+1 On Fri, Feb 7, 2025 at 3:00 AM Petri Tuomola <pe...@tuomola.org> wrote:
> Agreed > > +1 > > On Fri, 7 Feb 2025 at 18:55, Aleksandar Vidakovic < > chee...@monkeysintown.com> wrote: > >> ... definitely a good idea and no effort at all for the individual >> committer... >> >> +1 >> >> On Thu, Feb 6, 2025 at 6:30 PM Kristof Jozsa <kristof.jo...@gmail.com> >> wrote: >> >>> Hi all, >>> >>> I'd like to bring up an idea that could help us strengthen the security >>> and integrity of our codebase: *enabling signed commits* ( >>> https://git-scm.com/book/ms/v2/Git-Tools-Signing-Your-Work). >>> >>> Here’s why I think this is worth considering: >>> >>> 1. >>> >>> *Trust and Authenticity*: Signed commits verify that the code >>> changes are coming from a trusted contributor, reducing the risk of >>> impersonation or malicious commits. >>> 2. >>> >>> *Accountability*: It ensures that every commit is tied to a specific >>> developer, making it easier to track contributions and maintain >>> transparency. >>> 3. >>> >>> *Security Best Practice*: Many opensource projects are adopting >>> signed commits as a standard practice to protect against tampering. >>> >>> I think it's a small change with nice benefits, and setting it up is >>> pretty straightforward. If this sounds good, I’d be happy to help draft a >>> quick guide or collaborate on implementing it. >>> >>> Let me know what you think.. >>> Kristof >>> >>> -- *Ed Cable* President/CEO, Mifos Initiative edca...@mifos.org | Skype: edcable | Mobile: +1.484.477.8649 *Collectively Creating a World of 3 Billion Maries | *http://mifos.org <http://facebook.com/mifos> <http://www.twitter.com/mifos>
