re: ​Linus Torvalds takes a break from Linux VIEW POST

TOP OF THREAD FULL DISCUSSION
re: A number of months back, I'd gone through and added the following CoC to all or our company's projects I do work on: GitHub seems to recommend th...
 

GPG sign their commits? For what purpose? Be aware that I do understand what the whole GPG toolset can do and for what reason. I just don't see the point with signing commits, unless you are a large open source software project.

It will be more difficult to start contributing as a new member on the team = it will be longer until they start delivering value. It will be a constant annoyance to have to GPG sign your commits, unless you actually take the time to fully automate it, which by the sound of your post doesn't seem to be the case.

For what purpose?

Our customers want the appearance of traceability/non-repudiation.

It will be more difficult to start contributing as a new member on the team = it will be longer until they start delivering value.

It's literally a five-minute setup task.

It will be a constant annoyance to have to GPG sign your commits,

Have you ever actually taken the five minutes needed to set up git for commit-signing?? gpg-agent and similar tools make signing commits — whether you're a multiple-times-per hour or a "once at the end of the day" type of committer — pretty much transparent. Enter the key's password into the key-agent once during the session and that's it for the day.

code of conduct - report abuse