|
|
|
|
|
|
by C4K3
2781 days ago
|
|
|
In the given scenario, the author signs tags and not commits. So the malicious commit wouldn't be signed at all because no commits are signed, and therefore nothing would look out of place. The article is arguing that only signing tags is insufficient, and that you should sign every commit individually to prevent this scenario. |
|
|