I’m curious to hear what the Lemmy programming community thinks of this!


  • The author argues against signing Git commits, stating that it adds unnecessary complexity to systems.
  • The author believes that signing commits perpetuates an engineering culture of blindly adopting complex tools.
  • The consequences of signing Git commits are likely to be subtle and not as dramatic as some may believe.

Archive link: https://archive.ph/vjDeK

  • Matt/D
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    2
    ·
    11 months ago

    Anyone can slap your name and email on a commit and pretend you wrote it

    • MajorHavoc
      link
      fedilink
      arrow-up
      1
      arrow-down
      3
      ·
      11 months ago

      On GitHub, the account that pushed the commit is already fairly evident.

      Commits pushed from my GitHub account are differentiated from commits that are not.

      I don’t want huge centralized Git infrastructure, but while we have it, signed commits are less compelling.

      And I’m not saying I love the current state of code authorship verification, either.