Proposal: Enforce Commit Identity Consistency #202
Description
In recent pre-release wrap-up, we discovered that new contributors were not being counted by the statistics. For example, in #201, we noticed this was caused by inconsistencies between the GitHub user who submitted the pull request and the commit metadata. For instance, the PR was authored by x1a0b0, but the commit showed Author: zengxiaobo and Signed-off-by: x1a0b0 <xbtseng@gmail.com>. This mismatch often occurs when the local Git configuration (user.name and user.email) doesn't align with the contributor’s GitHub account, or when a maintainer merges or rebases the commit without preserving the original author.
While these issues are usually harmless, they make it harder to trace contributions and verify provenance. Ideally, such inconsistencies should be automatically detected before merging into main.
To address this, we suggest adopting the tools like DCO, commitlint, Verified Github Author Action, which help automatically verify that each commit includes a valid Signed-off-by line and that it matches the commit author, helping catch these issues early. This lightweight, widely adopted tool integrates easily with our existing pull request workflow.
We welcome anyone interested in helping implement this to contribute. The setup is straightforward, and we’d also benefit from a small update to the CONTRIBUTING section of our README.md to document the signing requirement (git commit -s). Please let us know if you’d like to take this on or collaborate on the integration.