Sign all commits?

[bwildenhain]

Hi,

to verify authenticity of commits it would be nice to always have signatures and not to only rely on access protections to the repository and having the possibility to check whether forks don't have any hidden modifications. Currently https://github.com/opf/openproject-docker-compose/commits/stable/17/ shows only around half the commits being signed.

https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule explains how branches could be configured to enforce signing commits.