Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:123055 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by qa.php.net (Postfix) with ESMTPS id 71CD81A009C for ; Tue, 9 Apr 2024 11:02:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1712660610; bh=jBX2Rc2GnsgxrtrC/peIjZgp5wE4TvPiX1h4bXeSDRs=; h=Date:From:To:Subject:In-Reply-To:References:From; b=Ib/UoEfyxxSz8phqyv8PjY0SBMD0QlKcYT0VusLyr4LC3BHhc/kwTLESeRGn11xWf +n0rA15IDsjtegsrO7EFkgFmk7Xk/meDEH20hdoGjpm82EAxN6N4m1ORYUpB+ZinbE iy6F2Cv8myu3aXqohlNWMvvIqQAuEFNBrvrk6Wzg0QBq1TgCkOW7ncK8jUZ21Fsexk Zp0mJd6qDWbCj3yDaANFDz+jg4pZeFEHQNO3fN2kazHleHLBr2trW2pDiuxDhs6KEU S4dd3FrA9QMUdhGLAbasw4Ij66/M/yURGEpXd7UU1SGuZVC8BZqKCuUk4005a0Ektr 1onp+vC97O0pQ== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 825DF180209 for ; Tue, 9 Apr 2024 11:03:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net X-Spam-Level: *** X-Spam-Status: No, score=3.6 required=5.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_MISSING,SPF_HELO_PASS, SPF_SOFTFAIL,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=4.0.0 X-Spam-Virus: No X-Envelope-From: Received: from xdebug.org (xdebug.org [82.113.146.227]) by php-smtp4.php.net (Postfix) with ESMTP for ; Tue, 9 Apr 2024 11:03:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1712660573; bh=jBX2Rc2GnsgxrtrC/peIjZgp5wE4TvPiX1h4bXeSDRs=; h=Date:From:To:Subject:In-Reply-To:References:From; b=dVSMdxJpDoLFObVdfOUxHx2xBjVcPZjm56+EdQL6qEbRQTwfpx8LLvIHLIHgAwDxq CFD3/t5ws1wsg9VSto4z/ZfSHpGZv1ODKOYhoB6XvxPr8lF+jMGDFGRyHoyDT4f19v y4FcPIq8Yj4cb3PTGIEsJErZt73hWdGbJtpaabK1eYmDCPehvZH6OMJ/m2HlDfgISr sakzfh0E+zyHIWmFTJISprzoqT7WhOdIIF6udtuSaMl820CFWrvzQpYyNrZ2Rw/ohR TKVGJ1RKzZuq+f7zMpnwgvWi9glE2v0DDb3T6FuKEDdFF/zyF7yZpEAGJS96TiAdpN XqDjACmHr9C8w== Received: from localhost (localhost [IPv6:::1]) by xdebug.org (Postfix) with ESMTPS id BEC2610C051 for ; Tue, 09 Apr 2024 12:02:53 +0100 (BST) Date: Tue, 9 Apr 2024 12:02:53 +0100 (BST) To: PHP Developers Mailing List Subject: Re: [PHP-DEV] Requiring GPG Commit Signing In-Reply-To: <3e988b3b-65b8-13d3-16cf-1296bfdd7ed2@php.net> Message-ID: <848f7e51-b987-93d0-f900-5f09302ebd12@php.net> References: <3e988b3b-65b8-13d3-16cf-1296bfdd7ed2@php.net> Precedence: bulk list-help: list-post: List-Id: internals.lists.php.net MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII From: derick@php.net (Derick Rethans) On Tue, 2 Apr 2024, Derick Rethans wrote: > What do y'all think about requiring GPG signed commits for the php-src > repository? > > I had a look, and this is also something we can enforce through GitHub > as well (by using branch protections). It seems that most of the reply to this was positive, although with the realisation that it wouldn't be a panacea. I will therefore propose a minimalistic RFC to create this requirement to sign commits to all branches, in the next few days. I probably would have prefered requiring *GPG* signing (due to a web of trust), but GitHub's requirement isn't that granuar (it's either SSG+GPG, or nothing). Any other opinions, I'd be delighted to hear them. cheers, Derick -- https://derickrethans.nl | https://xdebug.org | https://dram.io Author of Xdebug. Like it? Consider supporting me: https://xdebug.org/support mastodon: @derickr@phpc.social @xdebug@phpc.social