ppkarwasz commented on PR #3967: URL: https://github.com/apache/logging-log4j2/pull/3967#issuecomment-3460407228
Hi @garydgregory, > Always with the Byzantine bureaucracy... It's rather some technical detail. Commits to `2.x` and `main` require signatures since b1db50b993c8758fca7da3522f0ffbf9dd30d1f6 (2024-04-22). Since then you have successfully merged PRs with **unsigned** commits. For example e6392aac4714b6afdc4817a441aa6c8912be2f5a is unsigned, but GitHub signed it, when you merged the PR: 43a0e29781d1ca0be9306124d360ab451e531ddd. If setting up signing is a problem, we can discuss it on `dev@logging`. Having only signed commits on `2.x` and `main` provides a nice audit log, but maybe now GitHub is refusing to sign PRs, unless all the commits in the PR are signed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
