that your contributors sign a contract, perhaps to relinquish the copyright, perhaps to accept the licensing terms. This disincentivizes contributing due to creating barrier of entry.

Paid repositories could have opt-in feature for 'approved contributors only'. If repository owner has opted-in, then every pull request signature is verified to come from pre-approved developer. If pull request is not from appreved developer the developer is presented with a process to become approved developer.

The process starts with a web page where developer writes personal string or draws personal picture, after that is done, the web page queries for an email address and then repsents random string used for signature later.
After the email arrives to a developer, developer clicks on the URL and is directed to a web page, which presents the personal string or personal picture and developer is asked if they made it. If they answer 'yes', they are presented with terms of agreement, if they accept the terms by signing with the random string offered on first page, they are given opportunity to upload their PGP public key and become an approved developer and pull request becomes visible in the repository.

The personal string/picture is meant to remove possibility of MITM, MITM would have to know what you wrote or draw.
The requirement for random string to be presented as signature is to ensure that same person who saw the first page, clicked on the email link.

Further development, commits/PRs should be tagged with term version, so if terms are updated, we know which term version specific part of code is agreeing to and further we can add automatic process to requery the contributors to accept change of the licensing terms to all their contributors. And potentially we can remove those parts of code where contributors did not agree in due time for the new terms.
	Problem statement: You require that your contributors sign a contract, perhaps to relinquish the copyright, perhaps to accept the licensing terms. This disincentivizes contributing due to creating barrier of entry.

	Paid repositories could have opt-in feature for 'approved contributors only'. If repository owner has opted-in, then every pull request signature is verified to come from pre-approved developer. If pull request is not from appreved developer the developer is presented with a process to become approved developer.

	The process starts with a web page where developer writes personal string or draws personal picture, after that is done, the web page queries for an email address and then repsents random string used for signature later.
	After the email arrives to a developer, developer clicks on the URL and is directed to a web page, which presents the personal string or personal picture and developer is asked if they made it. If they answer 'yes', they are presented with terms of agreement, if they accept the terms by signing with the random string offered on first page, they are given opportunity to upload their PGP public key and become an approved developer and pull request becomes visible in the repository.

	The personal string/picture is meant to remove possibility of MITM, MITM would have to know what you wrote or draw.
	The requirement for random string to be presented as signature is to ensure that same person who saw the first page, clicked on the email link.

	Further development, commits/PRs should be tagged with term version, so if terms are updated, we know which term version specific part of code is agreeing to and further we can add automatic process to requery the contributors to accept change of the licensing terms to all their contributors. And potentially we can remove those parts of code where contributors did not agree in due time for the new terms.