Skip to content

Latest commit

 

History

History
25 lines (19 loc) · 702 Bytes

File metadata and controls

25 lines (19 loc) · 702 Bytes
id DEV-310
title Sign Every Commit
status active
enforcement automated
severity error

Problem

An unsigned commit cannot be verified as authored by the contributor. A PR carrying unsigned commits fails the requirements and cannot be trusted for attribution.

Solution

Sign every commit. Signing with an SSH key is recommended; ensure your Git version supports SSH signature verification (Git 2.34 or later).

Acceptance Criteria

  • Every commit in the PR is signed
  • Each commit shows as verified on GitHub