top | item 11653367

(no title)

giucal | 9 years ago

If a commit is signed, one can verify that the author is indeed who s/he claims to be. See https://git-scm.com/book/it/v2/Git-Tools-Signing-Your-Work.

Some excerpt:

Git is cryptographically secure, but it’s not foolproof. If you’re taking work from others on the internet and want to verify that commits are actually from a trusted source, Git has a few ways to sign and verify work using GPG.

In Git 1.8.3 and later, “git merge” and “git pull” can be told to inspect and reject when merging a commit that does not carry a trusted GPG signature with the --verify-signatures command.

discuss

No comments yet.