This is a general issue to request two specific changes to how development is done:
Better commit messages - This will help third-party auditors and collaborators better understand what change a commit is making. Currently, releases (tags) have great comments. But the individual commits have one-line comments that don't describe what change went into them.
Signed commits - Cryptographically signing the commits makes it way easier to trust the commits and changes made for all users, but specifically people worried about supply-chain security. It will also be easier to convince organisations to use the device as compliance checklists usually have SBOM / Supply chain mitigations as non-negotiable points. These days, it's fairly easy and straightforward to sign commits using tools like sigstore
This is a general issue to request two specific changes to how development is done: