[I am resurrecting this post from March 2022 <https://lists.apache.org/thread/xpb0rzxf6ov19vdxonh2vxwfw02m26hc>.]
I am in favor of enabling *the "requires signature"* setting. I see Carter, Matt, Piotr, and myself always signing the commits. Ralph and Gary need to join the band too. it is pretty straightforward to configure <https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work>, though the practice doesn't pay off unless we all do it. *Question:* Shall we require signed commits?
