Open
Description
This is a fantastic project, and I've already added my signature. However, before I signed, I had to check to ensure I was using the correct commit SHA. Currently, the signatory signs the previous SHA in a chain.
That's a good idea, but being who we are, we should strive for a better and more easily manageable solution for signing. Would it be too much trouble if we had specific releases, like semantic versioning, and we could tie our signature to that particular commit SHA instead of the last one? Contributor Covenant has versioning, and they seem to be doing okay.
This would also make it easier for people to upgrade or downgrade their signatures to ensure that they agree with the things they want to agree to.
Metadata
Metadata
Assignees
Labels
No labels