As a best practice for enhancing the security and integrity of our repository, I propose that we enable verified commits across all contributors. Verified commits help ensure that commits are actually made by the users they claim to be by using cryptographic signatures. This will provide additional confidence in the authenticity of the commit history, especially for sensitive or critical projects.
Tasks:
[ ] Require GPG/SSH signing for all commits.
[ ] Provide documentation or guidelines for contributors on how to set up GPG or SSH keys for verified commits.
[ ] Update the repository's contributing guidelines to reflect the new verified commit requirement.
[ ] Test the setup to ensure commits are correctly verified and any unauthorized commits are blocked.
Benefits:
Improved security by ensuring commit authorship is verified.
Compliance with industry best practices for open-source and web3 projects.
Increased transparency and traceability in the commit history.
Enable Verified Commits for Repository
Description:
As a best practice for enhancing the security and integrity of our repository, I propose that we enable verified commits across all contributors. Verified commits help ensure that commits are actually made by the users they claim to be by using cryptographic signatures. This will provide additional confidence in the authenticity of the commit history, especially for sensitive or critical projects.
Tasks:
Benefits:
Resources: