top | item 17253469 (no title) iamtew | 7 years ago You could just GPG sign your commits, then you can know for sure where the commit is coming from. discuss order hn newest zaarn|7 years ago Anyone can create a GPG key and start signing commits.GPG does not solve identity, it requires additional networking (like WoT or TOFU) before it can begin to function as an identity tool.
zaarn|7 years ago Anyone can create a GPG key and start signing commits.GPG does not solve identity, it requires additional networking (like WoT or TOFU) before it can begin to function as an identity tool.
zaarn|7 years ago
GPG does not solve identity, it requires additional networking (like WoT or TOFU) before it can begin to function as an identity tool.