[QGIS-Developer] Requiring signed commits?
Nyall Dawson
nyall.dawson at gmail.com
Wed Jun 24 22:59:48 PDT 2026
On Fri, 19 Jun 2026 at 10:10, Even Rouault <even.rouault at spatialys.com>
wrote:
>
> Nyall,
>
> I've some doubts at what you're talking about exactly, given that looking
at https://github.com/qgis/QGIS/commits/master/ , your own commits don't
appear to be signed ;-)
Heh... I definitely did set this up once[1]... guess I forgot to do it
again when reconfiguring things at one stage.
> Is that commits signed with a GPG key (
https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)
that appear with the "Verified" green label ? Browsing recent commit
history, it seems only a minority of devs have that set up currently, so we
should allow for some grace period. I don't think that would be an obstacle
for regular contributors, but that might be more problematic for drive-by
contributors. I'm not aware of other projects in our close surroundings
that mandate that currently.
> Do you have particular reasons for that ? To prevent identity theft?
Basically to start locking down our repo. I think it's a relatively small
step that would help establish more trust in our development process,
especially by big business.
Nyall
[1] From back when that guy was promising to make us all rich by converting
signed github commits into some crypto coin 🤣
>
>
> Even
>
> Le 19/06/2026 à 01:44, Nyall Dawson via QGIS-Developer a écrit :
>
> Hi list,
>
> Does anyone have any issues if I turn on this branch protection setting?
Is there ANY valid reason someone isn't using signed commits today?
>
> Nyall
>
> _______________________________________________
> QGIS-Developer mailing list
> QGIS-Developer at lists.osgeo.org
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>
> --
> http://www.spatialys.com
> My software is free, but my time generally not.
> Middle finger at you AI companies whose bots are destroying the remains
of the open Internet
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-developer/attachments/20260625/7d55c404/attachment.htm>
More information about the QGIS-Developer
mailing list