What is the interest to sign commit -S -m in git?

1 points by aurelien ↗ HN
Hello Hackers! I have recently view that we can use -S to sign with our keys on git (maybe not all but works on github) and would like to know what is the interest of doing that, anyone can explain please?

2 comments

[ 21.2 ms ] story [ 363 ms ] thread
(comment deleted)
If a commit is signed, one can verify that the author is indeed who s/he claims to be. See https://git-scm.com/book/it/v2/Git-Tools-Signing-Your-Work.

Some excerpt:

Git is cryptographically secure, but it’s not foolproof. If you’re taking work from others on the internet and want to verify that commits are actually from a trusted source, Git has a few ways to sign and verify work using GPG.

In Git 1.8.3 and later, “git merge” and “git pull” can be told to inspect and reject when merging a commit that does not carry a trusted GPG signature with the --verify-signatures command.