[meta] Reworking the merge commit format #23833

Currently merge commits include the list of commits, the description and a list of ACKs. (exmaple merge: 887796a5ffcbafcd281b920f8d55fcb6e8347584)

I think it could make sense to also include:

• a list of stale ACKs and potentially non-code-review ACKs or NACKs. Obviously this has the issue that any of them might be stale, but it might make it easier to get a general idea of the support/opposition on a pull request.
• signatures for ACKs. The benefit will be that signatures are less likely to be "made up" (for example by GitHub or by someone who compromised a GitHub account). The problem is that practically no one signs ACKs and that signature formats are too verbose to include verbatim in the merge commit message. If there was a better way to include signatures, we could move toward a scheme where several reviewers contribute toward the merge commit similar to how the guix attestations are produced.

I wonder if incorporating something like https://opentimestamps.org/ could help cut down on verbosity wrt. ACK signatures. Or having some convention for including an abbreviated signature prefix (first n characters of the signature over ACK <hash>).

can also do out-of-band stuff (like with other git repos or anything really) and cross-reference

It would be interesting to explore creating the merge commit deterministically and allow reviewers to create detached signatures that can be combined into the final merge commit by the merge script.

Though, this will likely not work because the merge commit will change every time a commit is pushed to master. Also, while it is possible to attach an OTS attestation and a signature, I haven't checked if it is possible to attach multiple signatures.