Unsigned Commits
(blog.glyph.im)
from stsp to versioncontrol on 25 Jan 2024 10:47
https://azorius.net/g/versioncontrol/p/gT8Y4K5d7QbVY22qDW-Unsigned-Commits
from stsp to versioncontrol on 25 Jan 2024 10:47
https://azorius.net/g/versioncontrol/p/gT8Y4K5d7QbVY22qDW-Unsigned-Commits
I am going to tell you why I don’t think you should sign your Git commits, even though doing so with SSH keys is now easier than ever. But first, to contextualize my objection, I have a brief hypothetical for you, and then a bit of history from the evolution of security on the web.
threaded - newest