Hi all, I'd like to bring up an idea that could help us strengthen the security and integrity of our codebase: *enabling signed commits* ( https://git-scm.com/book/ms/v2/Git-Tools-Signing-Your-Work).
Here’s why I think this is worth considering: 1. *Trust and Authenticity*: Signed commits verify that the code changes are coming from a trusted contributor, reducing the risk of impersonation or malicious commits. 2. *Accountability*: It ensures that every commit is tied to a specific developer, making it easier to track contributions and maintain transparency. 3. *Security Best Practice*: Many opensource projects are adopting signed commits as a standard practice to protect against tampering. I think it's a small change with nice benefits, and setting it up is pretty straightforward. If this sounds good, I’d be happy to help draft a quick guide or collaborate on implementing it. Let me know what you think.. Kristof
