Valeria Sasvari created FINERACT-2177:
-----------------------------------------
Summary: Git signed commits
Key: FINERACT-2177
URL: https://issues.apache.org/jira/browse/FINERACT-2177
Project: Apache Fineract
Issue Type: New Feature
Components: Security
Reporter: Valeria Sasvari
Implement Git signed commits in the Apache Fineract project to enhance the
security and authenticity of contributions, ensuring that all commits are
verified and trusted. Following the lead of other Apache Software Foundation
projects, such as Apache HTTP Server and Apache Kafka which have already
adopted signed commits we aim to align with this best practice to strengthen
our security posture.
Security Benefits:
* Authenticity: Signed commits ensure that each commit is made by a verified
contributor, reducing the risk of impersonation.
* Integrity: Signed commits provide a cryptographic guarantee that the code
has not been tampered with since it was committed.
* Trust: By enforcing signed commits, the project can build greater trust with
its users and contributors, knowing that the codebase is secure and verified.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
