Here my scenario. Is there a way so that when you git commit, it will only commit into the branch if the GPG key used as been GPG signed by a specific person or organization or 3rd party.
What I’m trying to do is that you can only commit with a GPG key AND that GPG key has been signed by a 3rd party organization (like a company or person) so that you can’t just use any GPG key (specifically one that has been self generated).
Example. Albert has a GPG key. email@example.com has signed Albert’s GPG key. Albert commits code with GPG key. Since firstname.lastname@example.org is a whitelisted GPG sign (set via project?) on Albert’s GPG key, the commit goes through. George has a GPG key. No one has signed George’s GPG key or not on whitelisted GPG sign list. George tries to commit and it is rejected.