> > Hi, > > What do y'all think about requiring GPG signed commits for the php-src > repository? > > I had a look, and this is also something we can enforce through GitHub > as well (by using branch protections). > > cheers, > Derick > > > -- > https://derickrethans.nl | https://xdebug.org | https://dram.io > > Author of Xdebug. Like it? Consider supporting me: https://xdebug.org/support > > mastodon: @derickr@phpc.social @xdebug@phpc.social
+1 from me as well, and quite good timing with all the xz fiasco just last week. Git can also sign with SSH keys now, so this is now merely a config update