DCO check ensures that DCO is signed with an email address that matches the commit author.
Is it possible to enforce that all commits are signed with 1) a valid email 2) an email that belongs to the GitHub account that is making the PR (vs. just matching the author)?
For example, I'd like the DCO check to fail if someone signs with anything other than any of the verified e-mails on GitHub. In https://github.com/opensearch-project/.github/pull/126 I made a PR as Bill Gates, and it passed DCO, which is not desirable.
DCO check ensures that DCO is signed with an email address that matches the commit author.
Is it possible to enforce that all commits are signed with 1) a valid email 2) an email that belongs to the GitHub account that is making the PR (vs. just matching the author)?
For example, I'd like the DCO check to fail if someone signs with anything other than any of the verified e-mails on GitHub. In https://github.com/opensearch-project/.github/pull/126 I made a PR as Bill Gates, and it passed DCO, which is not desirable.