[pilif]

They have something under Settings > SSH and GPG keys where you can enable Vigilant mode.

While that still allows pushing unsigned commits, it will flag them with a warning batch.

I had this on for a while, but unfortunately as some open source projects tend to rebase commits before pushing them, this was causing warnings to be shown (as the rebase breaks my signature), so I turned it off again as to not scare people when looking at the commit history of a project and seeing warnings after my contributions were merged in.

[stevelacy]

Good to know, I was not aware. The squash/rebase issue is definitely problematic, though a tree of signatures could be appended to each commit. Now... this does break how commits are currently signed.

[eurasiantiger]

Would this be a problem if commits were stored in a blockchain? Rebase would effectively fork the chain.

[pilif]

a git repo is practically a blockchain. Fixing this will require how git treats signatures, but no additional parallel architecture needs to be created.