Requirements

Commit Signatures

All commits to the project must be signed with a valid GPG/PGP or S/MIME secret key. You can use GNU Privacy Guard or a similar tool to generate a signing key if you do not already have one. And, you can likewise use such a tool to sign your commits. Github has a good guide on the following topics:

• Commit Signature Verification

• GPG Key Generation

• GPG Key Registration on Github

• Git Client Configuration for Commit Signatures

If you do not wish to expose a personal email address in association with a signing key, you can use the no-reply email address associated with your Github account instead.

In addition to registering the signature verification public key, which corresponds to your secret signing key, with Github, you may also publish the signature verification public key to well-known public key servers, such as:

• MIT PGP Keyserver

• Ubuntu Keyserver