|
|
|
|
|
|
by giucal
3691 days ago
|
|
|
If a commit is signed, one can verify that the author is indeed who s/he claims to be. See https://git-scm.com/book/it/v2/Git-Tools-Signing-Your-Work. Some excerpt: Git is cryptographically secure, but it’s not foolproof. If you’re taking work from others on the internet and want to verify that commits are actually from a trusted source, Git has a few ways to sign and verify work using GPG. In Git 1.8.3 and later, “git merge” and “git pull” can be told to inspect and reject when merging a commit that does not carry a trusted GPG signature with the --verify-signatures command. |
|
|