From 1a65d123472a2464b4b30510bb11b88e927bd599 Mon Sep 17 00:00:00 2001
From: Rafael Gonzaga <rafael.nunu@hotmail.com>
Date: Tue, 18 Mar 2025 09:46:47 -0300
Subject: [PATCH 1/2] Update GOVERNANCE.md

Follow up https://github.com/nodejs/node/pull/57311#issuecomment-2715638330
---
 GOVERNANCE.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/GOVERNANCE.md b/GOVERNANCE.md
index bfe21ec..fb1eb61 100644
--- a/GOVERNANCE.md
+++ b/GOVERNANCE.md
@@ -159,6 +159,7 @@ After the nominee's first prepared release has been promoted, the new releaser m
 * Open a PR in [nodejs/release-keys](https://github.com/nodejs/release-keys) to add their GPG key via `./cli.sh add $KEY_ID`.
 * Open a PR in [nodejs/Release](https://github.com/nodejs/Release) to add themselves under the "Releasers team" heading via `ncu-team sync README.md`.
 * Add them to the `#nodejs-release-private` team on the OpenJS Slack.
+* Configure git to sign all commits inside the `node` folder: `git config commit.gpgsign true`.
 
 New releasers should wait at least 2 weeks after adding a GPG key to the
 nodejs/node README credentials before signing a release.

From 66ac3453d2a897144ba2df46885c33d30b978e55 Mon Sep 17 00:00:00 2001
From: Rafael Gonzaga <rafael.nunu@hotmail.com>
Date: Tue, 18 Mar 2025 11:19:49 -0300
Subject: [PATCH 2/2] Update GOVERNANCE.md

Co-authored-by: Antoine du Hamel <duhamelantoine1995@gmail.com>
---
 GOVERNANCE.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/GOVERNANCE.md b/GOVERNANCE.md
index fb1eb61..75612ea 100644
--- a/GOVERNANCE.md
+++ b/GOVERNANCE.md
@@ -159,7 +159,9 @@ After the nominee's first prepared release has been promoted, the new releaser m
 * Open a PR in [nodejs/release-keys](https://github.com/nodejs/release-keys) to add their GPG key via `./cli.sh add $KEY_ID`.
 * Open a PR in [nodejs/Release](https://github.com/nodejs/Release) to add themselves under the "Releasers team" heading via `ncu-team sync README.md`.
 * Add them to the `#nodejs-release-private` team on the OpenJS Slack.
-* Configure git to sign all commits inside the `node` folder: `git config commit.gpgsign true`.
+* Configure git to sign all backport commits and release commits with the GPG key used to
+  sign the releases. Consider signing all commits on your local clone, e.g. with the
+  following command: `git config commit.gpgsign true`.
 
 New releasers should wait at least 2 weeks after adding a GPG key to the
 nodejs/node README credentials before signing a release.