Hacker News new | ask | show | jobs
by iamtew 2935 days ago
You could just GPG sign your commits, then you can know for sure where the commit is coming from.
1 comments
zaarn 2935 days ago
Anyone can create a GPG key and start signing commits.

GPG does not solve identity, it requires additional networking (like WoT or TOFU) before it can begin to function as an identity tool.

link