I think this is a great step forward. With commit signatures required, I think the person who merges a PR now needs to do so locally. [GitHub CLI](https://cli.github.com/) helps me a lot to locally checkout a PR quickly, and then rebase/squash with my own signature.
Thanks to Levi Morrison and Nikita for the very quick response. > > On Mon, 29 Mar 2021, 03:30 Rasmus Lerdorf, <ras...@lerdorf.com> wrote: > > > On Sun, Mar 28, 2021 at 17:15 Sara Golemon <poll...@php.net> wrote: > > > > > On Sun, Mar 28, 2021 at 6:57 PM Paul Crovella <paul.crove...@gmail.com> > > > wrote: > > > > > >> You might consider requiring commits be signed while you're at it. > > >> > > >> > > > I suggested this as well, and even if we don't require it, we should > > > STRONGLY encourage it. > > > > > > I've been signing my commits for several years now, it's not even that > > > hard. > > > > > I think for php-src commits we can require it. For doc and other repos we > > can make it optional for now until people are more comfortable with it. > > > > -Rasmus > > > > > > We can require Signed Commits for the main active branches on GitHub: > > https://docs.github.com/en/github/administering-a-repository/about-protected-branches#require-signed-commits > > > We can create rules that requires that for all active maintained version of > PHP. > > We can set that per repo, or in a organization level. > > - Gabriel Caruso -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
