Use GPG to sign new commits and tags
Created by: Bisaloo
Some users may want to compile directly the github version of this addon for testing purposes.
I recommend signing your commits to prove users you indeed authored said change. It can be verified on github by looking for the
verified tag on the commit recap page.
It may sound like a bit extreme scenario where you would have your github account stolen but:
- it's an easy change for you given you already have a PGP key according to your testing page. All you have to do is add:
[user] signingkey = yourkeyID [commit] gpgsign = true
to you .gitconfig and then add your public key on github
- it's good practice for an extension targeted at privacy and security conscious users.