On Tue, 2 Apr 2024, Calvin Buckley wrote: > On Apr 2, 2024, at 11:15 AM, Derick Rethans <[email protected]> wrote: > > > > What do y'all think about requiring GPG signed commits for the php-src > > repository? > > > > I had a look, and this is also something we can enforce through GitHub > > as well (by using branch protections). > > Would this affect only direct pushes to master, or would it be required > for pull requests too? I'd be worried the average drive-by contributor > wouldn't have GPG signing set up.
As Ayesh said, you can also use SSH for this now: https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification#ssh-commit-signature-verification I think it would apply to people merging the commits. But, I am not 100% sure (until we try, I suppose). cheers, Derick -- https://derickrethans.nl | https://xdebug.org | https://dram.io Author of Xdebug. Like it? Consider supporting me: https://xdebug.org/support mastodon: @[email protected] @[email protected]
