... definitely a good idea and no effort at all for the individual committer...
+1 On Thu, Feb 6, 2025 at 6:30 PM Kristof Jozsa <kristof.jo...@gmail.com> wrote: > Hi all, > > I'd like to bring up an idea that could help us strengthen the security > and integrity of our codebase: *enabling signed commits* ( > https://git-scm.com/book/ms/v2/Git-Tools-Signing-Your-Work). > > Here’s why I think this is worth considering: > > 1. > > *Trust and Authenticity*: Signed commits verify that the code changes > are coming from a trusted contributor, reducing the risk of impersonation > or malicious commits. > 2. > > *Accountability*: It ensures that every commit is tied to a specific > developer, making it easier to track contributions and maintain > transparency. > 3. > > *Security Best Practice*: Many opensource projects are adopting signed > commits as a standard practice to protect against tampering. > > I think it's a small change with nice benefits, and setting it up is > pretty straightforward. If this sounds good, I’d be happy to help draft a > quick guide or collaborate on implementing it. > > Let me know what you think.. > Kristof > >
