Hi! I agree that the arguments put forward in https://diziet.dreamwidth.org/515.html make sense, but please consider that the exact same arguments can be used to justify that signing commits on the pristine-tar branch is for now fine, as there is no system in place to replace it with signed pushes to salsa.debian.org, nor are people publishing "draft" versions of pristine-tar but 99% of the time it is real and final imports of upstream releases.
Signing commits will clearly improve the current situation where salsa.debian.org hosts a bunch or pristine-tar branches that have no signatures whatsoever nor do their commit ids fold into any other branch that would have signatures. Also note that Tomasz already implemented https://salsa.debian.org/debian/pristine-tar/commit/2d3495360059cde9ae58a9130d7eafae48bc6c4a, it just got forgotten on the branch 'master-tmp'. I guess he could rewrite it to sign git tags and tag every single commit on the pristine-tar branch, but the practical difference to signing the commits isn't big.
