Unsigned Commits (blog.glyph.im)
from stsp to versioncontrol on 25 Jan 10:47
https://azorius.net/g/versioncontrol/p/gT8Y4K5d7QbVY22qDW-Unsigned-Commits

I am going to tell you why I don’t think you should sign your Git commits, even though doing so with SSH keys is now easier than ever. But first, to contextualize my objection, I have a brief hypothetical for you, and then a bit of history from the evolution of security on the web.

#cryptography #git #versioncontrol #web