Open emanuelb opened 3 years ago
What's the need to sign every commit ? Especially when most of them comes from the dev team contracted to work on the project.
you can read about this topic at (for better understanding): https://mikegerwitz.com/2012/05/a-git-horror-story-repository-integrity-with-signed-commits https://www.qubes-os.org/security/verifying-signatures/#how-to-verify-qubes-repos https://anarc.at/blog/2020-03-17-git-gpg-verification/
FROM CONTRIBUTING.md
add
-S
to above commands, in order to apply signing, see issue #237