JuliaGeometricAlgebra / GeometricAlgebra.jl

Geometric Algebra library for Julia
MIT License
1 stars 1 forks source link

Proposal. Add GPG signing to TagBot GitHub Actions workflow. #5

Open ktchu opened 2 years ago

ktchu commented 2 years ago

It is possible to configure the TagBot GitHub Actions workflow to sign its commits using a GPG key. This makes the release commits show as "Verified" in GitHub, which helps lend a little bit of credibility to the project by indicating that the release commits are legitimate (especially since they will be generated by a bot once the package is registered with the General registry).

Aside. If we individually set up GPG keys, then I believe our individual commits to the repository would also appear as "Verified". I have not tried this out, so I'm not sure how to set this up yet.

serenity4 commented 2 years ago

I didn't know about this, it sounds nice to have indeed. As for #6, feel free to make the required changes once you have been granted access over the relevant settings.