Agreed +1
On Fri, 7 Feb 2025 at 18:55, Aleksandar Vidakovic <chee...@monkeysintown.com> wrote: > ... definitely a good idea and no effort at all for the individual > committer... > > +1 > > On Thu, Feb 6, 2025 at 6:30 PM Kristof Jozsa <kristof.jo...@gmail.com> > wrote: > >> Hi all, >> >> I'd like to bring up an idea that could help us strengthen the security >> and integrity of our codebase: *enabling signed commits* ( >> https://git-scm.com/book/ms/v2/Git-Tools-Signing-Your-Work). >> >> Here’s why I think this is worth considering: >> >> 1. >> >> *Trust and Authenticity*: Signed commits verify that the code changes >> are coming from a trusted contributor, reducing the risk of impersonation >> or malicious commits. >> 2. >> >> *Accountability*: It ensures that every commit is tied to a specific >> developer, making it easier to track contributions and maintain >> transparency. >> 3. >> >> *Security Best Practice*: Many opensource projects are adopting >> signed commits as a standard practice to protect against tampering. >> >> I think it's a small change with nice benefits, and setting it up is >> pretty straightforward. If this sounds good, I’d be happy to help draft a >> quick guide or collaborate on implementing it. >> >> Let me know what you think.. >> Kristof >> >>
