What is the interest to sign commit -S -m in git?
Hello Hackers!
I have recently view that we can use -S to sign with our keys on git (maybe not all but works on github) and would like to know what is the interest of doing that, anyone can explain please?
2 comments
[ 21.2 ms ] story [ 363 ms ] threadSome excerpt:
Git is cryptographically secure, but it’s not foolproof. If you’re taking work from others on the internet and want to verify that commits are actually from a trusted source, Git has a few ways to sign and verify work using GPG.
In Git 1.8.3 and later, “git merge” and “git pull” can be told to inspect and reject when merging a commit that does not carry a trusted GPG signature with the --verify-signatures command.