Hacker News new | ask | show | jobs
by echohack5 1375 days ago
> If you trust github then you can use them as a key broker like the "User SSH Keys from GitHub" section suggests, if all of your committers are github users.

Additionally you can enable "Vigilant Mode" to make it obvious when commits are untrusted.

https://github.blog/changelog/2021-04-28-flag-unsigned-commi...