Author: Wladimir 2014-05-21 17:10:20
Published on: 2014-05-21T17:10:20+00:00
In an email exchange between Chris Beams and Wladimir J. van der Laan, the two discussed the idea of requiring signed commits in Github development process. While Chris expressed his willingness to comply with such a requirement, he also pointed out arguments against commit signing and referred to Linus Torvalds' negative opinion on it. Wladimir was open to the idea of signing tags instead but questioned how that would work and how it would be integrated into the current process. He acknowledged that while most people would forget to sign commits, he would remind them but not require it as he did not want to create any extra barriers for developers. However, Chris suggested rejecting pull requests without signed commits to reduce the risk of Github hacks posing a threat. Wladimir agreed with this suggestion as it added an extra layer of protection.
Updated on: 2023-06-08T23:12:28.630418+00:00