From c92d624632102ba322a2bfebf04b55a915a933cf Mon Sep 17 00:00:00 2001
From: Vadim <1125014+zolotokrylin@users.noreply.github.com>
Date: Fri, 26 Apr 2024 09:17:39 +0800
Subject: [PATCH] docs: enforce signature of the commits (security) (#6)

* docs: read information about Github commit signature

* Update CONTRIBUTING.md

---------

Co-authored-by: Angelica Willianto <78342026+angelicawill@users.noreply.github.com>
---
 .github/CONTRIBUTING.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md
index 255ab1f..5c7b2bb 100644
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@@ -54,6 +54,15 @@ All PRs, whether for source code, design or copy changes, must comply with our P
 > [!WARNING]
 > PRs that do not correspond to the following criteria are usually rejected.
 
+## Commit Signature Verification
+
+For the security and integrity of our project, we require all contributors to sign their commits.  
+For detailed instructions on why and how to sign your commits refer to [GitHub's documentation on commit signature verification](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification).
+
+> [!Note]
+> We recommend signing commits using an [SSH key](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification#ssh-commit-signature-verification). Ensure your Git version supports SSH signature verification (Git 2.34 or later).
+
+
 ## Scoping
 
 > [!NOTE]