On Tue, 2 Apr 2024, Derick Rethans wrote: > What do y'all think about requiring GPG signed commits for the php-src > repository? > > I had a look, and this is also something we can enforce through GitHub > as well (by using branch protections).
It seems that most of the reply to this was positive, although with the realisation that it wouldn't be a panacea. I will therefore propose a minimalistic RFC to create this requirement to sign commits to all branches, in the next few days. I probably would have prefered requiring *GPG* signing (due to a web of trust), but GitHub's requirement isn't that granuar (it's either SSG+GPG, or nothing). Any other opinions, I'd be delighted to hear them. cheers, Derick -- https://derickrethans.nl | https://xdebug.org | https://dram.io Author of Xdebug. Like it? Consider supporting me: https://xdebug.org/support mastodon: @[email protected] @[email protected]
