Enough folks followed up with me about this blog post addressing misconceptions about the Developer Certificate of Origin that I’ve taken another look at my various CLA forms and experiments, and decided to put a bit more energy on a solution I can actually recommend.
The basic idea is that instead of signing a CLA per project or per company, and instead of doing nothing in particular and relying on terms of service or some informal convention to save the day, you “sign” a single CLA, by forking it to your GitHub account. That CLA then applies whenever you submit a PR to a project with a steward consolidating all the license rights for contributions.
The most direct descendant is the Berneout Pledge, an old experiment that used the same signature mechanism, but implemented “I license the same as you”, rather than more the more permissive licensing typical for CLAs. I’ve also rebranded, obviously, to take it away from Berneout, my umbrella for experimental licensing work.
I do expect that some big projects will continue to want companies, and not just individuals, to sign CLAs. There’s no getting around requirements to get a company signature when the project requires a company signature.