<p><span class="h-card" translate="no"><a href="https://mastodon.opportunis.me/@olasd" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>olasd</span></a></span> <span class="h-card" translate="no"><a href="https://hachyderm.io/@joeyh" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>joeyh</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@alerque" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>alerque</span></a></span> I think the recommendation "sign your commits" is much easier to act upon than making the (more correct but also more complicated) recommendations that would be a lot more secure.</p><p>There is a risk of getting perfect getting in the way of better.</p>