add SPDX-License-Identifier and DCO information

this includes my personal signoff on the MAINTAINERS.md for DCO purposes

Signed-off-by: Brian S. Stephan <bss@incorporeal.org>

CONTRIBUTING.md

@@ -15,6 +15,39 @@ prioritization.
 
 ## Contributions
 
+### Sign Offs/Custody of Contributions
+
+I do not request the copyright of contributions be assigned to me or to the project, and I require no provision that I
+be allowed to relicense your contributions. My personal oath is to maintain inbound=outbound in my open source projects,
+and the expectation is authors are responsible for their contributions.
+
+I am following the the [Developer Certificate of Origin (DCO)](https://developercertificate.org/), also available at
+`DCO.txt`. The DCO is a way for contributors to certify that they wrote or otherwise have the right to license their
+code contributions to the project. Contributors must sign-off that they adhere to these requirements by adding a
+`Signed-off-by` line to their commit message, and/or, for frequent contributors, by signing off on their entry in
+`MAINTAINERS.md`.
+
+This process is followed by a number of open source projects, most notably the Linux kernel. Here's the gist of it:
+
+```
+[Your normal Git commit message here.]
+
+Signed-off-by: Random J Developer <random@developer.example.org>
+```
+
+`git help commit` has more info on adding this:
+
+```
+-s, --signoff
+    Add Signed-off-by line by the committer at the end of the commit log
+    message. The meaning of a signoff depends on the project, but it typically
+    certifies that committer has the rights to submit this work under the same
+    license and agrees to a Developer Certificate of Origin (see
+    http://developercertificate.org/ for more information).
+```
+
+### Submitting Contributions
+
 I don't expect contributors to sign up for my personal Gitea in order to send contributions, but it
 of course makes it easier. If you wish to go this route, please sign up at
 <https://git.incorporeal.org/bss/incorporeal-cms> and fork the project. People planning on
@@ -50,27 +83,3 @@ your change and to tell me how to pull your changes.
       formatting a good commit message.
     * Please make sure your Author contact information is stable, in case I need to reach you.
     * Consider cryptographically signing (`git commit -S`) your commits.
-
-### Custody of Contributions
-
-I do not request the copyright of contributions be assigned to me or to the project, and I require no
-provision that I be allowed to relicense your contributions. My personal oath is to maintain
-inbound=outbound in my open source projects, and the expectation is authors are responsible for their
-contributions.
-
-I am following the *spirit* of the [Developer Certificate of Origin](https://developercertificate.org/),
-but in a simplified fashion:
-
-By making a contribution to this project, you certify that:
-
-1. The contribution was created by you and you have the right to submit it under the open source license
-   indicated in the LICENSE file; or
-2. The contribution is based upon previous work that is covered under an appropriate open source license
-   compatible with the license indicated in the LICENSE file, and you have the right to contribute that
-   work with or without modifications, under the terms of that same open source license; or
-3. The contribution was provided directly to you by some other person who certified points 1, 2, or 3, and
-   you have not modified it.
-
-In the event of point 3, your commit **must** include the Signed-off-by line(s) as a chain of custody,
-via `git commit -s`. For points 1 and 2, your commit with accurate Author information doubles as direct
-custody.