I’m not going to cryptographically sign my git commits, and you shouldn’t either.

I’m curious to hear what the Lemmy programming community thinks of this!

  • The author argues against signing Git commits, stating that it adds unnecessary complexity to systems.
  • The author believes that signing commits perpetuates an engineering culture of blindly adopting complex tools.
  • The consequences of signing Git commits are likely to be subtle and not as dramatic as some may believe.

Archive link: https://archive.ph/vjDeK

  • Eager EagleEnglish
    25 months ago

    I just like seeing the green badge.

    I wouldn’t expect or ask others to do it in normal circumstances. FWIW, there might be a (marginal) advantage of using it though:

    Here’s the only one that might convince me to start signing commits someday. The high level issue is that the author of a commit is whoever shows up in the Author: field, which can be any random string. GItHub manages permissions on a repo using a GitHub account, which may or may not use the same email addresses in a commit. Anyone can push commits to their own repositories with anyone else’s email address.

    src