 |
Why Sign Commits? |
|
|
|
Monday, August 1, 2022 ยท 3 minute read |
|
|
|
Why Sign Commits? Why should you sign your commits? |
|
Preface I recently read this article [0] by Alessandro Segala about why I |
|
Identify Theft Identify theft is not a joke [1]. |
|
The FTC in their 2021 edition of the CSN Annual Data Book [2] reported that |
|
This article focusses around git [3] and online version control systems (VCS |
|
It is not only possible, but increadibly easy to sign a commit under a diffe |
|
The Dangers of Developer Identity Theft The biggest threat to a developer wh |
|
A malicious attacker who signs off on infected, poorly written, or malformed |
|
A malicious attacker could publish commits that actively ruin existing featu |
|
Benefits of Signing To combat this, git allows for individuals to sign their |
|
This allows for a number of benefits: |
|
Commits in the git history that are signed have metadata attached to them s |
|
Setting up signed commits was trivial, and there were plenty of guides [0] [ |
|
I strongly encourage all developers to sign their commits in order to improv |
|
Citations |
|
|
 |
0. https://withblue.ink/2020/05/17/how-and-why-to-sign-git-commits.html |
|
|
|
1. https://tinyurl.com/yjbxpajr |
|
|
|
2. https://www.ftc.gov/system/files/ftc_gov/pdf/CSN%20Annual%20Data%20Book%2020… |
|
|
|
3. https://git-scm.com |
|
|
|
4. https://huggingface.co/docs/hub/security-gpg |
|
|
|
5. https://docs.github.com/en/authentication/managing-commit-signature-verifica… |
|
|
|
____________________________________________________________________________ |
|
Gophered by Gophernicus/3.0.1 on Ubuntu/22.04 x86_64 |
