[bpfrh]

The last point can be mitigated by a hardware based security key(nitrokey,yubikey,etc).

Key would then by not on your device so extraction would be difficult or impossible.

You would need to touch the key to grant the sign request which would prevent any signing without you noticing.

[ilammy]

It's more about the slippery slope of security vs convenience.

I do git rebase -i often. Do I want to touch my yubikey exactly 37 times for the 37 commits amended, or do I want to touch it once and just trust the software for the next N seconds to sign only these commits and not anything else?

Now, if I'm the verifier, do I trust the signer to do it properly? Or the half their commits are actually made by their cat and automatically signed?

Signing a tag is a relatively rare and very deliberate action. A more secure approach is less likely to impact convenience, reducing the chance of compromising security because it was inconvenient.

[tiziano88]

I think that's precisely the point. You wouldn't want to touch your security key every time you commit anything. Given the (intentional) high friction, it's probably best left for operations that are high value, such as tags or releases