With the increasing prevalence of inserting malicious code into commonly-used open source projects on the rise, it might be time to enforce commit signing for your open source project. This prevents someone from spoofing your identity on commits they make. If it’s not signed with your key, then it’s not verified and the UI will show this.
