Yeah I get that. I have many private repos where I have commit signing off. On the public ones it's mandatory, simply because ownership is a must - it's more a precaution  / nonrepudiation thing. 

I self-host for private, but not public repos. Wouldn't recommend self-hosting public repos either, because it mostly just means more attack surface to worry about.

optimism

No, we've been pretty low profile, and most of the repos are private... but with the open stuff like Pub and Wallet gaining traction and handling more and more funds I need to implement vigilance signatures.

Was pretty burnt already when this happened. Been a long stretch trying to tie a bunch of big (and critical) features out the door on top of bug fighting... so taking a few days to live in the meatspace a bit and will come back at it with fresh eyes.

The github outage yesterday really sent me into a spin, for a moment thought we were under attack again. Trying to avoid the temptation to self-host git and actions runners altogether.

I Effed around and Found out about Openclaw so You Don't Have to

billytheked

No, we've been pretty low profile, and most of the repos are private... but with the open stuff like Pub and Wallet gaining traction and handling more and more funds I need to implement vigilance signatures. 

Was pretty burnt already when this happened. Been a long stretch trying to tie a bunch of big (and critical) features out the door on top of bug fighting... so taking a few days to live in the meatspace a bit and will come back at it with fresh eyes.

The github outage yesterday really sent me into a spin, for a moment thought we were under attack again. Trying to avoid the temptation to self-host git and actions runners altogether.