[
https://issues.apache.org/jira/browse/OLINGO-1531?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17363380#comment-17363380
]
mibo commented on OLINGO-1531:
------------------------------
Hi [~sourabhsparkala],
Thanks for the suggestion and I also know about the issues (or attack vectors)
which may come if no signed commits are used.
Unfortunately there is no way to make it mandatory (at least yet and as I know,
see e.g. [GitHub
docu|https://docs.github.com/en/github/authenticating-to-github/managing-commit-signature-verification]).
Hence, the only thing I can do currently is to add this as a note or
requirement to the contribution guide for Olingo. And then it must be manually
followed and checked by all contributors.
What I can do is to start here the discussion or even better you or I bring it
to our dev mailing list.
If then there are no objections by the other contributors/maintainers we could
update our contribution guide.
What do you think?
Kind Regards, Michael
> Suggestion to use Signed Commits in Apache Olingo
> -------------------------------------------------
>
> Key: OLINGO-1531
> URL: https://issues.apache.org/jira/browse/OLINGO-1531
> Project: Olingo
> Issue Type: Task
> Components: MISC
> Affects Versions: (Java) V4 4.8.0
> Reporter: Sourabh Sarvotham Parkala
> Assignee: mibo
> Priority: Minor
>
> Use Signed Commits while contributing to Olingo project’s repository. The
> reason being signed commits give people more confidence about the author of
> the changes.
>
> DOD:
> 1. The contributors should use signed commits while contributing.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
