It seems to me, the tool only checks for git trailer but anybody can insert any commit message if not signed using GPG.
In current situation when someone pushes the commit without Signed-off-by trailer, the maintainer can rewrite the commit messge so it contains expected value without consent of original author.
It seems to me, the tool only checks for git trailer but anybody can insert any commit message if not signed using GPG.
In current situation when someone pushes the commit without
Signed-off-bytrailer, the maintainer can rewrite the commit messge so it contains expected value without consent of original author.