On Mon, Nov 13, 2023 at 6:46 PM Alejandro Colomar <alx@xxxxxxxxxx> wrote: > Hi, > > I'd like to ask contributors to sign their emails to this list with a > PGP key; especially for mails that include patches, but ideally all of > them. Of course, it's a suggestion, and there wouldn't be any > enforcement other than asking. What do you think of that? > > I've prepared some text for ./CONTRIBUTING; please review. It also > depends on mutt(1) maintainers, if they want to patch mutt(1) to allow > crypto operations in batch and mailx modes. > > Thanks, > Alex > > --- > > commit f7ba049d975a4b323c8086b2fc859687e4fc1d4e (HEAD -> sign) > Author: Alejandro Colomar <alx@xxxxxxxxxx> > Date: Fri Nov 10 01:10:00 2023 +0100 > > CONTRIBUTING: Please sign your emails with PGP > > Signed-off-by: Alejandro Colomar <alx@xxxxxxxxxx> > > diff --git a/CONTRIBUTING b/CONTRIBUTING > index 475244c13..204e04fb3 100644 > --- a/CONTRIBUTING > +++ b/CONTRIBUTING > @@ -56,6 +56,29 @@ Description > > help > > + Sign your emails with PGP > + Please sign all of your emails sent to the mailing list, > + including your emails containing patches, with your PGP > + key. This helps establish trust between you and other > + contributors of this project, and prevent others > + impersonating you. If this is meant to be a suggestion rather than an obligation, then I'd prefer if it had an explicit statement to the effect that it is (strongly?) encouraged but not mandatory. If I were reading CONTRIBUTING for the first time, I'd be inclined to read the bare imperative "Please sign all of your emails" as a hard requirement, and be scared off on account of not even having a PGP key. Thank you, Matthew House
