[QGIS-Developer] Requiring signed commits?
Even Rouault
even.rouault at spatialys.com
Thu Jun 18 17:10:55 PDT 2026
Nyall,
I've some doubts at what you're talking about exactly, given that
looking at https://github.com/qgis/QGIS/commits/master/ , your own
commits don't appear to be signed ;-) Is that commits signed with a GPG
key
(https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)
that appear with the "Verified" green label ? Browsing recent commit
history, it seems only a minority of devs have that set up currently, so
we should allow for some grace period. I don't think that would be an
obstacle for regular contributors, but that might be more problematic
for drive-by contributors. I'm not aware of other projects in our close
surroundings that mandate that currently.
Do you have particular reasons for that ? To prevent identity theft?
Even
Le 19/06/2026 à 01:44, Nyall Dawson via QGIS-Developer a écrit :
> Hi list,
>
> Does anyone have any issues if I turn on this branch protection
> setting? Is there ANY valid reason someone isn't using signed commits
> today?
>
> Nyall
>
> _______________________________________________
> QGIS-Developer mailing list
> QGIS-Developer at lists.osgeo.org
> List info:https://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe:https://lists.osgeo.org/mailman/listinfo/qgis-developer
--
http://www.spatialys.com
My software is free, but my time generally not.
Middle finger at you AI companies whose bots are destroying the remains of the open Internet
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-developer/attachments/20260619/4726a7a9/attachment.htm>
More information about the QGIS-Developer
mailing list