Blokje5
commented
2 years ago Sadly, git verify-commit only works if you have the public key of the developer stored. Until we have such a mechanism, I will close this and we just have to verify in the PR.
We should validate whether everyone (including ourselves) signs their commits in accordance with our contributing guide. We can easily add a validation step to the Github actions to check for signed commits.
Additionally we should probably favour rebasing + merging over squashing, to ensure we do not lose the signed commits. We can add that info as a section to the contributing guide.