Good reading for the Wednesday morning;) yes I think we need to go there and maybe even ask it of our contributors.
On Wed, Apr 6, 2016 at 9:28 AM, Wido den Hollander <w...@widodh.nl> wrote: > Hi, > > Github just added [0] support for verifying GPG signatures of Git commits > to the > web interface. > > Under the settings page [1] you can now add your public GPG key so Github > can > verify it. > > It's rather simple: > > $ gpg --armor --export w...@widodh.nl > > That gave me my public key which I could export. > > Git already supports signing [2] commits with your key. > > This makes me wonder, is this something we want to enforce? To me it seems > like > a good thing to have. > > Wido > > [0]: https://github.com/blog/2144-gpg-signature-verification > [1]: https://github.com/settings/keys > [2]: https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work > -- Daan