We first discussed commit signatures in March 2022 <https://lists.apache.org/thread/xpb0rzxf6ov19vdxonh2vxwfw02m26hc>, and established it in January 2023 via lazy census by Carter, Gary, Matt, Piotr, and myself <https://lists.apache.org/thread/9d53znkksfkw0rkmgb4pk1ws95m4y3nb>. Even though, in the PR template, we explicitly state it is obligatory and we share instructions on how to sign commits, users/maintainers struggle a lot. *I suggest dropping the requirement of commits to be signed. Objections?*
On Sun, Jan 15, 2023 at 8:44 PM Volkan Yazıcı <[email protected]> wrote: > It sounds like we have a lazy consensus here. > > Piotr, I see your point. I think we need to point this out in a GitHub > Pull Request template > <https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/creating-a-pull-request-template-for-your-repository>, > which we have none right now. There I also would like to have certain > checks anyway: > > - Changelog entry > - Signed commits > - Tests > - etc. > > Created #1207 <https://github.com/apache/logging-log4j2/issues/1207> for > this. > > On Fri, Jan 13, 2023 at 2:42 PM Piotr P. Karwasz <[email protected]> > wrote: > >> Hi Volkan, >> >> On Fri, 13 Jan 2023 at 10:56, Volkan Yazıcı <[email protected]> wrote: >> > *Question:* Shall we require signed commits? >> >> I am obviously Ok with signing, but what should we do with unsigned >> PRs? I would prefer to document the requirement somewhere (in the PR >> template?) so that we don't have to `rebase -f` everything. >> >> Piotr >> >
